mirror of
https://github.com/valitydev/bouncer-client-erlang.git
synced 2024-11-06 08:35:21 +00:00
Support auth token context (#7)
* Bump to rbkmoney/bouncer-proto@20f3ecd * Drop legacy resolutions from tests also.
This commit is contained in:
parent
921f52f2d0
commit
f01fc16219
@ -2,7 +2,7 @@
|
|||||||
[{<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},3},
|
[{<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},3},
|
||||||
{<<"bouncer_proto">>,
|
{<<"bouncer_proto">>,
|
||||||
{git,"git@github.com:rbkmoney/bouncer-proto.git",
|
{git,"git@github.com:rbkmoney/bouncer-proto.git",
|
||||||
{ref,"542d8c74c54c0f2a085fa27c527c73350450a502"}},
|
{ref,"20f3ecd77412f1d317ba41c0ef1c5fb3cdbbde11"}},
|
||||||
0},
|
0},
|
||||||
{<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1},
|
{<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1},
|
||||||
{<<"certifi">>,{pkg,<<"certifi">>,<<"2.5.1">>},2},
|
{<<"certifi">>,{pkg,<<"certifi">>,<<"2.5.1">>},2},
|
||||||
|
@ -39,7 +39,12 @@
|
|||||||
-type auth_params() :: #{
|
-type auth_params() :: #{
|
||||||
method := method(),
|
method := method(),
|
||||||
scope => [auth_scope()],
|
scope => [auth_scope()],
|
||||||
expiration => timestamp()
|
expiration => timestamp(),
|
||||||
|
token => token()
|
||||||
|
}.
|
||||||
|
|
||||||
|
-type token() :: #{
|
||||||
|
id => id()
|
||||||
}.
|
}.
|
||||||
|
|
||||||
-type auth_scope() :: #{
|
-type auth_scope() :: #{
|
||||||
@ -112,11 +117,13 @@ add_auth(Params, ContextFragment = #bctx_v1_ContextFragment{auth = undefined}) -
|
|||||||
Method = get_param(method, Params),
|
Method = get_param(method, Params),
|
||||||
Scope = maybe_get_param(scope, Params),
|
Scope = maybe_get_param(scope, Params),
|
||||||
Expiration = maybe_get_param(expiration, Params),
|
Expiration = maybe_get_param(expiration, Params),
|
||||||
|
Token = maybe_get_param(token, Params),
|
||||||
ContextFragment#bctx_v1_ContextFragment{
|
ContextFragment#bctx_v1_ContextFragment{
|
||||||
auth = #bctx_v1_Auth{
|
auth = #bctx_v1_Auth{
|
||||||
method = Method,
|
method = Method,
|
||||||
scope = maybe_marshal_auth_scopes(Scope),
|
scope = maybe_marshal_auth_scopes(Scope),
|
||||||
expiration = Expiration
|
expiration = Expiration,
|
||||||
|
token = maybe(Token, fun marshal_token/1)
|
||||||
}
|
}
|
||||||
}.
|
}.
|
||||||
|
|
||||||
@ -182,6 +189,11 @@ convert_fragment(
|
|||||||
get_param(Key, Map = #{}) ->
|
get_param(Key, Map = #{}) ->
|
||||||
maps:get(Key, Map).
|
maps:get(Key, Map).
|
||||||
|
|
||||||
|
maybe(undefined, _Fun) ->
|
||||||
|
undefined;
|
||||||
|
maybe(V, Fun) ->
|
||||||
|
Fun(V).
|
||||||
|
|
||||||
maybe_get_param(_Key, undefined) ->
|
maybe_get_param(_Key, undefined) ->
|
||||||
undefined;
|
undefined;
|
||||||
maybe_get_param(Key, Map) ->
|
maybe_get_param(Key, Map) ->
|
||||||
@ -207,6 +219,9 @@ maybe_marshal_entity(Entity) ->
|
|||||||
EntityID = maybe_get_param(id, Entity),
|
EntityID = maybe_get_param(id, Entity),
|
||||||
#bctx_v1_Entity{id = EntityID}.
|
#bctx_v1_Entity{id = EntityID}.
|
||||||
|
|
||||||
|
marshal_token(Token) ->
|
||||||
|
#bctx_v1_Token{id = maybe_get_param(id, Token)}.
|
||||||
|
|
||||||
maybe_marshal_auth_scopes(undefined) ->
|
maybe_marshal_auth_scopes(undefined) ->
|
||||||
undefined;
|
undefined;
|
||||||
maybe_marshal_auth_scopes(Scopes) ->
|
maybe_marshal_auth_scopes(Scopes) ->
|
||||||
|
@ -102,8 +102,7 @@ empty_judge(C) ->
|
|||||||
[
|
[
|
||||||
{bouncer, fun('Judge', _) ->
|
{bouncer, fun('Judge', _) ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}}
|
}}
|
||||||
end}
|
end}
|
||||||
],
|
],
|
||||||
@ -124,13 +123,11 @@ validate_user_fragment(C) ->
|
|||||||
user = #bctx_v1_User{id = UserID, realm = #bctx_v1_Entity{id = UserRealm}}
|
user = #bctx_v1_User{id = UserID, realm = #bctx_v1_Entity{id = UserRealm}}
|
||||||
} ->
|
} ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
}};
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end}
|
end}
|
||||||
@ -160,13 +157,11 @@ validate_env_fragment(C) ->
|
|||||||
case get_time(Fragments) of
|
case get_time(Fragments) of
|
||||||
Time ->
|
Time ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
}};
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end}
|
end}
|
||||||
@ -183,21 +178,23 @@ validate_env_fragment(C) ->
|
|||||||
-spec validate_auth_fragment(config()) -> _.
|
-spec validate_auth_fragment(config()) -> _.
|
||||||
validate_auth_fragment(C) ->
|
validate_auth_fragment(C) ->
|
||||||
Method = <<"someMethod">>,
|
Method = <<"someMethod">>,
|
||||||
|
TokenID = <<"📟"/utf8>>,
|
||||||
mock_services(
|
mock_services(
|
||||||
[
|
[
|
||||||
{bouncer, fun('Judge', {_RulesetID, Fragments}) ->
|
{bouncer, fun('Judge', {_RulesetID, Fragments}) ->
|
||||||
case get_auth_method(Fragments) of
|
Auth = get_fragment(<<"auth">>, Fragments),
|
||||||
Method ->
|
?assertEqual(
|
||||||
|
#bctx_v1_ContextFragment{
|
||||||
|
auth = #bctx_v1_Auth{
|
||||||
|
method = Method,
|
||||||
|
token = #bctx_v1_Token{id = TokenID}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
Auth
|
||||||
|
),
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
|
||||||
_ ->
|
|
||||||
{ok, #bdcs_Judgement{
|
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
|
||||||
end}
|
end}
|
||||||
],
|
],
|
||||||
C
|
C
|
||||||
@ -205,7 +202,14 @@ validate_auth_fragment(C) ->
|
|||||||
WoodyContext = woody_context:new(),
|
WoodyContext = woody_context:new(),
|
||||||
allowed = bouncer_client:judge(
|
allowed = bouncer_client:judge(
|
||||||
?RULESET_ID,
|
?RULESET_ID,
|
||||||
#{fragments => #{<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{method => Method})}},
|
#{
|
||||||
|
fragments => #{
|
||||||
|
<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{
|
||||||
|
method => Method,
|
||||||
|
token => #{id => TokenID}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
},
|
||||||
WoodyContext
|
WoodyContext
|
||||||
).
|
).
|
||||||
|
|
||||||
@ -235,8 +239,7 @@ validate_auth_fragment_scope(C) ->
|
|||||||
Auth
|
Auth
|
||||||
),
|
),
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}}
|
}}
|
||||||
end}
|
end}
|
||||||
],
|
],
|
||||||
@ -271,20 +274,17 @@ validate_requester_fragment(C) ->
|
|||||||
case get_ip(Fragments) of
|
case get_ip(Fragments) of
|
||||||
undefined ->
|
undefined ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}};
|
}};
|
||||||
BinaryIP ->
|
BinaryIP ->
|
||||||
case binary_to_list(BinaryIP) of
|
case binary_to_list(BinaryIP) of
|
||||||
IP ->
|
IP ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
}};
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -313,19 +313,16 @@ validate_complex_fragment(C) ->
|
|||||||
user = #bctx_v1_User{}
|
user = #bctx_v1_User{}
|
||||||
} ->
|
} ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
}};
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end}
|
end}
|
||||||
@ -366,13 +363,11 @@ validate_remote_user_fragment(C) ->
|
|||||||
case get_user_id(Fragments) of
|
case get_user_id(Fragments) of
|
||||||
UserID ->
|
UserID ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||||
resolution_legacy = allowed
|
|
||||||
}};
|
}};
|
||||||
_ ->
|
_ ->
|
||||||
{ok, #bdcs_Judgement{
|
{ok, #bdcs_Judgement{
|
||||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||||
resolution_legacy = forbidden
|
|
||||||
}}
|
}}
|
||||||
end
|
end
|
||||||
end}
|
end}
|
||||||
@ -391,12 +386,6 @@ get_ip(#bdcs_Context{
|
|||||||
#bctx_v1_ContextFragment{requester = #bctx_v1_Requester{ip = IP}} = decode_fragment(Fragment),
|
#bctx_v1_ContextFragment{requester = #bctx_v1_Requester{ip = IP}} = decode_fragment(Fragment),
|
||||||
IP.
|
IP.
|
||||||
|
|
||||||
get_auth_method(#bdcs_Context{
|
|
||||||
fragments = #{<<"auth">> := Fragment}
|
|
||||||
}) ->
|
|
||||||
#bctx_v1_ContextFragment{auth = #bctx_v1_Auth{method = Method}} = decode_fragment(Fragment),
|
|
||||||
Method.
|
|
||||||
|
|
||||||
get_time(#bdcs_Context{
|
get_time(#bdcs_Context{
|
||||||
fragments = #{<<"env">> := Fragment}
|
fragments = #{<<"env">> := Fragment}
|
||||||
}) ->
|
}) ->
|
||||||
|
Loading…
Reference in New Issue
Block a user