Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-05-24 02:02:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix hurl test

Browse Source
This commit is contained in:
Zoe Roux 2025-04-23 22:48:13 +02:00
parent 667249bc81
commit fb908c95ef
No known key found for this signature in database
3 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/apikey.go
View File

@ -86,7 +86,7 @@ func (h *Handler) CreateApiKey(c echo.Context) error {
}
var user *int32
uid, err :=GetCurrentUserId(c)
uid, err := GetCurrentUserId(c)
// if err, we probably are using an api key (so no user)
if err != nil {
u, _ := h.db.GetUser(context.Background(), dbc.GetUserParams{
@ -174,7 +174,7 @@ func (h *Handler) ListApiKey(c echo.Context) error {
}
func (h *Handler) createApiJwt(apikey string) (string, error) {
info := strings.Split(apikey, "-")
info := strings.SplitN(apikey, "-", 2)
if len(info) != 2 {
return "", echo.NewHTTPError(http.StatusForbidden, "Invalid api key format")
}

19
auth/tests/apikey.hurl
View File

@ -4,7 +4,7 @@ POST {{host}}/keys
"name": "dryflower",
"claims": {
"isAdmin": true,
"permssions": ["core.read"]
"permissions": ["core.read"]
}
}
HTTP 401
@ -16,18 +16,18 @@ X-API-KEY: hurl-1234apikey
"name": "dryflower",
"claims": {
"isAdmin": true,
"permssions": ["core.read"]
"permissions": ["apikeys.read"]
}
}
HTTP 201
[Captures]
id: jsonpath "$.id"
token: jsonpath "$.token"
GET {{host}}/jwt
Authorization: Bearer {{token}}
X-API-KEY: {{token}}
HTTP 200
[Captures]
id: jsonpath "$.id"
jwt: jsonpath "$.token"
# Duplicates email
@ -37,22 +37,25 @@ X-API-KEY: hurl-1234apikey
"name": "dryflower",
"claims": {
"isAdmin": true,
"permssions": ["core.read"]
"permissions": ["core.read"]
}
}
HTTP 409
# List
GET {{host}}/keys
Authorization: Bearer {{token}}
Authorization: Bearer {{jwt}}
HTTP 200
[Asserts]
jsonpath "$.items[0].id" == {{id}}
jsonpath "$.items[0].name" == "dryflower"
jsonpath "$.items[0].claims.permissions" contains "core.read"
jsonpath "$.items[0].claims.permissions" contains "apikeys.read"
DELETE {{host}}/keys/{{id}}
Authorization: Bearer {{jwt}}
HTTP 403
DELETE {{host}}/keys/{{id}}
X-API-KEY: hurl-1234apikey
HTTP 200

2
auth/utils.go
View File

@ -71,7 +71,7 @@ func CheckPermissions(c echo.Context, perms []string) error {
permissions_claims, ok := claims["permissions"]
if !ok {
return echo.NewHTTPError(403, fmt.Sprintf("Missing permissions: %s.", ", "))
return echo.NewHTTPError(403, fmt.Sprintf("No permissions on this account. Needs permissions: %s.", strings.Join(perms, ", ")))
}
permissions_int, ok := permissions_claims.([]any)
if !ok {