Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-04 21:35:23 +02:00
Code Issues Releases Activity

feat(auth): save jwt in cookie [EE-5864] (#10527)

Browse source
This commit is contained in:
Chaim Lev-Ari 2023-11-20 09:35:03 +02:00 committed by GitHub
parent ecce501cf3
commit 436da01bce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
51 changed files with 679 additions and 312 deletions
Download patch file Download diff file Expand all files Collapse all files

13
api/http/handler/teams/team_list_test.go
View file

@ -13,6 +13,7 @@ import (
"github.com/portainer/portainer/api/datastore"
"github.com/portainer/portainer/api/http/security"
"github.com/portainer/portainer/api/internal/authorization"
"github.com/portainer/portainer/api/internal/testhelpers"
"github.com/portainer/portainer/api/jwt"
"github.com/segmentio/encoding/json"
@ -39,7 +40,7 @@ func Test_teamList(t *testing.T) {
h.DataStore = store
// generate admin user tokens
adminJWT, _ := jwtService.GenerateToken(&portainer.TokenData{ID: adminUser.ID, Username: adminUser.Username, Role: adminUser.Role})
adminJWT, _, _ := jwtService.GenerateToken(&portainer.TokenData{ID: adminUser.ID, Username: adminUser.Username, Role: adminUser.Role})
// Case 1: the team is given the endpoint access directly
// create teams
@ -77,11 +78,11 @@ func Test_teamList(t *testing.T) {
err = store.Endpoint().Create(endpointWithTeamAccessPolicy)
is.NoError(err, "error creating endpoint")
jwt, _ := jwtService.GenerateToken(&portainer.TokenData{ID: userWithEndpointAccessByTeam.ID, Username: userWithEndpointAccessByTeam.Username, Role: userWithEndpointAccessByTeam.Role})
jwt, _, _ := jwtService.GenerateToken(&portainer.TokenData{ID: userWithEndpointAccessByTeam.ID, Username: userWithEndpointAccessByTeam.Username, Role: userWithEndpointAccessByTeam.Role})
t.Run("admin user can successfully list all teams", func(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/teams", nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", adminJWT))
testhelpers.AddTestSecurityCookie(req, adminJWT)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)
@ -102,7 +103,7 @@ func Test_teamList(t *testing.T) {
params := url.Values{}
params.Add("environmentId", fmt.Sprintf("%d", endpointWithTeamAccessPolicy.ID))
req := httptest.NewRequest(http.MethodGet, "/teams?"+params.Encode(), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", adminJWT))
testhelpers.AddTestSecurityCookie(req, adminJWT)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)
@ -124,7 +125,7 @@ func Test_teamList(t *testing.T) {
t.Run("standard user only can list team where he belongs to", func(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "/teams", nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", jwt))
testhelpers.AddTestSecurityCookie(req, jwt)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)
@ -168,7 +169,7 @@ func Test_teamList(t *testing.T) {
params := url.Values{}
params.Add("environmentId", fmt.Sprintf("%d", endpointUnderGroupWithTeam.ID))
req := httptest.NewRequest(http.MethodGet, "/teams?"+params.Encode(), nil)
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", adminJWT))
testhelpers.AddTestSecurityCookie(req, adminJWT)
rr := httptest.NewRecorder()
h.ServeHTTP(rr, req)