From 386c70ea0d70e1c93d042597bc69e52661993a6d Mon Sep 17 00:00:00 2001 From: Michael Desa Date: Wed, 6 Feb 2019 15:54:09 -0500 Subject: [PATCH] fix(influxdb): revert functionality added in pr#10947 --- CHANGELOG.md | 1 + cmd/influx/authorization.go | 17 ------ http/auth_service.go | 23 ++----- http/auth_test.go | 116 +----------------------------------- 4 files changed, 7 insertions(+), 150 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f57dba1c3d..3ff7a4b0b58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ ## Bug Fixes 1. [11678](https://github.com/influxdata/influxdb/pull/11678): Update the System Telegraf Plugin bundle to include the swap plugin +1. [11722](https://github.com/influxdata/influxdb/pull/11722): Revert behavior allowing users to create authorizations on behalf of another user ## UI Improvements 1. [11683](https://github.com/influxdata/influxdb/pull/11683): Change the wording for the plugin config form button to Done diff --git a/cmd/influx/authorization.go b/cmd/influx/authorization.go index 087b4bd8a87..01b11e8085d 100644 --- a/cmd/influx/authorization.go +++ b/cmd/influx/authorization.go @@ -228,23 +228,6 @@ func authorizationCreateF(cmd *cobra.Command, args []string) error { OrgID: o.ID, } - if authorizationCreateFlags.user != "" { - // if the user flag is supplied, then set the user ID explicitly on the request - userSvc, err := newUserService(flags) - if err != nil { - return err - } - userFilter := platform.UserFilter{ - Name: &authorizationCreateFlags.user, - } - user, err := userSvc.FindUser(context.Background(), userFilter) - if err != nil { - return err - } - - authorization.UserID = user.ID - } - s, err := newAuthorizationService(flags) if err != nil { return err diff --git a/http/auth_service.go b/http/auth_service.go index 21088ebbe7d..85f76c3eaa9 100644 --- a/http/auth_service.go +++ b/http/auth_service.go @@ -188,25 +188,10 @@ func (h *AuthorizationHandler) handlePostAuthorization(w http.ResponseWriter, r return } - var user *platform.User - // allow the user id to be specified optionally, if it is not set - // we use the id from the authorizer - if req.UserID == nil { - u, err := getAuthorizedUser(r, h.UserService) - if err != nil { - EncodeError(ctx, platform.ErrUnableToCreateToken, w) - return - } - - user = u - } else { - u, err := h.UserService.FindUserByID(ctx, *req.UserID) - if err != nil { - EncodeError(ctx, platform.ErrUnableToCreateToken, w) - return - } - - user = u + user, err := getAuthorizedUser(r, h.UserService) + if err != nil { + EncodeError(ctx, platform.ErrUnableToCreateToken, w) + return } auth := req.toPlatform(user.ID) diff --git a/http/auth_test.go b/http/auth_test.go index 4bb8d380ebd..b9c57eb5d96 100644 --- a/http/auth_test.go +++ b/http/auth_test.go @@ -5,12 +5,13 @@ import ( "context" "encoding/json" "fmt" - "go.uber.org/zap" "io/ioutil" "net/http" "net/http/httptest" "testing" + "go.uber.org/zap" + platform "github.com/influxdata/influxdb" pcontext "github.com/influxdata/influxdb/context" "github.com/influxdata/influxdb/inmem" @@ -522,119 +523,6 @@ func TestService_handlePostAuthorization(t *testing.T) { `, }, }, - { - name: "create a new authorization with user id set explicitly", - fields: fields{ - AuthorizationService: &mock.AuthorizationService{ - CreateAuthorizationFn: func(ctx context.Context, c *platform.Authorization) error { - c.ID = platformtesting.MustIDBase16("020f755c3c082000") - c.Token = "new-test-token" - return nil - }, - }, - UserService: &mock.UserService{ - FindUserByIDFn: func(ctx context.Context, id platform.ID) (*platform.User, error) { - if !id.Valid() { - return nil, &platform.Error{ - Code: platform.EInvalid, - Msg: "invalid user id", - } - } - return &platform.User{ - ID: id, - Name: "u1", - }, nil - }, - }, - OrganizationService: &mock.OrganizationService{ - FindOrganizationByIDF: func(ctx context.Context, id platform.ID) (*platform.Organization, error) { - if !id.Valid() { - return nil, &platform.Error{ - Code: platform.EInvalid, - Msg: "invalid org ID", - } - } - return &platform.Organization{ - ID: id, - Name: "o1", - }, nil - }, - }, - LookupService: &mock.LookupService{ - NameFn: func(ctx context.Context, resource platform.ResourceType, id platform.ID) (string, error) { - switch resource { - case platform.BucketsResourceType: - return "b1", nil - case platform.OrgsResourceType: - return "o1", nil - } - return "", fmt.Errorf("bad resource type %s", resource) - }, - }, - }, - args: args{ - session: &platform.Authorization{ - Token: "session-token", - ID: platformtesting.MustIDBase16("020f755c3c082000"), - UserID: platformtesting.MustIDBase16("aaaaaaaaaaaaaaaa"), - OrgID: platformtesting.MustIDBase16("020f755c3c083000"), - Description: "can write to authorization resource", - Permissions: []platform.Permission{ - { - Action: platform.WriteAction, - Resource: platform.Resource{ - Type: platform.AuthorizationsResourceType, - }, - }, - }, - }, - authorization: &platform.Authorization{ - ID: platformtesting.MustIDBase16("020f755c3c082000"), - UserID: platformtesting.MustIDBase16("bbbbbbbbbbbbbbbb"), - OrgID: platformtesting.MustIDBase16("020f755c3c083000"), - Description: "only read dashboards sucka", - Permissions: []platform.Permission{ - { - Action: platform.ReadAction, - Resource: platform.Resource{ - Type: platform.DashboardsResourceType, - OrgID: platformtesting.IDPtr(platformtesting.MustIDBase16("020f755c3c083000")), - }, - }, - }, - }, - }, - wants: wants{ - statusCode: http.StatusCreated, - contentType: "application/json; charset=utf-8", - body: ` -{ - "links": { - "user": "/api/v2/users/bbbbbbbbbbbbbbbb", - "self": "/api/v2/authorizations/020f755c3c082000" - }, - "id": "020f755c3c082000", - "user": "u1", - "userID": "bbbbbbbbbbbbbbbb", - "orgID": "020f755c3c083000", - "org": "o1", - "token": "new-test-token", - "status": "active", - "description": "only read dashboards sucka", - "permissions": [ - { - "action": "read", - "resource": { - "type": "dashboards", - "orgID": "020f755c3c083000", - "org": "o1" - } - } - ] -} - `, - }, - }, } for _, tt := range tests {