-
Notifications
You must be signed in to change notification settings - Fork 359
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
37 changed files
with
1,079 additions
and
263 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,8 @@ import akka.event.NoLogging | |
import akka.http.scaladsl.model.StatusCodes._ | ||
import akka.http.scaladsl.model.headers.{Authorization, OAuth2BearerToken, RawHeader} | ||
import akka.http.scaladsl.model.{ContentTypes, HttpEntity, HttpHeader} | ||
import akka.http.scaladsl.server.MissingHeaderRejection | ||
import akka.http.scaladsl.server.Route.seal | ||
import akka.http.scaladsl.server.{AuthorizationFailedRejection, MissingHeaderRejection} | ||
import akka.http.scaladsl.testkit.ScalatestRouteTest | ||
import com.typesafe.config.Config | ||
import common.assertion.CromwellTimeoutSpec | ||
|
@@ -303,12 +304,45 @@ class CromIamApiServiceSpec extends AnyFlatSpec with CromwellTimeoutSpec with Ma | |
} | ||
} | ||
|
||
it should "reject request if it doesn't contain OIDC_CLAIM_user_id in header" in { | ||
it should "reject request if it doesn't contain OIDC_CLAIM_user_id or token" in { | ||
Get(s"/api/workflows/$version/backends") ~> allRoutes ~> check { | ||
rejection shouldEqual MissingHeaderRejection("OIDC_CLAIM_user_id") | ||
} | ||
} | ||
|
||
it should "return 403 when we request with a disabled user" in { | ||
Get( | ||
s"/api/workflows/$version/backends" | ||
).withHeaders( | ||
List(Authorization(OAuth2BearerToken("my-token")), RawHeader("OIDC_CLAIM_user_id", "[email protected]")) | ||
) ~> allRoutes ~> check { | ||
rejection shouldEqual AuthorizationFailedRejection | ||
} | ||
} | ||
|
||
it should "reject request if it contains a token and no OIDC_CLAIM_user_id in header" in { | ||
Get( | ||
s"/api/workflows/$version/backends" | ||
).withHeaders( | ||
List(Authorization(OAuth2BearerToken("my-token"))) | ||
) ~> allRoutes ~> check { | ||
rejection shouldEqual MissingHeaderRejection("OIDC_CLAIM_user_id") | ||
} | ||
} | ||
|
||
it should "return 404 when no auth token provided" in { | ||
Get( | ||
s"/api/workflows/$version/backends" | ||
).withHeaders( | ||
List(RawHeader("OIDC_CLAIM_user_id", "[email protected]")) | ||
// "[An] explicit call on the Route.seal method is needed in test code, but in your application code it is not necessary." | ||
// https://doc.akka.io/docs/akka-http/current/routing-dsl/testkit.html#testing-sealed-routes | ||
// https://doc.akka.io/docs/akka-http/current/routing-dsl/routes.html#sealing-a-route | ||
) ~> seal(allRoutes) ~> check { | ||
responseAs[String] shouldEqual "The requested resource could not be found." | ||
status shouldBe NotFound | ||
} | ||
} | ||
|
||
behavior of "ReleaseHold endpoint" | ||
it should "return 200 for authorized user who has collection associated with root workflow" in { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -141,6 +141,15 @@ class MockSamClient(checkSubmitWhitelist: Boolean = true) | |
FailureResponseOrT.pure(!user.userId.value.equalsIgnoreCase(NotWhitelistedUser)) | ||
} | ||
|
||
override def isUserEnabledSam(user: User, cromIamRequest: HttpRequest): FailureResponseOrT[Boolean] = { | ||
if (user.userId.value == "[email protected]" || user.userId.value == MockSamClient.AuthorizedUserCollectionStr) | ||
FailureResponseOrT.pure(true) | ||
else if (user.userId.value == "[email protected]") | ||
FailureResponseOrT.pure(false) | ||
else | ||
throw new Exception("Misconfigured test") | ||
} | ||
|
||
override def requestAuth(authorizationRequest: CollectionAuthorizationRequest, | ||
cromIamRequest: HttpRequest): FailureResponseOrT[Unit] = { | ||
authorizationRequest.user.userId.value match { | ||
|
Oops, something went wrong.