[UNSTABLE] 1 failing test related to RMQ authn
parent
805a77c1aa
commit
38c98b8eee
|
@ -27,7 +27,6 @@ module Api
|
|||
PUBLIC_CHANNELS = ["", ".\\*", ".\\#"].map { |x| "public_broadcast" + x }
|
||||
|
||||
MALFORMED_TOPIC = "malformed topic. Must match #{TOPIC_REGEX.inspect}"
|
||||
ALL = [:user, :vhost, :resource, :topic]
|
||||
VHOST = ENV.fetch("MQTT_VHOST") { "/" }
|
||||
RESOURCES = ["queue", "exchange"]
|
||||
PERMISSIONS = ["configure", "read", "write"]
|
||||
|
|
|
@ -16,7 +16,9 @@ describe Api::RmqUtilsController do
|
|||
end
|
||||
|
||||
it "allows admins to do anything" do
|
||||
Api::RmqUtilsController::ALL.map do |action|
|
||||
all = \
|
||||
[:user_action, :vhost_action, :resource_action, :topic_action]
|
||||
all.map do |action|
|
||||
post action, params: { username: "admin",
|
||||
password: ENV.fetch("ADMIN_PASSWORD") }
|
||||
expect(response.status).to eq(200)
|
||||
|
@ -26,20 +28,20 @@ describe Api::RmqUtilsController do
|
|||
|
||||
it "allows access to ones own topic" do
|
||||
p = credentials.merge(routing_key: "bot.#{credentials[:username]}.logs")
|
||||
post :topic, params: p
|
||||
post :topic_action, params: p
|
||||
expect(response.body).to include("allow")
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "denies invalid topics" do
|
||||
post :topic, params: credentials.merge(routing_key: "*")
|
||||
post :topic_action, params: credentials.merge(routing_key: "*")
|
||||
expect(response.body).to include("malformed topic")
|
||||
expect(response.status).to eq(422)
|
||||
end
|
||||
|
||||
it "denies viewing other people's topics" do
|
||||
p = credentials.merge(routing_key: "bot.device_0.from_device")
|
||||
post :topic, params: p
|
||||
post :topic_action, params: p
|
||||
expect(response.body).to include("deny")
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
@ -48,7 +50,7 @@ describe Api::RmqUtilsController do
|
|||
no_no_no = \
|
||||
{ username: "guest", # RabbitMQ Default user.
|
||||
password: "guest" } # RabbitMQ Default user.
|
||||
post :user, params: no_no_no
|
||||
post :user_action, params: no_no_no
|
||||
expect(response.body).to include("deny")
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
@ -56,7 +58,7 @@ describe Api::RmqUtilsController do
|
|||
it "`allow`s admin users when ADMIN_PASSWORD is provided" do
|
||||
admin_params = { username: "admin",
|
||||
password: ENV.fetch("ADMIN_PASSWORD") }
|
||||
post :user, params: admin_params
|
||||
post :user_action, params: admin_params
|
||||
expect(response.body).to include("allow")
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
@ -64,47 +66,47 @@ describe Api::RmqUtilsController do
|
|||
it "denies admin users when ADMIN_PASSWORD is wrong" do
|
||||
admin_params = { username: "admin",
|
||||
password: ENV.fetch("ADMIN_PASSWORD").reverse + "X" }
|
||||
post :user, params: admin_params
|
||||
post :user_action, params: admin_params
|
||||
expect(response.body).to include("deny")
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
it "`allow`s end users and farmbots when JWT is provided" do
|
||||
post :user, params: credentials
|
||||
post :user_action, params: credentials
|
||||
expect(response.body).to include("allow")
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "`deny`s end users and farmbots when JWT is provided" do
|
||||
credentials[:password] = credentials[:password].reverse + "X"
|
||||
post :user, params: credentials
|
||||
post :user_action, params: credentials
|
||||
expect(response.status).to eq(401)
|
||||
expect(json[:error]).to include("failed to authenticate")
|
||||
end
|
||||
|
||||
it "`deny`s users who try spoofing usernames" do
|
||||
credentials[:username] = "device_0"
|
||||
post :user, params: credentials
|
||||
post :user_action, params: credentials
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.body).to include("deny")
|
||||
end
|
||||
|
||||
it "validates vHost" do
|
||||
vhost = Api::RmqUtilsController::VHOST
|
||||
post :vhost, params: credentials.merge(vhost: vhost)
|
||||
post :vhost_action, params: credentials.merge(vhost: vhost)
|
||||
expect(response.status).to eq(200)
|
||||
expect(response.body).to include("allow")
|
||||
end
|
||||
|
||||
it "invalidates vHost" do
|
||||
vhost = Api::RmqUtilsController::VHOST + "NO"
|
||||
post :vhost, params: credentials.merge(vhost: vhost)
|
||||
post :vhost_action, params: credentials.merge(vhost: vhost)
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.body).to include("deny")
|
||||
end
|
||||
|
||||
it "allows RMQ resource usage" do
|
||||
post :resource, params: credentials.merge({
|
||||
post :resource_action, params: credentials.merge({
|
||||
resource: Api::RmqUtilsController::RESOURCES.sample,
|
||||
permission: Api::RmqUtilsController::PERMISSIONS.sample,
|
||||
})
|
||||
|
@ -113,7 +115,7 @@ describe Api::RmqUtilsController do
|
|||
end
|
||||
|
||||
it "denies RMQ resource usage" do
|
||||
post :resource, params: credentials.merge({ resource: "something_else",
|
||||
post :resource_action, params: credentials.merge({ resource: "something_else",
|
||||
permission: "something_else" })
|
||||
expect(response.status).to eq(403)
|
||||
expect(response.body).to include("deny")
|
||||
|
|
Loading…
Reference in New Issue