mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-06-06 12:57:48 +02:00
Update tests to fit to the new requirements
This commit is contained in:
ManyTheFish
parent
d6dd234914
commit
e2c204cf86
File diff suppressed because it is too large
Load Diff
|
|
@ -46,6 +46,11 @@ pub static AUTHORIZATIONS: Lazy<HashMap<(&'static str, &'static str), HashSet<&'
|
||||||
("GET", "/stats") => hashset!{"stats.get", "*"},
|
("GET", "/stats") => hashset!{"stats.get", "*"},
|
||||||
("POST", "/dumps") => hashset!{"dumps.create", "*"},
|
("POST", "/dumps") => hashset!{"dumps.create", "*"},
|
||||||
("GET", "/version") => hashset!{"version", "*"},
|
("GET", "/version") => hashset!{"version", "*"},
|
||||||
|
("PATCH", "/keys/mykey/") => hashset!{"keys.update", "*"},
|
||||||
|
("GET", "/keys/mykey/") => hashset!{"keys.get", "*"},
|
||||||
|
("DELETE", "/keys/mykey/") => hashset!{"keys.delete", "*"},
|
||||||
|
("POST", "/keys") => hashset!{"keys.create", "*"},
|
||||||
|
("GET", "/keys") => hashset!{"keys.get", "*"},
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -80,7 +85,7 @@ async fn error_access_expired_key() {
|
||||||
});
|
});
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
|
@ -92,8 +97,14 @@ async fn error_access_expired_key() {
|
||||||
for (method, route) in AUTHORIZATIONS.keys() {
|
for (method, route) in AUTHORIZATIONS.keys() {
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_eq!(response, INVALID_RESPONSE.clone());
|
assert_eq!(
|
||||||
assert_eq!(code, 403);
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?}",
|
||||||
|
method,
|
||||||
|
route
|
||||||
|
);
|
||||||
|
assert_eq!(403, code, "{:?}", &response);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -110,7 +121,7 @@ async fn error_access_unauthorized_index() {
|
||||||
});
|
});
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
|
@ -123,8 +134,14 @@ async fn error_access_unauthorized_index() {
|
||||||
{
|
{
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_eq!(response, INVALID_RESPONSE.clone());
|
assert_eq!(
|
||||||
assert_eq!(code, 403);
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?}",
|
||||||
|
method,
|
||||||
|
route
|
||||||
|
);
|
||||||
|
assert_eq!(403, code, "{:?}", &response);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -141,7 +158,7 @@ async fn error_access_unauthorized_action() {
|
||||||
});
|
});
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
|
@ -154,14 +171,68 @@ async fn error_access_unauthorized_action() {
|
||||||
let content = json!({
|
let content = json!({
|
||||||
"actions": ALL_ACTIONS.difference(action).collect::<Vec<_>>(),
|
"actions": ALL_ACTIONS.difference(action).collect::<Vec<_>>(),
|
||||||
});
|
});
|
||||||
let (_, code) = server.patch_api_key(&key, content).await;
|
let (response, code) = server.patch_api_key(&key, content).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_eq!(response, INVALID_RESPONSE.clone());
|
assert_eq!(
|
||||||
assert_eq!(code, 403);
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?}",
|
||||||
|
method,
|
||||||
|
route
|
||||||
|
);
|
||||||
|
assert_eq!(403, code, "{:?}", &response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[actix_rt::test]
|
||||||
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
|
async fn error_access_master_key() {
|
||||||
|
let mut server = Server::new_auth().await;
|
||||||
|
server.use_api_key("MASTER_KEY");
|
||||||
|
|
||||||
|
// master key must only have access to /keys
|
||||||
|
for ((method, route), _) in AUTHORIZATIONS
|
||||||
|
.iter()
|
||||||
|
.filter(|(_, action)| action.iter().all(|a| !a.starts_with("keys.")))
|
||||||
|
{
|
||||||
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
|
assert_eq!(
|
||||||
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?}",
|
||||||
|
method,
|
||||||
|
route
|
||||||
|
);
|
||||||
|
assert_eq!(403, code, "{:?}", &response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[actix_rt::test]
|
||||||
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
|
async fn access_authorized_master_key() {
|
||||||
|
let mut server = Server::new_auth().await;
|
||||||
|
server.use_api_key("MASTER_KEY");
|
||||||
|
|
||||||
|
// master key must only have access to /keys
|
||||||
|
for ((method, route), _) in AUTHORIZATIONS
|
||||||
|
.iter()
|
||||||
|
.filter(|(_, action)| action.iter().any(|a| a.starts_with("keys.")))
|
||||||
|
{
|
||||||
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
|
assert_ne!(
|
||||||
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?}",
|
||||||
|
method,
|
||||||
|
route
|
||||||
|
);
|
||||||
|
assert_ne!(code, 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -169,36 +240,34 @@ async fn error_access_unauthorized_action() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn access_authorized_restricted_index() {
|
async fn access_authorized_restricted_index() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
|
||||||
|
|
||||||
let content = json!({
|
|
||||||
"indexes": ["products"],
|
|
||||||
"actions": [],
|
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
|
||||||
});
|
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
|
||||||
assert_eq!(code, 201);
|
|
||||||
assert!(response["key"].is_string());
|
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
|
||||||
server.use_api_key(&key);
|
|
||||||
|
|
||||||
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
||||||
for action in actions {
|
for action in actions {
|
||||||
// Patch API key letting only the needed action.
|
// create a new API key letting only the needed action.
|
||||||
|
server.use_api_key("MASTER_KEY");
|
||||||
|
|
||||||
let content = json!({
|
let content = json!({
|
||||||
|
"indexes": ["products"],
|
||||||
"actions": [action],
|
"actions": [action],
|
||||||
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
|
|
||||||
server.use_api_key("MASTER_KEY");
|
let (response, code) = server.add_api_key(content).await;
|
||||||
let (_, code) = server.patch_api_key(&key, content).await;
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert_eq!(code, 200);
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
|
let key = response["key"].as_str().unwrap();
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_ne!(response, INVALID_RESPONSE.clone());
|
assert_ne!(
|
||||||
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?} with action: {:?}",
|
||||||
|
method,
|
||||||
|
route,
|
||||||
|
action
|
||||||
|
);
|
||||||
assert_ne!(code, 403);
|
assert_ne!(code, 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -208,36 +277,35 @@ async fn access_authorized_restricted_index() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn access_authorized_no_index_restriction() {
|
async fn access_authorized_no_index_restriction() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
|
||||||
|
|
||||||
let content = json!({
|
|
||||||
"indexes": ["*"],
|
|
||||||
"actions": [],
|
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
|
||||||
});
|
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
|
||||||
assert_eq!(code, 201);
|
|
||||||
assert!(response["key"].is_string());
|
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
|
||||||
server.use_api_key(&key);
|
|
||||||
|
|
||||||
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
||||||
for action in actions {
|
for action in actions {
|
||||||
|
// create a new API key letting only the needed action.
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_api_key("MASTER_KEY");
|
||||||
|
|
||||||
// Patch API key letting only the needed action.
|
|
||||||
let content = json!({
|
let content = json!({
|
||||||
|
"indexes": ["products"],
|
||||||
"actions": [action],
|
"actions": [action],
|
||||||
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (_, code) = server.patch_api_key(&key, content).await;
|
|
||||||
assert_eq!(code, 200);
|
|
||||||
|
|
||||||
|
let (response, code) = server.add_api_key(content).await;
|
||||||
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
|
let key = response["key"].as_str().unwrap();
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.dummy_request(method, route).await;
|
let (response, code) = server.dummy_request(method, route).await;
|
||||||
|
|
||||||
assert_ne!(response, INVALID_RESPONSE.clone());
|
assert_ne!(
|
||||||
|
response,
|
||||||
|
INVALID_RESPONSE.clone(),
|
||||||
|
"on route: {:?} - {:?} with action: {:?}",
|
||||||
|
method,
|
||||||
|
route,
|
||||||
|
action
|
||||||
|
);
|
||||||
assert_ne!(code, 403);
|
assert_ne!(code, 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -247,16 +315,16 @@ async fn access_authorized_no_index_restriction() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn access_authorized_stats_restricted_index() {
|
async fn access_authorized_stats_restricted_index() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on `products` index only.
|
// create key with access on `products` index only.
|
||||||
|
|
@ -266,7 +334,7 @@ async fn access_authorized_stats_restricted_index() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -274,7 +342,7 @@ async fn access_authorized_stats_restricted_index() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.stats().await;
|
let (response, code) = server.stats().await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
assert!(response["indexes"].get("products").is_some());
|
assert!(response["indexes"].get("products").is_some());
|
||||||
|
|
@ -287,16 +355,16 @@ async fn access_authorized_stats_restricted_index() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn access_authorized_stats_no_index_restriction() {
|
async fn access_authorized_stats_no_index_restriction() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on all indexes.
|
// create key with access on all indexes.
|
||||||
|
|
@ -306,7 +374,7 @@ async fn access_authorized_stats_no_index_restriction() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -314,7 +382,7 @@ async fn access_authorized_stats_no_index_restriction() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.stats().await;
|
let (response, code) = server.stats().await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
assert!(response["indexes"].get("products").is_some());
|
assert!(response["indexes"].get("products").is_some());
|
||||||
|
|
@ -327,16 +395,16 @@ async fn access_authorized_stats_no_index_restriction() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn list_authorized_indexes_restricted_index() {
|
async fn list_authorized_indexes_restricted_index() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on `products` index only.
|
// create key with access on `products` index only.
|
||||||
|
|
@ -346,7 +414,7 @@ async fn list_authorized_indexes_restricted_index() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -354,7 +422,7 @@ async fn list_authorized_indexes_restricted_index() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.list_indexes(None, None).await;
|
let (response, code) = server.list_indexes(None, None).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
let response = response["results"].as_array().unwrap();
|
let response = response["results"].as_array().unwrap();
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
|
|
@ -368,16 +436,16 @@ async fn list_authorized_indexes_restricted_index() {
|
||||||
#[cfg_attr(target_os = "windows", ignore)]
|
#[cfg_attr(target_os = "windows", ignore)]
|
||||||
async fn list_authorized_indexes_no_index_restriction() {
|
async fn list_authorized_indexes_no_index_restriction() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on all indexes.
|
// create key with access on all indexes.
|
||||||
|
|
@ -387,7 +455,7 @@ async fn list_authorized_indexes_no_index_restriction() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -395,7 +463,7 @@ async fn list_authorized_indexes_no_index_restriction() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.list_indexes(None, None).await;
|
let (response, code) = server.list_indexes(None, None).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
let response = response["results"].as_array().unwrap();
|
let response = response["results"].as_array().unwrap();
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
|
|
@ -408,16 +476,16 @@ async fn list_authorized_indexes_no_index_restriction() {
|
||||||
#[actix_rt::test]
|
#[actix_rt::test]
|
||||||
async fn list_authorized_tasks_restricted_index() {
|
async fn list_authorized_tasks_restricted_index() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on `products` index only.
|
// create key with access on `products` index only.
|
||||||
|
|
@ -427,7 +495,7 @@ async fn list_authorized_tasks_restricted_index() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -435,7 +503,7 @@ async fn list_authorized_tasks_restricted_index() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.service.get("/tasks").await;
|
let (response, code) = server.service.get("/tasks").await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
println!("{}", response);
|
println!("{}", response);
|
||||||
let response = response["results"].as_array().unwrap();
|
let response = response["results"].as_array().unwrap();
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
|
|
@ -448,16 +516,16 @@ async fn list_authorized_tasks_restricted_index() {
|
||||||
#[actix_rt::test]
|
#[actix_rt::test]
|
||||||
async fn list_authorized_tasks_no_index_restriction() {
|
async fn list_authorized_tasks_no_index_restriction() {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
|
|
||||||
// create index `test`
|
// create index `test`
|
||||||
let index = server.index("test");
|
let index = server.index("test");
|
||||||
let (_, code) = index.create(Some("id")).await;
|
let (response, code) = index.create(Some("id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
// create index `products`
|
// create index `products`
|
||||||
let index = server.index("products");
|
let index = server.index("products");
|
||||||
let (_, code) = index.create(Some("product_id")).await;
|
let (response, code) = index.create(Some("product_id")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
index.wait_task(0).await;
|
index.wait_task(0).await;
|
||||||
|
|
||||||
// create key with access on all indexes.
|
// create key with access on all indexes.
|
||||||
|
|
@ -467,7 +535,7 @@ async fn list_authorized_tasks_no_index_restriction() {
|
||||||
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
"expiresAt": (OffsetDateTime::now_utc() + Duration::hours(1)).format(&Rfc3339).unwrap(),
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -475,7 +543,7 @@ async fn list_authorized_tasks_no_index_restriction() {
|
||||||
server.use_api_key(&key);
|
server.use_api_key(&key);
|
||||||
|
|
||||||
let (response, code) = server.service.get("/tasks").await;
|
let (response, code) = server.service.get("/tasks").await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
|
|
||||||
let response = response["results"].as_array().unwrap();
|
let response = response["results"].as_array().unwrap();
|
||||||
// key should have access on `products` index.
|
// key should have access on `products` index.
|
||||||
|
|
@ -498,7 +566,7 @@ async fn error_creating_index_without_action() {
|
||||||
"expiresAt": "2050-11-13T00:00:00Z"
|
"expiresAt": "2050-11-13T00:00:00Z"
|
||||||
});
|
});
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -522,7 +590,7 @@ async fn error_creating_index_without_action() {
|
||||||
]);
|
]);
|
||||||
|
|
||||||
let (response, code) = index.add_documents(documents, None).await;
|
let (response, code) = index.add_documents(documents, None).await;
|
||||||
assert_eq!(code, 202, "{:?}", response);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
let response = index.wait_task(task_id).await;
|
let response = index.wait_task(task_id).await;
|
||||||
|
|
@ -533,7 +601,7 @@ async fn error_creating_index_without_action() {
|
||||||
let settings = json!({ "distinctAttribute": "test"});
|
let settings = json!({ "distinctAttribute": "test"});
|
||||||
|
|
||||||
let (response, code) = index.update_settings(settings).await;
|
let (response, code) = index.update_settings(settings).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
let response = index.wait_task(task_id).await;
|
let response = index.wait_task(task_id).await;
|
||||||
|
|
@ -543,7 +611,7 @@ async fn error_creating_index_without_action() {
|
||||||
|
|
||||||
// try to create a index via add specialized settings route
|
// try to create a index via add specialized settings route
|
||||||
let (response, code) = index.update_distinct_attribute(json!("test")).await;
|
let (response, code) = index.update_distinct_attribute(json!("test")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
let response = index.wait_task(task_id).await;
|
let response = index.wait_task(task_id).await;
|
||||||
|
|
@ -565,7 +633,7 @@ async fn lazy_create_index() {
|
||||||
});
|
});
|
||||||
|
|
||||||
let (response, code) = server.add_api_key(content).await;
|
let (response, code) = server.add_api_key(content).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(201, code, "{:?}", &response);
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
// use created key.
|
// use created key.
|
||||||
|
|
@ -582,13 +650,13 @@ async fn lazy_create_index() {
|
||||||
]);
|
]);
|
||||||
|
|
||||||
let (response, code) = index.add_documents(documents, None).await;
|
let (response, code) = index.add_documents(documents, None).await;
|
||||||
assert_eq!(code, 202, "{:?}", response);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
index.wait_task(task_id).await;
|
index.wait_task(task_id).await;
|
||||||
|
|
||||||
let (response, code) = index.get_task(task_id).await;
|
let (response, code) = index.get_task(task_id).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
assert_eq!(response["status"], "succeeded");
|
assert_eq!(response["status"], "succeeded");
|
||||||
|
|
||||||
// try to create a index via add settings route
|
// try to create a index via add settings route
|
||||||
|
|
@ -596,24 +664,24 @@ async fn lazy_create_index() {
|
||||||
let settings = json!({ "distinctAttribute": "test"});
|
let settings = json!({ "distinctAttribute": "test"});
|
||||||
|
|
||||||
let (response, code) = index.update_settings(settings).await;
|
let (response, code) = index.update_settings(settings).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
index.wait_task(task_id).await;
|
index.wait_task(task_id).await;
|
||||||
|
|
||||||
let (response, code) = index.get_task(task_id).await;
|
let (response, code) = index.get_task(task_id).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
assert_eq!(response["status"], "succeeded");
|
assert_eq!(response["status"], "succeeded");
|
||||||
|
|
||||||
// try to create a index via add specialized settings route
|
// try to create a index via add specialized settings route
|
||||||
let index = server.index("test2");
|
let index = server.index("test2");
|
||||||
let (response, code) = index.update_distinct_attribute(json!("test")).await;
|
let (response, code) = index.update_distinct_attribute(json!("test")).await;
|
||||||
assert_eq!(code, 202);
|
assert_eq!(202, code, "{:?}", &response);
|
||||||
let task_id = response["taskUid"].as_u64().unwrap();
|
let task_id = response["taskUid"].as_u64().unwrap();
|
||||||
|
|
||||||
index.wait_task(task_id).await;
|
index.wait_task(task_id).await;
|
||||||
|
|
||||||
let (response, code) = index.get_task(task_id).await;
|
let (response, code) = index.get_task(task_id).await;
|
||||||
assert_eq!(code, 200);
|
assert_eq!(200, code, "{:?}", &response);
|
||||||
assert_eq!(response["status"], "succeeded");
|
assert_eq!(response["status"], "succeeded");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,15 @@ impl Server {
|
||||||
self.service.api_key = Some(api_key.as_ref().to_string());
|
self.service.api_key = Some(api_key.as_ref().to_string());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Fetch and use the default admin key for nexts http requests.
|
||||||
|
pub async fn use_admin_key(&mut self, master_key: impl AsRef<str>) {
|
||||||
|
self.use_api_key(master_key);
|
||||||
|
let (response, code) = self.list_api_keys().await;
|
||||||
|
assert_eq!(200, code, "{:?}", response);
|
||||||
|
let admin_key = &response["results"][1]["key"];
|
||||||
|
self.use_api_key(admin_key.as_str().unwrap());
|
||||||
|
}
|
||||||
|
|
||||||
pub async fn add_api_key(&self, content: Value) -> (Value, StatusCode) {
|
pub async fn add_api_key(&self, content: Value) -> (Value, StatusCode) {
|
||||||
let url = "/keys";
|
let url = "/keys";
|
||||||
self.service.post(url, content).await
|
self.service.post(url, content).await
|
||||||
|
|
|
||||||
|
|
@ -8,11 +8,15 @@ use time::{Duration, OffsetDateTime};
|
||||||
|
|
||||||
use super::authorization::{ALL_ACTIONS, AUTHORIZATIONS};
|
use super::authorization::{ALL_ACTIONS, AUTHORIZATIONS};
|
||||||
|
|
||||||
fn generate_tenant_token(parent_key: impl AsRef<str>, mut body: HashMap<&str, Value>) -> String {
|
fn generate_tenant_token(
|
||||||
|
parent_uid: impl AsRef<str>,
|
||||||
|
parent_key: impl AsRef<str>,
|
||||||
|
mut body: HashMap<&str, Value>,
|
||||||
|
) -> String {
|
||||||
use jsonwebtoken::{encode, EncodingKey, Header};
|
use jsonwebtoken::{encode, EncodingKey, Header};
|
||||||
|
|
||||||
let key_id = &parent_key.as_ref()[..8];
|
let parent_uid = parent_uid.as_ref();
|
||||||
body.insert("apiKeyPrefix", json!(key_id));
|
body.insert("apiKeyUid", json!(parent_uid));
|
||||||
encode(
|
encode(
|
||||||
&Header::default(),
|
&Header::default(),
|
||||||
&body,
|
&body,
|
||||||
|
|
@ -114,7 +118,7 @@ static REFUSED_KEYS: Lazy<Vec<Value>> = Lazy::new(|| {
|
||||||
macro_rules! compute_autorized_search {
|
macro_rules! compute_autorized_search {
|
||||||
($tenant_tokens:expr, $filter:expr, $expected_count:expr) => {
|
($tenant_tokens:expr, $filter:expr, $expected_count:expr) => {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
let index = server.index("sales");
|
let index = server.index("sales");
|
||||||
let documents = DOCUMENTS.clone();
|
let documents = DOCUMENTS.clone();
|
||||||
index.add_documents(documents, None).await;
|
index.add_documents(documents, None).await;
|
||||||
|
|
@ -130,9 +134,10 @@ macro_rules! compute_autorized_search {
|
||||||
let (response, code) = server.add_api_key(key_content.clone()).await;
|
let (response, code) = server.add_api_key(key_content.clone()).await;
|
||||||
assert_eq!(code, 201);
|
assert_eq!(code, 201);
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
let uid = response["uid"].as_str().unwrap();
|
||||||
|
|
||||||
for tenant_token in $tenant_tokens.iter() {
|
for tenant_token in $tenant_tokens.iter() {
|
||||||
let web_token = generate_tenant_token(&key, tenant_token.clone());
|
let web_token = generate_tenant_token(&uid, &key, tenant_token.clone());
|
||||||
server.use_api_key(&web_token);
|
server.use_api_key(&web_token);
|
||||||
let index = server.index("sales");
|
let index = server.index("sales");
|
||||||
index
|
index
|
||||||
|
|
@ -160,7 +165,7 @@ macro_rules! compute_autorized_search {
|
||||||
macro_rules! compute_forbidden_search {
|
macro_rules! compute_forbidden_search {
|
||||||
($tenant_tokens:expr, $parent_keys:expr) => {
|
($tenant_tokens:expr, $parent_keys:expr) => {
|
||||||
let mut server = Server::new_auth().await;
|
let mut server = Server::new_auth().await;
|
||||||
server.use_api_key("MASTER_KEY");
|
server.use_admin_key("MASTER_KEY").await;
|
||||||
let index = server.index("sales");
|
let index = server.index("sales");
|
||||||
let documents = DOCUMENTS.clone();
|
let documents = DOCUMENTS.clone();
|
||||||
index.add_documents(documents, None).await;
|
index.add_documents(documents, None).await;
|
||||||
|
|
@ -172,9 +177,10 @@ macro_rules! compute_forbidden_search {
|
||||||
let (response, code) = server.add_api_key(key_content.clone()).await;
|
let (response, code) = server.add_api_key(key_content.clone()).await;
|
||||||
assert_eq!(code, 201, "{:?}", response);
|
assert_eq!(code, 201, "{:?}", response);
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
let uid = response["uid"].as_str().unwrap();
|
||||||
|
|
||||||
for tenant_token in $tenant_tokens.iter() {
|
for tenant_token in $tenant_tokens.iter() {
|
||||||
let web_token = generate_tenant_token(&key, tenant_token.clone());
|
let web_token = generate_tenant_token(&uid, &key, tenant_token.clone());
|
||||||
server.use_api_key(&web_token);
|
server.use_api_key(&web_token);
|
||||||
let index = server.index("sales");
|
let index = server.index("sales");
|
||||||
index
|
index
|
||||||
|
|
@ -461,12 +467,13 @@ async fn error_access_forbidden_routes() {
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
let uid = response["uid"].as_str().unwrap();
|
||||||
|
|
||||||
let tenant_token = hashmap! {
|
let tenant_token = hashmap! {
|
||||||
"searchRules" => json!(["*"]),
|
"searchRules" => json!(["*"]),
|
||||||
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
||||||
};
|
};
|
||||||
let web_token = generate_tenant_token(&key, tenant_token);
|
let web_token = generate_tenant_token(&uid, &key, tenant_token);
|
||||||
server.use_api_key(&web_token);
|
server.use_api_key(&web_token);
|
||||||
|
|
||||||
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
for ((method, route), actions) in AUTHORIZATIONS.iter() {
|
||||||
|
|
@ -496,12 +503,13 @@ async fn error_access_expired_parent_key() {
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
let uid = response["uid"].as_str().unwrap();
|
||||||
|
|
||||||
let tenant_token = hashmap! {
|
let tenant_token = hashmap! {
|
||||||
"searchRules" => json!(["*"]),
|
"searchRules" => json!(["*"]),
|
||||||
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
||||||
};
|
};
|
||||||
let web_token = generate_tenant_token(&key, tenant_token);
|
let web_token = generate_tenant_token(&uid, &key, tenant_token);
|
||||||
server.use_api_key(&web_token);
|
server.use_api_key(&web_token);
|
||||||
|
|
||||||
// test search request while parent_key is not expired
|
// test search request while parent_key is not expired
|
||||||
|
|
@ -538,12 +546,13 @@ async fn error_access_modified_token() {
|
||||||
assert!(response["key"].is_string());
|
assert!(response["key"].is_string());
|
||||||
|
|
||||||
let key = response["key"].as_str().unwrap();
|
let key = response["key"].as_str().unwrap();
|
||||||
|
let uid = response["uid"].as_str().unwrap();
|
||||||
|
|
||||||
let tenant_token = hashmap! {
|
let tenant_token = hashmap! {
|
||||||
"searchRules" => json!(["products"]),
|
"searchRules" => json!(["products"]),
|
||||||
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
||||||
};
|
};
|
||||||
let web_token = generate_tenant_token(&key, tenant_token);
|
let web_token = generate_tenant_token(&uid, &key, tenant_token);
|
||||||
server.use_api_key(&web_token);
|
server.use_api_key(&web_token);
|
||||||
|
|
||||||
// test search request while web_token is valid
|
// test search request while web_token is valid
|
||||||
|
|
@ -558,7 +567,7 @@ async fn error_access_modified_token() {
|
||||||
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
"exp" => json!((OffsetDateTime::now_utc() + Duration::hours(1)).unix_timestamp())
|
||||||
};
|
};
|
||||||
|
|
||||||
let alt = generate_tenant_token(&key, tenant_token);
|
let alt = generate_tenant_token(&uid, &key, tenant_token);
|
||||||
let altered_token = [
|
let altered_token = [
|
||||||
web_token.split('.').next().unwrap(),
|
web_token.split('.').next().unwrap(),
|
||||||
alt.split('.').nth(1).unwrap(),
|
alt.split('.').nth(1).unwrap(),
|
||||||
|
|
|
||||||
|
|
@ -110,7 +110,7 @@ impl Index<'_> {
|
||||||
let url = format!("/tasks/{}", update_id);
|
let url = format!("/tasks/{}", update_id);
|
||||||
for _ in 0..10 {
|
for _ in 0..10 {
|
||||||
let (response, status_code) = self.service.get(&url).await;
|
let (response, status_code) = self.service.get(&url).await;
|
||||||
assert_eq!(status_code, 200, "response: {}", response);
|
assert_eq!(200, status_code, "response: {}", response);
|
||||||
|
|
||||||
if response["status"] == "succeeded" || response["status"] == "failed" {
|
if response["status"] == "succeeded" || response["status"] == "failed" {
|
||||||
return response;
|
return response;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user