2016-09-26 18:48:55 +00:00
|
|
|
package service
|
2016-09-04 19:43:12 +00:00
|
|
|
|
|
|
|
|
import (
|
2016-09-16 04:35:52 +00:00
|
|
|
"fmt"
|
2016-09-04 19:43:12 +00:00
|
|
|
"net/http/httptest"
|
|
|
|
|
"testing"
|
|
|
|
|
|
2020-11-11 17:59:12 +00:00
|
|
|
"github.com/fleetdm/fleet/server/config"
|
|
|
|
|
"github.com/fleetdm/fleet/server/datastore/inmem"
|
2021-03-26 18:23:29 +00:00
|
|
|
"github.com/gorilla/mux"
|
2016-09-04 19:43:12 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2021-03-26 18:23:29 +00:00
|
|
|
"github.com/throttled/throttled/store/memstore"
|
2016-09-04 19:43:12 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestAPIRoutes(t *testing.T) {
|
2016-11-25 18:08:22 +00:00
|
|
|
ds, err := inmem.New(config.TestConfig())
|
2016-09-04 19:43:12 +00:00
|
|
|
assert.Nil(t, err)
|
|
|
|
|
|
2021-06-03 23:24:15 +00:00
|
|
|
svc := newTestService(ds, nil, nil)
|
2016-09-04 19:43:12 +00:00
|
|
|
|
|
|
|
|
r := mux.NewRouter()
|
2021-03-26 18:23:29 +00:00
|
|
|
limitStore, _ := memstore.New(0)
|
|
|
|
|
ke := MakeKolideServerEndpoints(svc, "CHANGEME", "", limitStore)
|
2017-03-15 15:55:30 +00:00
|
|
|
kh := makeKolideKitHandlers(ke, nil)
|
2016-09-26 17:14:39 +00:00
|
|
|
attachKolideAPIRoutes(r, kh)
|
2016-09-04 19:43:12 +00:00
|
|
|
handler := mux.NewRouter()
|
2016-09-29 04:21:39 +00:00
|
|
|
handler.PathPrefix("/").Handler(r)
|
2016-09-04 19:43:12 +00:00
|
|
|
|
|
|
|
|
var routes = []struct {
|
|
|
|
|
verb string
|
|
|
|
|
uri string
|
|
|
|
|
}{
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/users",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/users",
|
2016-09-15 14:52:17 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/users/1",
|
2016-09-15 14:52:17 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "PATCH",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/users/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/login",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/forgot_password",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/reset_password",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
2016-09-16 04:35:52 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/me",
|
2016-09-16 04:35:52 +00:00
|
|
|
},
|
2016-09-22 00:45:57 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/config",
|
2016-09-22 00:45:57 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "PATCH",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/config",
|
2016-09-22 00:45:57 +00:00
|
|
|
},
|
2016-09-29 02:44:05 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/invites",
|
2016-09-29 02:44:05 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/invites",
|
2016-09-29 02:44:05 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/invites/1",
|
2016-09-29 02:44:05 +00:00
|
|
|
},
|
2016-09-04 19:43:12 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "PATCH",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
2016-12-09 17:12:45 +00:00
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries/delete",
|
2016-12-09 17:12:45 +00:00
|
|
|
},
|
2016-11-16 21:07:50 +00:00
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/queries/run",
|
2016-11-16 21:07:50 +00:00
|
|
|
},
|
2016-09-04 19:43:12 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "PATCH",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs/1",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
|
|
|
|
{
|
2016-12-13 22:22:05 +00:00
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/packs/1/scheduled",
|
2016-09-04 19:43:12 +00:00
|
|
|
},
|
2016-09-29 04:21:39 +00:00
|
|
|
{
|
2018-06-15 14:13:11 +00:00
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/schedule",
|
2018-06-15 14:13:11 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/schedule/1",
|
2018-06-15 14:13:11 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "PATCH",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/schedule/1",
|
2018-06-15 14:13:11 +00:00
|
|
|
}, {
|
2016-09-29 04:21:39 +00:00
|
|
|
verb: "POST",
|
|
|
|
|
uri: "/api/v1/osquery/enroll",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
|
|
|
|
uri: "/api/v1/osquery/config",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
|
|
|
|
uri: "/api/v1/osquery/distributed/read",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
|
|
|
|
uri: "/api/v1/osquery/distributed/write",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
|
|
|
|
uri: "/api/v1/osquery/log",
|
|
|
|
|
},
|
2016-10-03 03:14:35 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/labels/1",
|
2016-10-03 03:14:35 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/labels",
|
2016-10-03 03:14:35 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "POST",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/labels",
|
2016-10-03 03:14:35 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/labels/1",
|
2016-10-03 03:14:35 +00:00
|
|
|
},
|
2016-10-06 00:10:44 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/hosts/1",
|
2016-10-06 00:10:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/hosts",
|
2016-10-06 00:10:44 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
verb: "DELETE",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/hosts/1",
|
2016-10-06 00:10:44 +00:00
|
|
|
},
|
2017-01-04 21:16:17 +00:00
|
|
|
{
|
|
|
|
|
verb: "GET",
|
2021-02-10 20:13:11 +00:00
|
|
|
uri: "/api/v1/fleet/host_summary",
|
2017-01-04 21:16:17 +00:00
|
|
|
},
|
2016-09-04 19:43:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, route := range routes {
|
2016-09-16 04:35:52 +00:00
|
|
|
t.Run(fmt.Sprintf(": %v", route.uri), func(st *testing.T) {
|
|
|
|
|
recorder := httptest.NewRecorder()
|
|
|
|
|
handler.ServeHTTP(
|
|
|
|
|
recorder,
|
|
|
|
|
httptest.NewRequest(route.verb, route.uri, nil),
|
|
|
|
|
)
|
|
|
|
|
assert.NotEqual(st, 404, recorder.Code)
|
|
|
|
|
})
|
2016-09-04 19:43:12 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// TODO refactor this test to match new patterns
|
|
|
|
|
// func TestModifyUserPermissions(t *testing.T) {
|
|
|
|
|
// var (
|
|
|
|
|
// admin, enabled bool
|
|
|
|
|
// uid uint
|
|
|
|
|
// )
|
|
|
|
|
// ms := new(mock.Store)
|
|
|
|
|
// ms.SessionByKeyFunc = func(key string) (*kolide.Session, error) {
|
|
|
|
|
// return &kolide.Session{AccessedAt: time.Now(), UserID: uid, ID: 1}, nil
|
|
|
|
|
// }
|
|
|
|
|
// ms.DestroySessionFunc = func(session *kolide.Session) error {
|
|
|
|
|
// return nil
|
|
|
|
|
// }
|
|
|
|
|
// ms.MarkSessionAccessedFunc = func(session *kolide.Session) error {
|
|
|
|
|
// return nil
|
|
|
|
|
// }
|
|
|
|
|
// ms.UserByIDFunc = func(id uint) (*kolide.User, error) {
|
|
|
|
|
// return &kolide.User{ID: id, Enabled: enabled, Admin: admin}, nil
|
|
|
|
|
// }
|
|
|
|
|
// ms.SaveUserFunc = func(u *kolide.User) error {
|
|
|
|
|
// // Return an error so that the endpoint returns
|
|
|
|
|
// return errors.New("foo")
|
|
|
|
|
// }
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// svc, err := newTestService(ms, nil, nil)
|
|
|
|
|
// assert.Nil(t, err)
|
|
|
|
|
// limitStore, _ := memstore.New(0)
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// handler := MakeHandler(
|
|
|
|
|
// svc,
|
|
|
|
|
// config.KolideConfig{Auth: config.AuthConfig{JwtKey: "CHANGEME"}},
|
|
|
|
|
// log.NewNopLogger(),
|
|
|
|
|
// limitStore,
|
|
|
|
|
// )
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// testCases := []struct {
|
|
|
|
|
// ActingUserID uint
|
|
|
|
|
// ActingUserAdmin bool
|
|
|
|
|
// ActingUserEnabled bool
|
|
|
|
|
// TargetUserID uint
|
|
|
|
|
// Authorized bool
|
|
|
|
|
// }{
|
|
|
|
|
// // Disabled regular user
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 1,
|
|
|
|
|
// ActingUserAdmin: false,
|
|
|
|
|
// ActingUserEnabled: false,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: false,
|
|
|
|
|
// },
|
|
|
|
|
// // Enabled regular user acting on self
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 1,
|
|
|
|
|
// ActingUserAdmin: false,
|
|
|
|
|
// ActingUserEnabled: true,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: true,
|
|
|
|
|
// },
|
|
|
|
|
// // Enabled regular user acting on other
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 2,
|
|
|
|
|
// ActingUserAdmin: false,
|
|
|
|
|
// ActingUserEnabled: true,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: false,
|
|
|
|
|
// },
|
|
|
|
|
// // Disabled admin user
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 1,
|
|
|
|
|
// ActingUserAdmin: true,
|
|
|
|
|
// ActingUserEnabled: false,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: false,
|
|
|
|
|
// },
|
|
|
|
|
// // Enabled admin user acting on self
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 1,
|
|
|
|
|
// ActingUserAdmin: true,
|
|
|
|
|
// ActingUserEnabled: true,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: true,
|
|
|
|
|
// },
|
|
|
|
|
// // Enabled admin user acting on other
|
|
|
|
|
// {
|
|
|
|
|
// ActingUserID: 2,
|
|
|
|
|
// ActingUserAdmin: true,
|
|
|
|
|
// ActingUserEnabled: true,
|
|
|
|
|
// TargetUserID: 1,
|
|
|
|
|
// Authorized: true,
|
|
|
|
|
// },
|
|
|
|
|
// }
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// for _, tt := range testCases {
|
|
|
|
|
// t.Run("", func(t *testing.T) {
|
|
|
|
|
// // Set user params
|
|
|
|
|
// uid = tt.ActingUserID
|
|
|
|
|
// admin, enabled = tt.ActingUserAdmin, tt.ActingUserEnabled
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// recorder := httptest.NewRecorder()
|
|
|
|
|
// path := fmt.Sprintf("/api/v1/fleet/users/%d", tt.TargetUserID)
|
|
|
|
|
// request := httptest.NewRequest("PATCH", path, bytes.NewBufferString("{}"))
|
|
|
|
|
// // Bearer token generated with session key CHANGEME on jwt.io
|
|
|
|
|
// request.Header.Add("Authorization", "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6ImZsb29wIn0.ukCPTFvgSJrXbHH2QeAMx3EKwoMh1OmhP3xXxy5I-Wk")
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// handler.ServeHTTP(recorder, request)
|
|
|
|
|
// if tt.Authorized {
|
|
|
|
|
// assert.NotEqual(t, 403, recorder.Code)
|
|
|
|
|
// } else {
|
|
|
|
|
// assert.Equal(t, 403, recorder.Code)
|
|
|
|
|
// }
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// })
|
|
|
|
|
// }
|
2018-09-13 17:41:30 +00:00
|
|
|
|
2021-04-07 01:27:10 +00:00
|
|
|
// }
|
