github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/libpages/config/config_v1_test.go (about) 1 // Copyright 2017 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package config 6 7 import ( 8 "bytes" 9 "context" 10 "strings" 11 "testing" 12 13 "github.com/stretchr/testify/require" 14 ) 15 16 func TestConfigV1Default(t *testing.T) { 17 config := DefaultV1() 18 read, list, 19 possibleRead, possibleList, 20 realm, err := config.GetPermissions("/", nil) 21 require.NoError(t, err) 22 require.True(t, read) 23 require.False(t, list) 24 require.True(t, possibleRead) 25 require.False(t, possibleList) 26 require.Equal(t, "/", realm) 27 } 28 29 func TestConfigV1Invalid(t *testing.T) { 30 err := (&V1{ 31 Common: Common{ 32 Version: Version1Str, 33 }, 34 PerPathConfigs: map[string]PerPathConfigV1{ 35 "/": { 36 WhitelistAdditionalPermissions: map[string]string{ 37 "alice": PermRead, 38 }, 39 }, 40 }, 41 }).EnsureInit() 42 require.Error(t, err) 43 require.IsType(t, ErrUndefinedUsername{}, err) 44 45 err = (&V1{ 46 Common: Common{ 47 Version: Version1Str, 48 }, 49 PerPathConfigs: map[string]PerPathConfigV1{ 50 "/": { 51 AnonymousPermissions: "", 52 }, 53 "": { 54 AnonymousPermissions: PermRead, 55 }, 56 }, 57 }).EnsureInit() 58 require.Error(t, err) 59 require.IsType(t, ErrDuplicatePerPathConfigPath{}, err) 60 61 err = (&V1{ 62 Common: Common{ 63 Version: Version1Str, 64 }, 65 PerPathConfigs: map[string]PerPathConfigV1{ 66 "/foo": { 67 AnonymousPermissions: "", 68 }, 69 "/foo/../foo": { 70 AnonymousPermissions: PermRead, 71 }, 72 }, 73 }).EnsureInit() 74 require.Error(t, err) 75 require.IsType(t, ErrDuplicatePerPathConfigPath{}, err) 76 77 err = (&V1{ 78 Common: Common{ 79 Version: Version1Str, 80 }, 81 PerPathConfigs: map[string]PerPathConfigV1{ 82 "/": { 83 AnonymousPermissions: "huh?", 84 }, 85 }, 86 }).EnsureInit() 87 require.Error(t, err) 88 require.IsType(t, ErrInvalidPermissions{}, err) 89 } 90 91 func TestConfigV1Full(t *testing.T) { 92 config := V1{ 93 Common: Common{ 94 Version: Version1Str, 95 }, 96 Users: map[string]string{ 97 "alice": generateBcryptPasswordHashForTestOrBust(t, "12345"), 98 "bob": generateSHA256PasswordHashForTestOrBust(t, "54321"), 99 }, 100 PerPathConfigs: map[string]PerPathConfigV1{ 101 "/": { 102 AnonymousPermissions: "read,list", 103 }, 104 "/alice-and-bob": { 105 WhitelistAdditionalPermissions: map[string]string{ 106 "alice": PermReadAndList, 107 "bob": PermRead, 108 }, 109 }, 110 "/bob": { 111 AnonymousPermissions: "", 112 WhitelistAdditionalPermissions: map[string]string{ 113 "bob": PermReadAndList, 114 }, 115 }, 116 "/public": { 117 AnonymousPermissions: PermReadAndList, 118 }, 119 "/public/not-really": { 120 AnonymousPermissions: "", 121 WhitelistAdditionalPermissions: map[string]string{ 122 "alice": PermReadAndList, 123 }, 124 }, 125 "/bob/dir/deep-dir/deep-deep-dir": {}, 126 }, 127 } 128 129 ctx := context.Background() 130 131 authenticated := config.Authenticate(ctx, "alice", "54321") 132 require.False(t, authenticated) 133 authenticated = config.Authenticate(ctx, "bob", "12345") 134 require.False(t, authenticated) 135 authenticated = config.Authenticate(ctx, "alice", "12345") 136 require.True(t, authenticated) 137 authenticated = config.Authenticate(ctx, "bob", "54321") 138 require.True(t, authenticated) 139 140 read, list, possibleRead, possibleList, 141 realm, err := config.GetPermissions("/", nil) 142 require.NoError(t, err) 143 require.True(t, read) 144 require.True(t, list) 145 require.True(t, possibleRead) 146 require.True(t, possibleList) 147 require.Equal(t, "/", realm) 148 read, list, possibleRead, possibleList, 149 realm, err = config.GetPermissions("/", stringPtr("alice")) 150 require.NoError(t, err) 151 require.True(t, read) 152 require.True(t, list) 153 require.True(t, possibleRead) 154 require.True(t, possibleList) 155 require.Equal(t, "/", realm) 156 read, list, possibleRead, possibleList, 157 realm, err = config.GetPermissions("/", stringPtr("bob")) 158 require.NoError(t, err) 159 require.True(t, read) 160 require.True(t, list) 161 require.True(t, possibleRead) 162 require.True(t, possibleList) 163 require.Equal(t, "/", realm) 164 165 read, list, possibleRead, possibleList, 166 realm, err = config.GetPermissions("/alice-and-bob", nil) 167 require.NoError(t, err) 168 require.False(t, read) 169 require.False(t, list) 170 require.True(t, possibleRead) 171 require.True(t, possibleList) 172 require.Equal(t, "/alice-and-bob", realm) 173 read, list, possibleRead, possibleList, 174 realm, err = config.GetPermissions("/alice-and-bob", stringPtr("alice")) 175 require.NoError(t, err) 176 require.True(t, read) 177 require.True(t, list) 178 require.True(t, possibleRead) 179 require.True(t, possibleList) 180 require.Equal(t, "/alice-and-bob", realm) 181 read, list, possibleRead, possibleList, 182 realm, err = config.GetPermissions("/alice-and-bob", stringPtr("bob")) 183 require.NoError(t, err) 184 require.True(t, read) 185 require.False(t, list) 186 require.True(t, possibleRead) 187 require.True(t, possibleList) 188 require.Equal(t, "/alice-and-bob", realm) 189 190 read, list, possibleRead, possibleList, 191 realm, err = config.GetPermissions("/bob", nil) 192 require.NoError(t, err) 193 require.False(t, read) 194 require.False(t, list) 195 require.True(t, possibleRead) 196 require.True(t, possibleList) 197 require.Equal(t, "/bob", realm) 198 read, list, possibleRead, possibleList, 199 realm, err = config.GetPermissions("/bob", stringPtr("alice")) 200 require.NoError(t, err) 201 require.False(t, read) 202 require.False(t, list) 203 require.True(t, possibleRead) 204 require.True(t, possibleList) 205 require.Equal(t, "/bob", realm) 206 read, list, possibleRead, possibleList, 207 realm, err = config.GetPermissions("/bob", stringPtr("bob")) 208 require.NoError(t, err) 209 require.True(t, read) 210 require.True(t, list) 211 require.True(t, possibleRead) 212 require.True(t, possibleList) 213 require.Equal(t, "/bob", realm) 214 215 read, list, possibleRead, possibleList, 216 realm, err = config.GetPermissions("/public", nil) 217 require.NoError(t, err) 218 require.True(t, read) 219 require.True(t, list) 220 require.True(t, possibleRead) 221 require.True(t, possibleList) 222 require.Equal(t, "/public", realm) 223 read, list, possibleRead, possibleList, 224 realm, err = config.GetPermissions("/public", stringPtr("alice")) 225 require.NoError(t, err) 226 require.True(t, read) 227 require.True(t, list) 228 require.True(t, possibleRead) 229 require.True(t, possibleList) 230 require.Equal(t, "/public", realm) 231 read, list, possibleRead, possibleList, 232 realm, err = config.GetPermissions("/public", stringPtr("bob")) 233 require.NoError(t, err) 234 require.True(t, read) 235 require.True(t, list) 236 require.True(t, possibleRead) 237 require.True(t, possibleList) 238 require.Equal(t, "/public", realm) 239 240 read, list, possibleRead, possibleList, 241 realm, err = config.GetPermissions("/public/not-really", nil) 242 require.NoError(t, err) 243 require.False(t, read) 244 require.False(t, list) 245 require.True(t, possibleRead) 246 require.True(t, possibleList) 247 require.Equal(t, "/public/not-really", realm) 248 read, list, possibleRead, possibleList, 249 realm, err = config.GetPermissions("/public/not-really", stringPtr("alice")) 250 require.NoError(t, err) 251 require.True(t, read) 252 require.True(t, list) 253 require.True(t, possibleRead) 254 require.True(t, possibleList) 255 require.Equal(t, "/public/not-really", realm) 256 read, list, possibleRead, possibleList, 257 realm, err = config.GetPermissions("/public/not-really", stringPtr("bob")) 258 require.NoError(t, err) 259 require.False(t, read) 260 require.False(t, list) 261 require.True(t, possibleRead) 262 require.True(t, possibleList) 263 require.Equal(t, "/public/not-really", realm) 264 265 read, list, possibleRead, possibleList, 266 realm, err = config.GetPermissions("/bob/dir", nil) 267 require.NoError(t, err) 268 require.False(t, read) 269 require.False(t, list) 270 require.True(t, possibleRead) 271 require.True(t, possibleList) 272 require.Equal(t, "/bob", realm) 273 read, list, possibleRead, possibleList, 274 realm, err = config.GetPermissions("/bob/dir", stringPtr("alice")) 275 require.NoError(t, err) 276 require.False(t, read) 277 require.False(t, list) 278 require.True(t, possibleRead) 279 require.True(t, possibleList) 280 require.Equal(t, "/bob", realm) 281 read, list, possibleRead, possibleList, 282 realm, err = config.GetPermissions("/bob/dir", stringPtr("bob")) 283 require.NoError(t, err) 284 require.True(t, read) 285 require.True(t, list) 286 require.True(t, possibleRead) 287 require.True(t, possibleList) 288 require.Equal(t, "/bob", realm) 289 290 read, list, possibleRead, possibleList, 291 realm, err = config.GetPermissions("/bob/dir/sub", nil) 292 require.NoError(t, err) 293 require.False(t, read) 294 require.False(t, list) 295 require.True(t, possibleRead) 296 require.True(t, possibleList) 297 require.Equal(t, "/bob", realm) 298 read, list, possibleRead, possibleList, 299 realm, err = config.GetPermissions("/bob/dir/sub", stringPtr("alice")) 300 require.NoError(t, err) 301 require.False(t, read) 302 require.False(t, list) 303 require.True(t, possibleRead) 304 require.True(t, possibleList) 305 require.Equal(t, "/bob", realm) 306 read, list, possibleRead, possibleList, 307 realm, err = config.GetPermissions("/bob/dir/sub", stringPtr("bob")) 308 require.NoError(t, err) 309 require.True(t, read) 310 require.True(t, list) 311 require.True(t, possibleRead) 312 require.True(t, possibleList) 313 require.Equal(t, "/bob", realm) 314 315 read, list, possibleRead, possibleList, 316 realm, err = config.GetPermissions("/bob/dir/deep-dir/deep-deep-dir", nil) 317 require.NoError(t, err) 318 require.False(t, read) 319 require.False(t, list) 320 require.False(t, possibleRead) 321 require.False(t, possibleList) 322 require.Equal(t, "/bob/dir/deep-dir/deep-deep-dir", realm) 323 read, list, possibleRead, possibleList, 324 realm, err = config.GetPermissions("/bob/dir/deep-dir/deep-deep-dir", stringPtr("alice")) 325 require.NoError(t, err) 326 require.False(t, read) 327 require.False(t, list) 328 require.False(t, possibleRead) 329 require.False(t, possibleList) 330 require.Equal(t, "/bob/dir/deep-dir/deep-deep-dir", realm) 331 read, list, possibleRead, possibleList, 332 realm, err = config.GetPermissions("/bob/dir/deep-dir/deep-deep-dir", stringPtr("bob")) 333 require.NoError(t, err) 334 require.False(t, read) 335 require.False(t, list) 336 require.False(t, possibleRead) 337 require.False(t, possibleList) 338 require.Equal(t, "/bob/dir/deep-dir/deep-deep-dir", realm) 339 } 340 341 func TestV1EncodeObjectKeyOrder(t *testing.T) { 342 // We are relying on an undocumented feature of encoding/json where struct 343 // fields are serialized into json with the same order that they are 344 // defined in the struct. If this ever changes in the future, this test 345 // helps us catch it. 346 v1 := DefaultV1() 347 buf := &bytes.Buffer{} 348 err := v1.Encode(buf, false) 349 require.NoError(t, err) 350 const expectedJSON = `{"version":"v1","users":null,` + 351 `"per_path_configs":{"/":{"whitelist_additional_permissions":null,` + 352 `"anonymous_permissions":"read"}}}` 353 require.Equal(t, expectedJSON, strings.TrimSpace(buf.String())) 354 } 355 356 func TestV1DeprecatingACLsField(t *testing.T) { 357 perPathConfigs := map[string]PerPathConfigV1{ 358 "/": { 359 WhitelistAdditionalPermissions: map[string]string{ 360 "alice": PermRead, 361 }, 362 }, 363 } 364 365 configWithDeprecatedACLs := &V1{ 366 Common: Common{ 367 Version: Version1Str, 368 }, 369 Users: map[string]string{ 370 "alice": generateBcryptPasswordHashForTestOrBust(t, "12345"), 371 }, 372 ACLs: perPathConfigs, 373 } 374 err := (configWithDeprecatedACLs).EnsureInit() 375 require.NoError(t, err) 376 require.Nil(t, configWithDeprecatedACLs.ACLs) 377 require.Equal(t, perPathConfigs, configWithDeprecatedACLs.PerPathConfigs) 378 379 err = (&V1{ 380 Common: Common{ 381 Version: Version1Str, 382 }, 383 Users: map[string]string{ 384 "alice": generateBcryptPasswordHashForTestOrBust(t, "12345"), 385 }, 386 ACLs: perPathConfigs, 387 PerPathConfigs: perPathConfigs, 388 }).EnsureInit() 389 require.IsType(t, ErrACLsPerPathConfigsBothPresent{}, err) 390 }