From 2245e9c0a057e5656f7d82a58970288bc8a1003c Mon Sep 17 00:00:00 2001 From: Pat Losoponkul Date: Thu, 11 Jan 2024 17:06:30 +0700 Subject: [PATCH] test: authorizeRole SecurityLogic tests --- .../iam/authentication/SecurityLogic.scala | 9 +++-- .../authentication/SecurityLogicSpec.scala | 33 +++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/prism-agent/service/server/src/main/scala/io/iohk/atala/iam/authentication/SecurityLogic.scala b/prism-agent/service/server/src/main/scala/io/iohk/atala/iam/authentication/SecurityLogic.scala index 53461e9314..52e4434d9a 100644 --- a/prism-agent/service/server/src/main/scala/io/iohk/atala/iam/authentication/SecurityLogic.scala +++ b/prism-agent/service/server/src/main/scala/io/iohk/atala/iam/authentication/SecurityLogic.scala @@ -79,10 +79,10 @@ object SecurityLogic { case Right(entity) => authorizeWalletAdmin(entity)(authorizer).map(entity -> _) } - def authorizeRoleWith[E <: BaseEntity](credentials: (AdminApiKeyCredentials, JwtCredentials))( + def authorizeRole[E <: BaseEntity](credentials: Credentials, others: Credentials*)( authenticator: Authenticator[E], )(permittedRole: EntityRole): IO[ErrorResponse, BaseEntity] = { - authenticate[E](credentials._1, credentials._2)(authenticator) + authenticate[E](credentials, others: _*)(authenticator) .flatMap { ee => val entity = ee.fold(identity, identity) for { @@ -101,4 +101,9 @@ object SecurityLogic { } } + def authorizeRoleWith[E <: BaseEntity](credentials: (AdminApiKeyCredentials, JwtCredentials))( + authenticator: Authenticator[E], + )(permittedRole: EntityRole): IO[ErrorResponse, BaseEntity] = + authorizeRole(credentials._1, credentials._2)(authenticator)(permittedRole) + } diff --git a/prism-agent/service/server/src/test/scala/io/iohk/atala/iam/authentication/SecurityLogicSpec.scala b/prism-agent/service/server/src/test/scala/io/iohk/atala/iam/authentication/SecurityLogicSpec.scala index 619c24884d..4dd378b2cf 100644 --- a/prism-agent/service/server/src/test/scala/io/iohk/atala/iam/authentication/SecurityLogicSpec.scala +++ b/prism-agent/service/server/src/test/scala/io/iohk/atala/iam/authentication/SecurityLogicSpec.scala @@ -1,6 +1,7 @@ package io.iohk.atala.iam.authentication import io.iohk.atala.agent.walletapi.model.Entity +import io.iohk.atala.agent.walletapi.model.EntityRole import io.iohk.atala.iam.authentication.AuthenticationError.InvalidCredentials import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials import zio.* @@ -78,6 +79,38 @@ object SecurityLogicSpec extends ZIOSpecDefault { .exit } yield assert(exit)(fails(hasField("status", _.status, equalTo(sttp.model.StatusCode.Forbidden.code)))) }, + test("authorizeRole accept if the role is matched") { + val tenantentity = Entity("alice", UUID.randomUUID()) + val adminEntity = Entity.Admin + for { + entity1 <- SecurityLogic + .authorizeRole(ApiKeyCredentials(Some(tenantentity.id.toString())))(testAuthenticator(tenantentity))( + EntityRole.Tenant + ) + entity2 <- SecurityLogic + .authorizeRole(ApiKeyCredentials(Some(adminEntity.id.toString())))(testAuthenticator(adminEntity))( + EntityRole.Admin + ) + } yield assert(entity1.role)(isRight(equalTo(EntityRole.Tenant))) && + assert(entity2.role)(isRight(equalTo(EntityRole.Admin))) + }, + test("authorizeRole reject if the role is not matched") { + val tenantentity = Entity("alice", UUID.randomUUID()) + val adminEntity = Entity.Admin + for { + exit1 <- SecurityLogic + .authorizeRole(ApiKeyCredentials(Some(tenantentity.id.toString())))(testAuthenticator(tenantentity))( + EntityRole.Admin + ) + .exit + exit2 <- SecurityLogic + .authorizeRole(ApiKeyCredentials(Some(adminEntity.id.toString())))(testAuthenticator(tenantentity))( + EntityRole.Tenant + ) + .exit + } yield assert(exit1)(fails(hasField("status", _.status, equalTo(sttp.model.StatusCode.Forbidden.code)))) && + assert(exit2)(fails(hasField("status", _.status, equalTo(sttp.model.StatusCode.Forbidden.code)))) + }, test("display first error message that is not MethodNotEnabled error") { val alice = Entity("alice", UUID.randomUUID()) val bob = Entity("bob", UUID.randomUUID())