From fb908c95ef4be251b3ceaa8a372605d7e571a35d Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Wed, 23 Apr 2025 22:48:13 +0200 Subject: [PATCH] Fix hurl test --- auth/apikey.go | 4 ++-- auth/tests/apikey.hurl | 19 +++++++++++-------- auth/utils.go | 2 +- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/auth/apikey.go b/auth/apikey.go index 4f2e2d07..2f7736d4 100644 --- a/auth/apikey.go +++ b/auth/apikey.go @@ -86,7 +86,7 @@ func (h *Handler) CreateApiKey(c echo.Context) error { } var user *int32 - uid, err :=GetCurrentUserId(c) + uid, err := GetCurrentUserId(c) // if err, we probably are using an api key (so no user) if err != nil { u, _ := h.db.GetUser(context.Background(), dbc.GetUserParams{ @@ -174,7 +174,7 @@ func (h *Handler) ListApiKey(c echo.Context) error { } func (h *Handler) createApiJwt(apikey string) (string, error) { - info := strings.Split(apikey, "-") + info := strings.SplitN(apikey, "-", 2) if len(info) != 2 { return "", echo.NewHTTPError(http.StatusForbidden, "Invalid api key format") } diff --git a/auth/tests/apikey.hurl b/auth/tests/apikey.hurl index 20d281d6..2daaf9dc 100644 --- a/auth/tests/apikey.hurl +++ b/auth/tests/apikey.hurl @@ -4,7 +4,7 @@ POST {{host}}/keys "name": "dryflower", "claims": { "isAdmin": true, - "permssions": ["core.read"] + "permissions": ["core.read"] } } HTTP 401 @@ -16,18 +16,18 @@ X-API-KEY: hurl-1234apikey "name": "dryflower", "claims": { "isAdmin": true, - "permssions": ["core.read"] + "permissions": ["apikeys.read"] } } HTTP 201 [Captures] +id: jsonpath "$.id" token: jsonpath "$.token" GET {{host}}/jwt -Authorization: Bearer {{token}} +X-API-KEY: {{token}} HTTP 200 [Captures] -id: jsonpath "$.id" jwt: jsonpath "$.token" # Duplicates email @@ -37,22 +37,25 @@ X-API-KEY: hurl-1234apikey "name": "dryflower", "claims": { "isAdmin": true, - "permssions": ["core.read"] + "permissions": ["core.read"] } } HTTP 409 # List GET {{host}}/keys -Authorization: Bearer {{token}} +Authorization: Bearer {{jwt}} HTTP 200 [Asserts] jsonpath "$.items[0].id" == {{id}} jsonpath "$.items[0].name" == "dryflower" -jsonpath "$.items[0].claims.permissions" contains "core.read" - +jsonpath "$.items[0].claims.permissions" contains "apikeys.read" DELETE {{host}}/keys/{{id}} Authorization: Bearer {{jwt}} +HTTP 403 + +DELETE {{host}}/keys/{{id}} +X-API-KEY: hurl-1234apikey HTTP 200 diff --git a/auth/utils.go b/auth/utils.go index 942614b2..d336a7bd 100644 --- a/auth/utils.go +++ b/auth/utils.go @@ -71,7 +71,7 @@ func CheckPermissions(c echo.Context, perms []string) error { permissions_claims, ok := claims["permissions"] if !ok { - return echo.NewHTTPError(403, fmt.Sprintf("Missing permissions: %s.", ", ")) + return echo.NewHTTPError(403, fmt.Sprintf("No permissions on this account. Needs permissions: %s.", strings.Join(perms, ", "))) } permissions_int, ok := permissions_claims.([]any) if !ok {