Re-authorize master_key to access to all routes

This commit is contained in:
ManyTheFish 2022-06-01 11:47:44 +02:00
parent 1816db8c1f
commit b2e2dc8558
2 changed files with 3 additions and 30 deletions

View File

@ -177,7 +177,7 @@ pub mod policies {
// if master key is None only keys routes are inaccessible.
if auth
.get_master_key()
.map_or_else(|| !is_keys_action(A), |mk| mk == token && is_keys_action(A))
.map_or_else(|| !is_keys_action(A), |mk| mk == token)
{
return Some(AuthFilter::default());
}

View File

@ -188,41 +188,14 @@ async fn error_access_unauthorized_action() {
}
}
#[actix_rt::test]
#[cfg_attr(target_os = "windows", ignore)]
async fn error_access_master_key() {
let mut server = Server::new_auth().await;
server.use_api_key("MASTER_KEY");
// master key must only have access to /keys
for ((method, route), _) in AUTHORIZATIONS
.iter()
.filter(|(_, action)| action.iter().all(|a| !a.starts_with("keys.")))
{
let (response, code) = server.dummy_request(method, route).await;
assert_eq!(
response,
INVALID_RESPONSE.clone(),
"on route: {:?} - {:?}",
method,
route
);
assert_eq!(403, code, "{:?}", &response);
}
}
#[actix_rt::test]
#[cfg_attr(target_os = "windows", ignore)]
async fn access_authorized_master_key() {
let mut server = Server::new_auth().await;
server.use_api_key("MASTER_KEY");
// master key must only have access to /keys
for ((method, route), _) in AUTHORIZATIONS
.iter()
.filter(|(_, action)| action.iter().any(|a| a.starts_with("keys.")))
{
// master key must have access to all routes.
for ((method, route), _) in AUTHORIZATIONS.iter() {
let (response, code) = server.dummy_request(method, route).await;
assert_ne!(