diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-16 10:53:11 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-16 10:53:11 -0600 |
| commit | fb05a439113daf8750be6df025f9676221d8e228 (patch) | |
| tree | 5d9e0e02327fd17b170f7c4d6916c3904a3a0745 | |
| parent | 81c6991616ef0f9cd4134d398c5b7cee2c6665de (diff) | |
chore: add tests for authenticated sparkle endpoints
| -rw-r--r-- | tests/authorization/spice/authorizer_test.rs | 103 | ||||
| -rw-r--r-- | tests/support/mod.rs | 2 |
2 files changed, 94 insertions, 11 deletions
diff --git a/tests/authorization/spice/authorizer_test.rs b/tests/authorization/spice/authorizer_test.rs index b295b64b..e25008e4 100644 --- a/tests/authorization/spice/authorizer_test.rs +++ b/tests/authorization/spice/authorizer_test.rs @@ -1,18 +1,99 @@ #[cfg(test)] mod tests { - use crate::support::factory_bot::*; + use crate::support::*; use authzd::Authorizer; + use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest; + + fn subject() -> authzd::authorization::spice::Authorizer { + common::setup(); + authzd::authorization::spice::Authorizer::new() + } #[test] - fn test_example() { - let authorizer = authzd::authorization::spice::Authorizer::new(); - let request = build_request( - |item: &mut envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest| { - item.method = "GET".to_string(); - item.path = "/".to_string(); - }, - ); - - assert!(authorizer.authorize(request)) + fn test_unauthenticated_sparkle_endpoints() { + let hosts = vec![ + "localhost:10000", + "sparkle.runway.gitlab.net", + "sparkle.staging.runway.gitlab.net", + ]; + + let routes = vec![ + ("GET", "/", true), + ("GET", "/callback", true), + ("GET", "/dashboard/nav", true), + ("GET", "/signout", false), + ("GET", "/sparkles", true), + ("POST", "/sparkles/restore", true), + ("GET", "/dashboard", false), + ("POST", "/sparkles", false), + ]; + + let authorizer = subject(); + for host in hosts { + for (method, path, expected) in &routes { + let request = build_request(|item: &mut HttpRequest| { + item.method = method.to_string(); + item.path = path.to_string(); + item.host = host.to_string(); + item.headers = build_headers(vec![ + (String::from(":path"), path.to_string()), + (String::from(":method"), method.to_string()), + (String::from(":authority"), host.to_string()), + ]); + }); + + assert_eq!( + authorizer.authorize(request), + *expected, + "{} {}", + method, + path + ); + } + } + } + + #[test] + fn test_authenticated_sparkle_endpoints() { + let hosts = vec![ + "localhost:10000", + "sparkle.runway.gitlab.net", + "sparkle.staging.runway.gitlab.net", + ]; + + let routes = vec![ + ("GET", "/", true), + ("GET", "/callback", true), + ("GET", "/dashboard/nav", true), + ("GET", "/signout", true), + ("GET", "/sparkles", true), + ("GET", "/dashboard", true), + ("POST", "/sparkles", true), + ]; + + let authorizer = subject(); + for host in hosts { + for (method, path, expected) in &routes { + let request = build_request(|item: &mut HttpRequest| { + item.method = method.to_string(); + item.path = path.to_string(); + item.host = host.to_string(); + item.headers = build_headers(vec![ + (String::from(":path"), path.to_string()), + (String::from(":method"), method.to_string()), + (String::from(":authority"), host.to_string()), + (String::from("x-jwt-claim-sub"), "1675940".to_string()), + ]); + }); + + assert_eq!( + authorizer.authorize(request), + *expected, + "{} {}", + method, + path + ); + } + } } } diff --git a/tests/support/mod.rs b/tests/support/mod.rs index c46f39e5..1842756a 100644 --- a/tests/support/mod.rs +++ b/tests/support/mod.rs @@ -1,2 +1,4 @@ pub mod common; pub mod factory_bot; + +pub use factory_bot::*; |