gvsafronov
/
skytable
1
0
Fork 0
Code Pull Requests Activity

Add `auth whoami`

Browse Source
next
Sayan Nandan 3 years ago
parent 81c3479ffb
commit f40c1d00e5
No known key found for this signature in database
GPG Key ID: 8BC07A0A4D41DD52
5 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG.md
Unescape Escape View File

@ -8,6 +8,7 @@ All changes in this project will be noted in this file.
- `INSPECT KEYSPACE` without arguments to inspect the current keyspace - `INSPECT KEYSPACE` without arguments to inspect the current keyspace
- `INSPECT TABLE` without arguments to inspect the current table - `INSPECT TABLE` without arguments to inspect the current table
- `AUTH WHOAMI` returns the AuthID of the currently logged in user
### Fixes ### Fixes

8
actiondoc.yml
Unescape Escape View File

@ -121,6 +121,14 @@ global:
desc: | desc: |
Attempts to return a list of users for the current database instance Attempts to return a list of users for the current database instance
return: [Non-null array] return: [Non-null array]
- name: WHOAMI
complexity: O(1)
accept: [AnyArray]
syntax: [AUTH WHOAMI]
desc: |
Returns a string with the AuthID of the currently logged in user or errors if the user
is not logged in
return: String
keyvalue: keyvalue:
generic: generic:

8
server/src/auth/mod.rs
Unescape Escape View File

@ -55,6 +55,7 @@ const AUTH_ADDUSER: &[u8] = b"adduser";
const AUTH_DELUSER: &[u8] = b"deluser"; const AUTH_DELUSER: &[u8] = b"deluser";
const AUTH_RESTORE: &[u8] = b"restore"; const AUTH_RESTORE: &[u8] = b"restore";
const AUTH_LISTUSER: &[u8] = b"listuser"; const AUTH_LISTUSER: &[u8] = b"listuser";
const AUTH_WHOAMI: &[u8] = b"whoami";
action! { action! {
/// Handle auth. Should have passed the `auth` token /// Handle auth. Should have passed the `auth` token
@ -89,9 +90,15 @@ action! {
} }
AUTH_RESTORE => self::auth_restore(con, auth, &mut iter).await, AUTH_RESTORE => self::auth_restore(con, auth, &mut iter).await,
AUTH_LISTUSER => self::auth_listuser(con, auth, &mut iter).await, AUTH_LISTUSER => self::auth_listuser(con, auth, &mut iter).await,
AUTH_WHOAMI => self::auth_whoami(con, auth, &mut iter).await,
_ => util::err(groups::UNKNOWN_ACTION), _ => util::err(groups::UNKNOWN_ACTION),
} }
} }
fn auth_whoami(con: &mut T, auth: &mut AuthProviderHandle<'_, T, Strm>, iter: &mut ActionIter<'_>) {
ensure_boolean_or_aerr(iter.len() == 0)?;
con.write_response(StringWrapper(auth.provider().whoami()?)).await?;
Ok(())
}
fn auth_listuser(con: &mut T, auth: &mut AuthProviderHandle<'_, T, Strm>, iter: &mut ActionIter<'_>) { fn auth_listuser(con: &mut T, auth: &mut AuthProviderHandle<'_, T, Strm>, iter: &mut ActionIter<'_>) {
ensure_boolean_or_aerr(iter.len() == 0)?; ensure_boolean_or_aerr(iter.len() == 0)?;
let usernames = auth.provider().collect_usernames()?; let usernames = auth.provider().collect_usernames()?;
@ -140,6 +147,7 @@ action! {
AUTH_LOGIN => self::_auth_login(con, auth, &mut iter).await, AUTH_LOGIN => self::_auth_login(con, auth, &mut iter).await,
AUTH_CLAIM => self::_auth_claim(con, auth, &mut iter).await, AUTH_CLAIM => self::_auth_claim(con, auth, &mut iter).await,
AUTH_RESTORE => self::auth_restore(con, auth, &mut iter).await, AUTH_RESTORE => self::auth_restore(con, auth, &mut iter).await,
AUTH_WHOAMI => self::auth_whoami(con, auth, &mut iter).await,
_ => util::err(errors::AUTH_CODE_PERMS), _ => util::err(errors::AUTH_CODE_PERMS),
} }
} }

8
server/src/auth/provider.rs
Unescape Escape View File

@ -248,6 +248,14 @@ impl AuthProvider {
.map(|kv| String::from_utf8_lossy(kv.key()).to_string()) .map(|kv| String::from_utf8_lossy(kv.key()).to_string())
.collect()) .collect())
} }
/// Return the AuthID of the current user
pub fn whoami(&self) -> AuthResult<String> {
self.ensure_enabled()?;
self.whoami
.as_ref()
.map(|v| String::from_utf8_lossy(v).to_string())
.ok_or(AuthError::Anonymous)
}
} }
impl Clone for AuthProvider { impl Clone for AuthProvider {

32
server/src/tests/auth.rs
Unescape Escape View File

@ -24,6 +24,7 @@
* *
*/ */
use crate::auth::provider::testsuite_data;
use skytable::{query, Element, RespCode}; use skytable::{query, Element, RespCode};
macro_rules! assert_autherror { macro_rules! assert_autherror {
@ -257,6 +258,33 @@ async fn listuser_okay_because_root() {
assert!(ret.contains(&"testuser".to_owned())); assert!(ret.contains(&"testuser".to_owned()));
} }
// auth whoami
#[sky_macros::dbtest_func]
async fn whoami_fail_because_disabled() {
assert_auth_disabled!(con, query!("auth", "whoami"))
}
#[sky_macros::dbtest_func(port = 2005, norun = true)]
async fn whoami_fail_because_anonymous() {
assert_auth_perm_error!(con, query!("auth", "whoami"))
}
#[sky_macros::dbtest_func(port = 2005, norun = true, auth_testuser = true)]
async fn auth_whoami_okay_testuser() {
runeq!(
con,
query!("auth", "whoami"),
Element::String(testsuite_data::TESTSUITE_TEST_USER.to_owned())
)
}
#[sky_macros::dbtest_func(port = 2005, norun = true, auth_rootuser = true)]
async fn auth_whoami_okay_rootuser() {
runeq!(
con,
query!("auth", "whoami"),
Element::String(testsuite_data::TESTSUITE_ROOT_USER.to_owned())
)
}
mod syntax_checks { mod syntax_checks {
use super::{NOAUTH, ONLYAUTH}; use super::{NOAUTH, ONLYAUTH};
use crate::auth::provider::testsuite_data::{ use crate::auth::provider::testsuite_data::{
@ -333,6 +361,10 @@ mod syntax_checks {
async fn listuser_aerr() { async fn listuser_aerr() {
assert_authn_aerr!(con, query!("auth", "listuser", "extra argument"), ONLYAUTH); assert_authn_aerr!(con, query!("auth", "listuser", "extra argument"), ONLYAUTH);
} }
#[sky_macros::dbtest_func(port = 2005, norun = true)]
async fn whoami_aerr() {
assert_authn_aerr!(con, query!("auth", "whoami", "extra argument"));
}
#[sky_macros::dbtest_func(port = 2005, norun = true, auth_testuser = true)] #[sky_macros::dbtest_func(port = 2005, norun = true, auth_testuser = true)]
async fn unknown_auth_action() { async fn unknown_auth_action() {
runeq!( runeq!(

Write Preview
Loading…
Cancel
Save