valitydev/bouncer-client-erlang
14
0
Fork 0
mirror of https://github.com/valitydev/bouncer-client-erlang.git synced 2024-11-06 00:25:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Support auth token context (#7)

Browse Source 
* Bump to rbkmoney/bouncer-proto@20f3ecd
* Drop legacy resolutions from tests also.
This commit is contained in:
Andrew Mayorov 2020-12-30 16:03:09 +03:00 committed by GitHub
parent 921f52f2d0
commit f01fc16219
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 54 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rebar.lock
View File

@ -2,7 +2,7 @@
[{<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},3}, [{<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},3},
{<<"bouncer_proto">>, {<<"bouncer_proto">>,
{git,"git@github.com:rbkmoney/bouncer-proto.git", {git,"git@github.com:rbkmoney/bouncer-proto.git",
{ref,"542d8c74c54c0f2a085fa27c527c73350450a502"}}, {ref,"20f3ecd77412f1d317ba41c0ef1c5fb3cdbbde11"}},
0}, 0},
{<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1}, {<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1},
{<<"certifi">>,{pkg,<<"certifi">>,<<"2.5.1">>},2}, {<<"certifi">>,{pkg,<<"certifi">>,<<"2.5.1">>},2},

19
src/bouncer_context_helpers.erl
View File

@ -39,7 +39,12 @@
-type auth_params() :: #{ -type auth_params() :: #{
method := method(), method := method(),
scope => [auth_scope()], scope => [auth_scope()],
expiration => timestamp() expiration => timestamp(),
token => token()
}.
-type token() :: #{
id => id()
}. }.
-type auth_scope() :: #{ -type auth_scope() :: #{
@ -112,11 +117,13 @@ add_auth(Params, ContextFragment = #bctx_v1_ContextFragment{auth = undefined}) -
Method = get_param(method, Params), Method = get_param(method, Params),
Scope = maybe_get_param(scope, Params), Scope = maybe_get_param(scope, Params),
Expiration = maybe_get_param(expiration, Params), Expiration = maybe_get_param(expiration, Params),
Token = maybe_get_param(token, Params),
ContextFragment#bctx_v1_ContextFragment{ ContextFragment#bctx_v1_ContextFragment{
auth = #bctx_v1_Auth{ auth = #bctx_v1_Auth{
method = Method, method = Method,
scope = maybe_marshal_auth_scopes(Scope), scope = maybe_marshal_auth_scopes(Scope),
expiration = Expiration expiration = Expiration,
token = maybe(Token, fun marshal_token/1)
} }
}. }.
@ -182,6 +189,11 @@ convert_fragment(
get_param(Key, Map = #{}) -> get_param(Key, Map = #{}) ->
maps:get(Key, Map). maps:get(Key, Map).
maybe(undefined, _Fun) ->
undefined;
maybe(V, Fun) ->
Fun(V).
maybe_get_param(_Key, undefined) -> maybe_get_param(_Key, undefined) ->
undefined; undefined;
maybe_get_param(Key, Map) -> maybe_get_param(Key, Map) ->
@ -207,6 +219,9 @@ maybe_marshal_entity(Entity) ->
EntityID = maybe_get_param(id, Entity), EntityID = maybe_get_param(id, Entity),
#bctx_v1_Entity{id = EntityID}. #bctx_v1_Entity{id = EntityID}.
marshal_token(Token) ->
#bctx_v1_Token{id = maybe_get_param(id, Token)}.
maybe_marshal_auth_scopes(undefined) -> maybe_marshal_auth_scopes(undefined) ->
undefined; undefined;
maybe_marshal_auth_scopes(Scopes) -> maybe_marshal_auth_scopes(Scopes) ->

83
test/bouncer_client_SUITE.erl
View File

@ -102,8 +102,7 @@ empty_judge(C) ->
[ [
{bouncer, fun('Judge', _) -> {bouncer, fun('Judge', _) ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}} }}
end} end}
], ],
@ -124,13 +123,11 @@ validate_user_fragment(C) ->
user = #bctx_v1_User{id = UserID, realm = #bctx_v1_Entity{id = UserRealm}} user = #bctx_v1_User{id = UserID, realm = #bctx_v1_Entity{id = UserRealm}}
} -> } ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}}; }};
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end end
end} end}
@ -160,13 +157,11 @@ validate_env_fragment(C) ->
case get_time(Fragments) of case get_time(Fragments) of
Time -> Time ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}}; }};
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end end
end} end}
@ -183,21 +178,23 @@ validate_env_fragment(C) ->
-spec validate_auth_fragment(config()) -> _. -spec validate_auth_fragment(config()) -> _.
validate_auth_fragment(C) -> validate_auth_fragment(C) ->
Method = <<"someMethod">>, Method = <<"someMethod">>,
TokenID = <<"📟"/utf8>>,
mock_services( mock_services(
[ [
{bouncer, fun('Judge', {_RulesetID, Fragments}) -> {bouncer, fun('Judge', {_RulesetID, Fragments}) ->
case get_auth_method(Fragments) of Auth = get_fragment(<<"auth">>, Fragments),
Method -> ?assertEqual(
{ok, #bdcs_Judgement{ #bctx_v1_ContextFragment{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, auth = #bctx_v1_Auth{
resolution_legacy = allowed method = Method,
}}; token = #bctx_v1_Token{id = TokenID}
_ -> }
{ok, #bdcs_Judgement{ },
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, Auth
resolution_legacy = forbidden ),
}} {ok, #bdcs_Judgement{
end resolution = {allowed, #bdcs_ResolutionAllowed{}}
}}
end} end}
], ],
C C
@ -205,7 +202,14 @@ validate_auth_fragment(C) ->
WoodyContext = woody_context:new(), WoodyContext = woody_context:new(),
allowed = bouncer_client:judge( allowed = bouncer_client:judge(
?RULESET_ID, ?RULESET_ID,
#{fragments => #{<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{method => Method})}}, #{
fragments => #{
<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{
method => Method,
token => #{id => TokenID}
})
}
},
WoodyContext WoodyContext
). ).
@ -235,8 +239,7 @@ validate_auth_fragment_scope(C) ->
Auth Auth
), ),
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}} }}
end} end}
], ],
@ -271,20 +274,17 @@ validate_requester_fragment(C) ->
case get_ip(Fragments) of case get_ip(Fragments) of
undefined -> undefined ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}}; }};
BinaryIP -> BinaryIP ->
case binary_to_list(BinaryIP) of case binary_to_list(BinaryIP) of
IP -> IP ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}}; }};
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end end
end end
@ -313,19 +313,16 @@ validate_complex_fragment(C) ->
user = #bctx_v1_User{} user = #bctx_v1_User{}
} -> } ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}}; }};
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end; end;
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end end
end} end}
@ -366,13 +363,11 @@ validate_remote_user_fragment(C) ->
case get_user_id(Fragments) of case get_user_id(Fragments) of
UserID -> UserID ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {allowed, #bdcs_ResolutionAllowed{}}, resolution = {allowed, #bdcs_ResolutionAllowed{}}
resolution_legacy = allowed
}}; }};
_ -> _ ->
{ok, #bdcs_Judgement{ {ok, #bdcs_Judgement{
resolution = {forbidden, #bdcs_ResolutionForbidden{}}, resolution = {forbidden, #bdcs_ResolutionForbidden{}}
resolution_legacy = forbidden
}} }}
end end
end} end}
@ -391,12 +386,6 @@ get_ip(#bdcs_Context{
#bctx_v1_ContextFragment{requester = #bctx_v1_Requester{ip = IP}} = decode_fragment(Fragment), #bctx_v1_ContextFragment{requester = #bctx_v1_Requester{ip = IP}} = decode_fragment(Fragment),
IP. IP.
get_auth_method(#bdcs_Context{
fragments = #{<<"auth">> := Fragment}
}) ->
#bctx_v1_ContextFragment{auth = #bctx_v1_Auth{method = Method}} = decode_fragment(Fragment),
Method.
get_time(#bdcs_Context{ get_time(#bdcs_Context{
fragments = #{<<"env">> := Fragment} fragments = #{<<"env">> := Fragment}
}) -> }) ->