PART II: Reduce use of "guest" in favor of "demo"
parent
8083f1de9d
commit
c703d912ea
|
@ -3,11 +3,11 @@ module Api
|
|||
skip_before_action :authenticate_user!, only: :create
|
||||
|
||||
# Usually mutations go in seperate files.
|
||||
# In the case of Guest accounts, I want the
|
||||
# In the case of demo accounts, I want the
|
||||
# feature to be easy to delete. If we decide
|
||||
# that things are working fine later on, we
|
||||
# can move this out.
|
||||
class CreateGuest < Mutations::Command
|
||||
class CreateDemo < Mutations::Command
|
||||
required { string :secret }
|
||||
|
||||
def execute
|
||||
|
@ -58,7 +58,7 @@ module Api
|
|||
end
|
||||
|
||||
def create
|
||||
mutate CreateGuest.run(create_params)
|
||||
mutate CreateDemo.run(create_params)
|
||||
end
|
||||
|
||||
private
|
||||
|
|
|
@ -60,7 +60,7 @@ class Transport
|
|||
def send_demo_token_to(user, secret)
|
||||
fbos_version = Api::AbstractController::EXPECTED_VER
|
||||
routing_key =
|
||||
[Api::RmqUtilsController::GUEST_REGISTRY_ROOT, secret].join(".")
|
||||
[Api::RmqUtilsController::DEMO_REGISTRY_ROOT, secret].join(".")
|
||||
payload =
|
||||
SessionToken.as_json(user, "GUEST", fbos_version).to_json
|
||||
raw_amqp_send(payload, routing_key)
|
||||
|
|
|
@ -189,7 +189,7 @@ describe Api::RmqUtilsController do
|
|||
end
|
||||
|
||||
it "allows farmbot_guest users, regardless of password" do
|
||||
p = { username: "farmbot_guest", password: SecureRandom.alphanumeric }
|
||||
p = { username: "farmbot_demo", password: SecureRandom.alphanumeric }
|
||||
post :user_action, params: p
|
||||
expect(response.status).to eq(200)
|
||||
expect(response.body).to eq("allow")
|
||||
|
@ -197,37 +197,37 @@ describe Api::RmqUtilsController do
|
|||
|
||||
it "allows expected farmbot_guest topics" do
|
||||
p = {
|
||||
username: "farmbot_guest",
|
||||
username: "farmbot_demo",
|
||||
permission: "read",
|
||||
routing_key: "guest_registry.d3f91ygdrajxn8jk",
|
||||
routing_key: "demos.d3f91ygdrajxn8jk",
|
||||
}
|
||||
post :topic_action, params: p
|
||||
expect(response.body).to(eq("allow"))
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
sneaky_topics = ["guest_registry",
|
||||
"guest_registry.#",
|
||||
"guest_registry.*",
|
||||
"guest_registry.#.#",
|
||||
"guest_registry.*.*",
|
||||
"guest_registry.#.*",
|
||||
"guest_registry.*.#",
|
||||
"guest_registry.#.d3f91ygdrajxn8jk",
|
||||
"guest_registry.*.d3f91ygdrajxn8jk",
|
||||
"guest_registry.d3f91ygdrajxn8jk.#",
|
||||
"guest_registry.d3f91ygdrajxn8jk.*",
|
||||
"guest_registry.d3f91ygdrajxn8jk.d3f91ygdrajxn8jk",
|
||||
sneaky_topics = ["demos",
|
||||
"demos.#",
|
||||
"demos.*",
|
||||
"demos.#.#",
|
||||
"demos.*.*",
|
||||
"demos.#.*",
|
||||
"demos.*.#",
|
||||
"demos.#.d3f91ygdrajxn8jk",
|
||||
"demos.*.d3f91ygdrajxn8jk",
|
||||
"demos.d3f91ygdrajxn8jk.#",
|
||||
"demos.d3f91ygdrajxn8jk.*",
|
||||
"demos.d3f91ygdrajxn8jk.d3f91ygdrajxn8jk",
|
||||
nil]
|
||||
|
||||
# it "invalidates sneaky guest topic names" do
|
||||
device_8 = "device_#{FactoryBot.create(:device).id}"
|
||||
possible_attackers = [
|
||||
# ["username", "permission"]
|
||||
["farmbot_guest", "read"],
|
||||
["farmbot_guest", "write"],
|
||||
["farmbot_guest", "configure"],
|
||||
["farmbot_guest", nil],
|
||||
["farmbot_demo", "read"],
|
||||
["farmbot_demo", "write"],
|
||||
["farmbot_demo", "configure"],
|
||||
["farmbot_demo", nil],
|
||||
[device_8, "read"],
|
||||
[device_8, "write"],
|
||||
[device_8, "configure"],
|
||||
|
|
Loading…
Reference in New Issue