@@ -21,6 +21,7 @@ import (
2121 "golang.org/x/oauth2"
2222
2323 "github.com/coder/coder/v2/coderd/database"
24+ "github.com/coder/coder/v2/coderd/database/dbauthz"
2425 "github.com/coder/coder/v2/coderd/database/dbgen"
2526 "github.com/coder/coder/v2/coderd/database/dbmem"
2627 "github.com/coder/coder/v2/coderd/database/dbtime"
@@ -41,6 +42,37 @@ func randomAPIKeyParts() (id string, secret string) {
4142func TestAPIKey (t * testing.T ) {
4243 t .Parallel ()
4344
45+ // assertActorOk asserts all the properties of the user auth are ok.
46+ assertActorOk := func (t * testing.T , r * http.Request ) {
47+ t .Helper ()
48+
49+ actor , ok := dbauthz .ActorFromContext (r .Context ())
50+ assert .True (t , ok , "dbauthz actor ok" )
51+ if ok {
52+ _ , err := actor .Roles .Expand ()
53+ assert .NoError (t , err , "actor roles ok" )
54+
55+ _ , err = actor .Scope .Expand ()
56+ assert .NoError (t , err , "actor scope ok" )
57+
58+ err = actor .RegoValueOk ()
59+ assert .NoError (t , err , "actor rego ok" )
60+ }
61+
62+ auth , ok := httpmw .UserAuthorizationOptional (r )
63+ assert .True (t , ok , "httpmw auth ok" )
64+ if ok {
65+ _ , err := auth .Roles .Expand ()
66+ assert .NoError (t , err , "auth roles ok" )
67+
68+ _ , err = auth .Scope .Expand ()
69+ assert .NoError (t , err , "auth scope ok" )
70+
71+ err = auth .RegoValueOk ()
72+ assert .NoError (t , err , "auth rego ok" )
73+ }
74+ }
75+
4476 successHandler := http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
4577 // Only called if the API key passes through the handler.
4678 httpapi .Write (context .Background (), rw , http .StatusOK , codersdk.Response {
@@ -259,6 +291,7 @@ func TestAPIKey(t *testing.T) {
259291 })(http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
260292 // Checks that it exists on the context!
261293 _ = httpmw .APIKey (r )
294+ assertActorOk (t , r )
262295 httpapi .Write (r .Context (), rw , http .StatusOK , codersdk.Response {
263296 Message : "It worked!" ,
264297 })
@@ -299,6 +332,7 @@ func TestAPIKey(t *testing.T) {
299332 // Checks that it exists on the context!
300333 apiKey := httpmw .APIKey (r )
301334 assert .Equal (t , database .APIKeyScopeApplicationConnect , apiKey .Scope )
335+ assertActorOk (t , r )
302336
303337 httpapi .Write (r .Context (), rw , http .StatusOK , codersdk.Response {
304338 Message : "it worked!" ,
@@ -333,6 +367,8 @@ func TestAPIKey(t *testing.T) {
333367 })(http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
334368 // Checks that it exists on the context!
335369 _ = httpmw .APIKey (r )
370+ assertActorOk (t , r )
371+
336372 httpapi .Write (r .Context (), rw , http .StatusOK , codersdk.Response {
337373 Message : "It worked!" ,
338374 })
@@ -705,9 +741,10 @@ func TestAPIKey(t *testing.T) {
705741 DB : db ,
706742 RedirectToLogin : false ,
707743 })(http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
708- // Checks that it exists on the context!
709- _ = httpmw . APIKey ( r )
744+ assertActorOk ( t , r )
745+
710746 auth := httpmw .UserAuthorization (r )
747+
711748 roles , err := auth .Roles .Expand ()
712749 assert .NoError (t , err , "expand user roles" )
713750 // Assert built in org role
@@ -763,9 +800,9 @@ func TestAPIKey(t *testing.T) {
763800 DB : db ,
764801 RedirectToLogin : false ,
765802 })(http .HandlerFunc (func (rw http.ResponseWriter , r * http.Request ) {
766- // Checks that it exists on the context!
767- _ = httpmw .APIKey (r )
803+ assertActorOk (t , r )
768804 auth := httpmw .UserAuthorization (r )
805+
769806 roles , err := auth .Roles .Expand ()
770807 assert .NoError (t , err , "expand user roles" )
771808 // Assert built in org role
0 commit comments