github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/api/auth/check_build_write_access_handler_test.go (about) 1 package auth_test 2 3 import ( 4 "errors" 5 "net/http" 6 "net/http/httptest" 7 8 "github.com/pf-qiu/concourse/v6/atc/api/accessor" 9 "github.com/pf-qiu/concourse/v6/atc/api/accessor/accessorfakes" 10 "github.com/pf-qiu/concourse/v6/atc/api/auth" 11 "github.com/pf-qiu/concourse/v6/atc/auditor/auditorfakes" 12 "github.com/pf-qiu/concourse/v6/atc/db/dbfakes" 13 14 . "github.com/onsi/ginkgo" 15 . "github.com/onsi/gomega" 16 ) 17 18 var _ = Describe("CheckBuildWriteAccessHandler", func() { 19 var ( 20 response *http.Response 21 server *httptest.Server 22 delegate *buildDelegateHandler 23 buildFactory *dbfakes.FakeBuildFactory 24 handlerFactory auth.CheckBuildWriteAccessHandlerFactory 25 handler http.Handler 26 fakeAccessor *accessorfakes.FakeAccessFactory 27 fakeaccess *accessorfakes.FakeAccess 28 build *dbfakes.FakeBuild 29 pipeline *dbfakes.FakePipeline 30 ) 31 32 BeforeEach(func() { 33 buildFactory = new(dbfakes.FakeBuildFactory) 34 handlerFactory = auth.NewCheckBuildWriteAccessHandlerFactory(buildFactory) 35 fakeAccessor = new(accessorfakes.FakeAccessFactory) 36 fakeaccess = new(accessorfakes.FakeAccess) 37 38 delegate = &buildDelegateHandler{} 39 40 build = new(dbfakes.FakeBuild) 41 pipeline = new(dbfakes.FakePipeline) 42 build.PipelineReturns(pipeline, true, nil) 43 build.TeamNameReturns("some-team") 44 build.JobNameReturns("some-job") 45 46 innerHandler := handlerFactory.HandlerFor(delegate, auth.UnauthorizedRejector{}) 47 48 handler = accessor.NewHandler( 49 logger, 50 "some-action", 51 innerHandler, 52 fakeAccessor, 53 new(auditorfakes.FakeAuditor), 54 map[string]string{}, 55 ) 56 }) 57 58 JustBeforeEach(func() { 59 fakeAccessor.CreateReturns(fakeaccess, nil) 60 server = httptest.NewServer(handler) 61 62 request, err := http.NewRequest("POST", server.URL+"?:team_name=some-team&:build_id=55", nil) 63 Expect(err).NotTo(HaveOccurred()) 64 65 response, err = new(http.Client).Do(request) 66 Expect(err).NotTo(HaveOccurred()) 67 }) 68 69 var _ = AfterEach(func() { 70 server.Close() 71 }) 72 73 Context("when authenticated and accessing same team's build", func() { 74 BeforeEach(func() { 75 fakeaccess.IsAuthenticatedReturns(true) 76 fakeaccess.IsAuthorizedReturns(true) 77 }) 78 79 Context("when build exists", func() { 80 BeforeEach(func() { 81 buildFactory.BuildReturns(build, true, nil) 82 }) 83 84 It("returns 200 ok", func() { 85 Expect(response.StatusCode).To(Equal(http.StatusOK)) 86 }) 87 88 It("calls delegate with the build context", func() { 89 Expect(delegate.IsCalled).To(BeTrue()) 90 Expect(delegate.ContextBuild).To(BeIdenticalTo(build)) 91 }) 92 }) 93 94 Context("when build is not found", func() { 95 BeforeEach(func() { 96 buildFactory.BuildReturns(nil, false, nil) 97 }) 98 99 It("returns 404", func() { 100 Expect(response.StatusCode).To(Equal(http.StatusNotFound)) 101 }) 102 }) 103 104 Context("when getting build fails", func() { 105 BeforeEach(func() { 106 buildFactory.BuildReturns(nil, false, errors.New("disaster")) 107 }) 108 109 It("returns 404", func() { 110 Expect(response.StatusCode).To(Equal(http.StatusInternalServerError)) 111 }) 112 }) 113 }) 114 115 Context("when authenticated but accessing different team's build", func() { 116 BeforeEach(func() { 117 fakeaccess.IsAuthenticatedReturns(true) 118 fakeaccess.IsAuthorizedReturns(false) 119 buildFactory.BuildReturns(build, true, nil) 120 }) 121 122 It("returns 403", func() { 123 Expect(response.StatusCode).To(Equal(http.StatusForbidden)) 124 }) 125 }) 126 127 Context("when not authenticated", func() { 128 BeforeEach(func() { 129 fakeaccess.IsAuthenticatedReturns(false) 130 }) 131 132 It("returns 401", func() { 133 Expect(response.StatusCode).To(Equal(http.StatusUnauthorized)) 134 }) 135 }) 136 })