mirror of
https://github.com/valitydev/bouncer-client-erlang.git
synced 2024-11-06 00:25:18 +00:00
Support auth token context (#7)
* Bump to rbkmoney/bouncer-proto@20f3ecd * Drop legacy resolutions from tests also.
This commit is contained in:
Andrew Mayorov
GitHub
parent
921f52f2d0
commit
f01fc16219
@ -2,7 +2,7 @@
|
||||
[{<<"bear">>,{pkg,<<"bear">>,<<"0.8.7">>},3},
|
||||
{<<"bouncer_proto">>,
|
||||
{git,"git@github.com:rbkmoney/bouncer-proto.git",
|
||||
{ref,"542d8c74c54c0f2a085fa27c527c73350450a502"}},
|
||||
{ref,"20f3ecd77412f1d317ba41c0ef1c5fb3cdbbde11"}},
|
||||
0},
|
||||
{<<"cache">>,{pkg,<<"cache">>,<<"2.2.0">>},1},
|
||||
{<<"certifi">>,{pkg,<<"certifi">>,<<"2.5.1">>},2},
|
||||
|
||||
@ -39,7 +39,12 @@
|
||||
-type auth_params() :: #{
|
||||
method := method(),
|
||||
scope => [auth_scope()],
|
||||
expiration => timestamp()
|
||||
expiration => timestamp(),
|
||||
token => token()
|
||||
}.
|
||||
|
||||
-type token() :: #{
|
||||
id => id()
|
||||
}.
|
||||
|
||||
-type auth_scope() :: #{
|
||||
@ -112,11 +117,13 @@ add_auth(Params, ContextFragment = #bctx_v1_ContextFragment{auth = undefined}) -
|
||||
Method = get_param(method, Params),
|
||||
Scope = maybe_get_param(scope, Params),
|
||||
Expiration = maybe_get_param(expiration, Params),
|
||||
Token = maybe_get_param(token, Params),
|
||||
ContextFragment#bctx_v1_ContextFragment{
|
||||
auth = #bctx_v1_Auth{
|
||||
method = Method,
|
||||
scope = maybe_marshal_auth_scopes(Scope),
|
||||
expiration = Expiration
|
||||
expiration = Expiration,
|
||||
token = maybe(Token, fun marshal_token/1)
|
||||
}
|
||||
}.
|
||||
|
||||
@ -182,6 +189,11 @@ convert_fragment(
|
||||
get_param(Key, Map = #{}) ->
|
||||
maps:get(Key, Map).
|
||||
|
||||
maybe(undefined, _Fun) ->
|
||||
undefined;
|
||||
maybe(V, Fun) ->
|
||||
Fun(V).
|
||||
|
||||
maybe_get_param(_Key, undefined) ->
|
||||
undefined;
|
||||
maybe_get_param(Key, Map) ->
|
||||
@ -207,6 +219,9 @@ maybe_marshal_entity(Entity) ->
|
||||
EntityID = maybe_get_param(id, Entity),
|
||||
#bctx_v1_Entity{id = EntityID}.
|
||||
|
||||
marshal_token(Token) ->
|
||||
#bctx_v1_Token{id = maybe_get_param(id, Token)}.
|
||||
|
||||
maybe_marshal_auth_scopes(undefined) ->
|
||||
undefined;
|
||||
maybe_marshal_auth_scopes(Scopes) ->
|
||||
|
||||
@ -102,8 +102,7 @@ empty_judge(C) ->
|
||||
[
|
||||
{bouncer, fun('Judge', _) ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}}
|
||||
end}
|
||||
],
|
||||
@ -124,13 +123,11 @@ validate_user_fragment(C) ->
|
||||
user = #bctx_v1_User{id = UserID, realm = #bctx_v1_Entity{id = UserRealm}}
|
||||
} ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end
|
||||
end}
|
||||
@ -160,13 +157,11 @@ validate_env_fragment(C) ->
|
||||
case get_time(Fragments) of
|
||||
Time ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end
|
||||
end}
|
||||
@ -183,21 +178,23 @@ validate_env_fragment(C) ->
|
||||
-spec validate_auth_fragment(config()) -> _.
|
||||
validate_auth_fragment(C) ->
|
||||
Method = <<"someMethod">>,
|
||||
TokenID = <<"📟"/utf8>>,
|
||||
mock_services(
|
||||
[
|
||||
{bouncer, fun('Judge', {_RulesetID, Fragments}) ->
|
||||
case get_auth_method(Fragments) of
|
||||
Method ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
}}
|
||||
end
|
||||
Auth = get_fragment(<<"auth">>, Fragments),
|
||||
?assertEqual(
|
||||
#bctx_v1_ContextFragment{
|
||||
auth = #bctx_v1_Auth{
|
||||
method = Method,
|
||||
token = #bctx_v1_Token{id = TokenID}
|
||||
}
|
||||
},
|
||||
Auth
|
||||
),
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}}
|
||||
end}
|
||||
],
|
||||
C
|
||||
@ -205,7 +202,14 @@ validate_auth_fragment(C) ->
|
||||
WoodyContext = woody_context:new(),
|
||||
allowed = bouncer_client:judge(
|
||||
?RULESET_ID,
|
||||
#{fragments => #{<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{method => Method})}},
|
||||
#{
|
||||
fragments => #{
|
||||
<<"auth">> => bouncer_context_helpers:make_auth_fragment(#{
|
||||
method => Method,
|
||||
token => #{id => TokenID}
|
||||
})
|
||||
}
|
||||
},
|
||||
WoodyContext
|
||||
).
|
||||
|
||||
@ -235,8 +239,7 @@ validate_auth_fragment_scope(C) ->
|
||||
Auth
|
||||
),
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}}
|
||||
end}
|
||||
],
|
||||
@ -271,20 +274,17 @@ validate_requester_fragment(C) ->
|
||||
case get_ip(Fragments) of
|
||||
undefined ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}};
|
||||
BinaryIP ->
|
||||
case binary_to_list(BinaryIP) of
|
||||
IP ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end
|
||||
end
|
||||
@ -313,19 +313,16 @@ validate_complex_fragment(C) ->
|
||||
user = #bctx_v1_User{}
|
||||
} ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end;
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end
|
||||
end}
|
||||
@ -366,13 +363,11 @@ validate_remote_user_fragment(C) ->
|
||||
case get_user_id(Fragments) of
|
||||
UserID ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}},
|
||||
resolution_legacy = allowed
|
||||
resolution = {allowed, #bdcs_ResolutionAllowed{}}
|
||||
}};
|
||||
_ ->
|
||||
{ok, #bdcs_Judgement{
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}},
|
||||
resolution_legacy = forbidden
|
||||
resolution = {forbidden, #bdcs_ResolutionForbidden{}}
|
||||
}}
|
||||
end
|
||||
end}
|
||||
@ -391,12 +386,6 @@ get_ip(#bdcs_Context{
|
||||
#bctx_v1_ContextFragment{requester = #bctx_v1_Requester{ip = IP}} = decode_fragment(Fragment),
|
||||
IP.
|
||||
|
||||
get_auth_method(#bdcs_Context{
|
||||
fragments = #{<<"auth">> := Fragment}
|
||||
}) ->
|
||||
#bctx_v1_ContextFragment{auth = #bctx_v1_Auth{method = Method}} = decode_fragment(Fragment),
|
||||
Method.
|
||||
|
||||
get_time(#bdcs_Context{
|
||||
fragments = #{<<"env">> := Fragment}
|
||||
}) ->
|
||||
|
||||
Loading…
Reference in New Issue
Block a user