Skip to content

chore: refactor user -> rbac.subject into a function #13624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 21, 2024
Merged

chore: refactor user -> rbac.subject into a function #13624

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
743c19e
test: implement test to assert deleted custom roles are omitted
Emyrk Jun 21, 2024
b8fa251
Add comments and more assertions
Emyrk Jun 21, 2024
0213df9
fixup test
Emyrk Jun 21, 2024
9466f74
chore: refactor user subject logic to be in 1 place
Emyrk Jun 21, 2024
cb7d004
add unit test for deleted role
Emyrk Jun 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
add unit test for deleted role
  • Loading branch information
@Emyrk
Emyrk committed Jun 21, 2024
commit cb7d004b08a7b1ad8db788bca319eac2e94307eb
57 changes: 52 additions & 5 deletions enterprise/coderd/userauth_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"github.com/coder/coder/v2/coderd/coderdtest/oidctest"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/dbauthz"
"github.com/coder/coder/v2/coderd/database/dbtestutil"
"github.com/coder/coder/v2/coderd/rbac"
"github.com/coder/coder/v2/coderd/util/slice"
"github.com/coder/coder/v2/codersdk"
Expand Down Expand Up @@ -683,7 +684,10 @@ func TestGroupSync(t *testing.T) {
}
}

func TestUserLogin(t *testing.T) {
func TestEnterpriseUserLogin(t *testing.T) {
t.Parallel()

// Login to a user with a custom organization role set.
t.Run("CustomRole", func(t *testing.T) {
t.Parallel()
dv := coderdtest.DeploymentValues(t)
Expand Down Expand Up @@ -714,15 +718,58 @@ func TestUserLogin(t *testing.T) {
OrganizationID: owner.OrganizationID,
},
}, func(r *codersdk.CreateUserRequest) {
r.Password = ""
r.UserLoginType = codersdk.LoginTypeNone
r.Password = "SomeSecurePassword!"
r.UserLoginType = codersdk.LoginTypePassword
})

_, err = anotherClient.LoginWithPassword(ctx, codersdk.LoginWithPasswordRequest{
Email: anotherUser.Email,
Password: "SomeSecurePassword!",
})
require.NoError(t, err)
})

// Login to a user with a custom organization role that no longer exists
t.Run("DeletedRole", func(t *testing.T) {
t.Parallel()

// The dbauthz layer protects against deleted roles. So use the underlying
// database directly to corrupt it.
rawDB, pubsub := dbtestutil.NewDB(t)

dv := coderdtest.DeploymentValues(t)
dv.Experiments = []string{string(codersdk.ExperimentCustomRoles)}
ownerClient, owner := coderdenttest.New(t, &coderdenttest.Options{
Options: &coderdtest.Options{
DeploymentValues: dv,
Database: rawDB,
Pubsub: pubsub,
},
LicenseOptions: &coderdenttest.LicenseOptions{
Features: license.Features{
codersdk.FeatureCustomRoles: 1,
},
},
})

anotherClient, anotherUser := coderdtest.CreateAnotherUserMutators(t, ownerClient, owner.OrganizationID, nil, func(r *codersdk.CreateUserRequest) {
r.Password = "SomeSecurePassword!"
r.UserLoginType = codersdk.LoginTypePassword
})

ctx := testutil.Context(t, testutil.WaitShort)
_, err := rawDB.UpdateMemberRoles(ctx, database.UpdateMemberRolesParams{
GrantedRoles: []string{"not-exists"},
UserID: anotherUser.ID,
OrgID: owner.OrganizationID,
})
require.NoError(t, err, "assign not-exists role")

_, err = anotherClient.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
_, err = anotherClient.LoginWithPassword(ctx, codersdk.LoginWithPasswordRequest{
Email: anotherUser.Email,
Password: "SomeSecurePassword!",
})
require.Error(t, err)
require.NoError(t, err)
})
}

Expand Down
Loading