test appRoleAssignment

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
owncloud · Jan 6, 2023 · 331196c · 331196c
1 parent 9a6bff3
commit 331196c
Show file tree

Hide file tree

Showing 5 changed files with 247 additions and 0 deletions.
diff --git a/services/graph/pkg/service/v0/approleassignments_test.go b/services/graph/pkg/service/v0/approleassignments_test.go
@@ -0,0 +1,198 @@
+package svc_test
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+
+	userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
+	revactx "github.com/cs3org/reva/v2/pkg/ctx"
+	"github.com/go-chi/chi/v5"
+	"github.com/golang/protobuf/ptypes/empty"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/stretchr/testify/mock"
+
+	libregraph "github.com/owncloud/libre-graph-api-go"
+	ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
+	settingsmsg "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/settings/v0"
+	settings "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
+	"github.com/owncloud/ocis/v2/services/graph/mocks"
+	"github.com/owncloud/ocis/v2/services/graph/pkg/config"
+	"github.com/owncloud/ocis/v2/services/graph/pkg/config/defaults"
+	identitymocks "github.com/owncloud/ocis/v2/services/graph/pkg/identity/mocks"
+	service "github.com/owncloud/ocis/v2/services/graph/pkg/service/v0"
+)
+
+type assignmentList struct {
+	Value []*libregraph.AppRoleAssignment
+}
+
+var _ = Describe("AppRoleAssignments", func() {
+	var (
+		svc             service.Service
+		ctx             context.Context
+		cfg             *config.Config
+		gatewayClient   *mocks.GatewayClient
+		eventsPublisher mocks.Publisher
+		roleService     *mocks.RoleService
+		identityBackend *identitymocks.Backend
+
+		rr *httptest.ResponseRecorder
+
+		currentUser = &userv1beta1.User{
+			Id: &userv1beta1.UserId{
+				OpaqueId: "user",
+			},
+		}
+	)
+
+	BeforeEach(func() {
+		eventsPublisher.On("Publish", mock.Anything, mock.Anything, mock.Anything).Return(nil)
+
+		identityBackend = &identitymocks.Backend{}
+		roleService = &mocks.RoleService{}
+		gatewayClient = &mocks.GatewayClient{}
+
+		rr = httptest.NewRecorder()
+		ctx = context.Background()
+
+		cfg = defaults.FullDefaultConfig()
+		cfg.Identity.LDAP.CACert = "" // skip the startup checks, we don't use LDAP at all in this tests
+		cfg.TokenManager.JWTSecret = "loremipsum"
+		cfg.Commons = &shared.Commons{}
+		cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
+		cfg.Service.ApplicationID = "some-application-ID"
+
+		_ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
+		svc = service.NewService(
+			service.Config(cfg),
+			service.WithGatewayClient(gatewayClient),
+			service.EventsPublisher(&eventsPublisher),
+			service.WithIdentityBackend(identityBackend),
+			service.WithRoleService(roleService),
+		)
+	})
+
+	Describe("ListAppRoleAssignments", func() {
+		It("lists the appRoleAssignments", func() {
+			user := &libregraph.User{
+				Id: libregraph.PtrString("user1"),
+			}
+			assignments := []*settingsmsg.UserRoleAssignment{
+				{
+					Id:          "some-appRoleAssignment-ID",
+					AccountUuid: user.GetId(),
+					RoleId:      "some-appRole-ID",
+				},
+			}
+			roleService.On("ListRoleAssignments", mock.Anything, mock.Anything, mock.Anything).Return(&settings.ListRoleAssignmentsResponse{Assignments: assignments}, nil)
+
+			r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/users/user1/appRoleAssignments", nil)
+			rctx := chi.NewRouteContext()
+			rctx.URLParams.Add("userID", user.GetId())
+			r = r.WithContext(context.WithValue(revactx.ContextSetUser(ctx, currentUser), chi.RouteCtxKey, rctx))
+			svc.ListAppRoleAssignments(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusOK))
+
+			data, err := io.ReadAll(rr.Body)
+			Expect(err).ToNot(HaveOccurred())
+
+			responseList := assignmentList{}
+			err = json.Unmarshal(data, &responseList)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(len(responseList.Value)).To(Equal(1))
+			Expect(responseList.Value[0].GetId()).ToNot(BeEmpty())
+			Expect(responseList.Value[0].GetAppRoleId()).To(Equal("some-appRole-ID"))
+			Expect(responseList.Value[0].GetPrincipalId()).To(Equal(user.GetId()))
+			Expect(responseList.Value[0].GetResourceId()).To(Equal(cfg.Service.ApplicationID))
+
+		})
+
+	})
+
+	Describe("CreateAppRoleAssignment", func() {
+		It("creates an appRoleAssignment", func() {
+			user := &libregraph.User{
+				Id: libregraph.PtrString("user1"),
+			}
+			userRoleAssignment := &settingsmsg.UserRoleAssignment{
+				Id:          "some-appRoleAssignment-ID",
+				AccountUuid: user.GetId(),
+				RoleId:      "some-appRole-ID",
+			}
+			roleService.On("AssignRoleToUser", mock.Anything, mock.Anything, mock.Anything).Return(&settings.AssignRoleToUserResponse{Assignment: userRoleAssignment}, nil)
+
+			ara := libregraph.NewAppRoleAssignmentWithDefaults()
+			ara.SetAppRoleId("some-appRole-ID")
+			ara.SetPrincipalId(user.GetId())
+			ara.SetResourceId(cfg.Service.ApplicationID)
+
+			araJson, err := json.Marshal(ara)
+			Expect(err).ToNot(HaveOccurred())
+
+			r := httptest.NewRequest(http.MethodPost, "/graph/v1.0/users/user1/appRoleAssignments", bytes.NewBuffer(araJson))
+			rctx := chi.NewRouteContext()
+			rctx.URLParams.Add("userID", user.GetId())
+			r = r.WithContext(context.WithValue(revactx.ContextSetUser(ctx, currentUser), chi.RouteCtxKey, rctx))
+			svc.CreateAppRoleAssignment(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusCreated))
+
+			data, err := io.ReadAll(rr.Body)
+			Expect(err).ToNot(HaveOccurred())
+
+			assignment := libregraph.AppRoleAssignment{}
+			err = json.Unmarshal(data, &assignment)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(assignment.GetId()).ToNot(BeEmpty())
+			Expect(assignment.GetAppRoleId()).To(Equal("some-appRole-ID"))
+			Expect(assignment.GetPrincipalId()).To(Equal("user1"))
+			Expect(assignment.GetResourceId()).To(Equal(cfg.Service.ApplicationID))
+		})
+
+	})
+
+	Describe("DeleteAppRoleAssignment", func() {
+		It("deletes an appRoleAssignment", func() {
+			user := &libregraph.User{
+				Id: libregraph.PtrString("user1"),
+			}
+
+			assignments := []*settingsmsg.UserRoleAssignment{
+				{
+					Id:          "some-appRoleAssignment-ID",
+					AccountUuid: user.GetId(),
+					RoleId:      "some-appRole-ID",
+				},
+			}
+			roleService.On("ListRoleAssignments", mock.Anything, mock.Anything, mock.Anything).Return(&settings.ListRoleAssignmentsResponse{Assignments: assignments}, nil)
+
+			roleService.On("RemoveRoleFromUser", mock.Anything, mock.Anything, mock.Anything).Return(&empty.Empty{}, nil)
+
+			ara := libregraph.NewAppRoleAssignmentWithDefaults()
+			ara.SetAppRoleId("some-appRole-ID")
+			ara.SetPrincipalId(user.GetId())
+			ara.SetResourceId(cfg.Service.ApplicationID)
+
+			araJson, err := json.Marshal(ara)
+			Expect(err).ToNot(HaveOccurred())
+
+			r := httptest.NewRequest(http.MethodPost, "/graph/v1.0/users/user1/appRoleAssignments/some-appRoleAssignment-ID", bytes.NewBuffer(araJson))
+			rctx := chi.NewRouteContext()
+			rctx.URLParams.Add("userID", user.GetId())
+			rctx.URLParams.Add("appRoleAssignmentID", "some-appRoleAssignment-ID")
+			r = r.WithContext(context.WithValue(revactx.ContextSetUser(ctx, currentUser), chi.RouteCtxKey, rctx))
+			svc.DeleteAppRoleAssignment(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusNoContent))
+
+		})
+
+	})
+})
diff --git a/services/graph/pkg/service/v0/instrument.go b/services/graph/pkg/service/v0/instrument.go
@@ -59,6 +59,21 @@ func (i instrument) ChangeOwnPassword(w http.ResponseWriter, r *http.Request) {
 	i.next.ChangeOwnPassword(w, r)
 }
 
+// ListAppRoleAssignments implements the Service interface.
+func (i instrument) ListAppRoleAssignments(w http.ResponseWriter, r *http.Request) {
+	i.next.ListAppRoleAssignments(w, r)
+}
+
+// CreateAppRoleAssignment implements the Service interface.
+func (i instrument) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	i.next.CreateAppRoleAssignment(w, r)
+}
+
+// DeleteAppRoleAssignment implements the Service interface.
+func (i instrument) DeleteAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	i.next.DeleteAppRoleAssignment(w, r)
+}
+
 // GetGroups implements the Service interface.
 func (i instrument) GetGroups(w http.ResponseWriter, r *http.Request) {
 	i.next.GetGroups(w, r)

diff --git a/services/graph/pkg/service/v0/logging.go b/services/graph/pkg/service/v0/logging.go
@@ -59,6 +59,21 @@ func (l logging) ChangeOwnPassword(w http.ResponseWriter, r *http.Request) {
 	l.next.ChangeOwnPassword(w, r)
 }
 
+// ListAppRoleAssignments implements the Service interface.
+func (l logging) ListAppRoleAssignments(w http.ResponseWriter, r *http.Request) {
+	l.next.ListAppRoleAssignments(w, r)
+}
+
+// CreateAppRoleAssignment implements the Service interface.
+func (l logging) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	l.next.CreateAppRoleAssignment(w, r)
+}
+
+// DeleteAppRoleAssignment implements the Service interface.
+func (l logging) DeleteAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	l.next.DeleteAppRoleAssignment(w, r)
+}
+
 // GetGroups implements the Service interface.
 func (l logging) GetGroups(w http.ResponseWriter, r *http.Request) {
 	l.next.GetGroups(w, r)

diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go
@@ -38,6 +38,10 @@ type Service interface {
 	PatchUser(http.ResponseWriter, *http.Request)
 	ChangeOwnPassword(http.ResponseWriter, *http.Request)
 
+	ListAppRoleAssignments(http.ResponseWriter, *http.Request)
+	CreateAppRoleAssignment(http.ResponseWriter, *http.Request)
+	DeleteAppRoleAssignment(http.ResponseWriter, *http.Request)
+
 	GetGroups(http.ResponseWriter, *http.Request)
 	GetGroup(http.ResponseWriter, *http.Request)
 	PostGroup(http.ResponseWriter, *http.Request)

diff --git a/services/graph/pkg/service/v0/tracing.go b/services/graph/pkg/service/v0/tracing.go
@@ -55,6 +55,21 @@ func (t tracing) ChangeOwnPassword(w http.ResponseWriter, r *http.Request) {
 	t.next.ChangeOwnPassword(w, r)
 }
 
+// ListAppRoleAssignments implements the Service interface.
+func (t tracing) ListAppRoleAssignments(w http.ResponseWriter, r *http.Request) {
+	t.next.ListAppRoleAssignments(w, r)
+}
+
+// CreateAppRoleAssignment implements the Service interface.
+func (t tracing) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	t.next.CreateAppRoleAssignment(w, r)
+}
+
+// DeleteAppRoleAssignment implements the Service interface.
+func (t tracing) DeleteAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
+	t.next.DeleteAppRoleAssignment(w, r)
+}
+
 // GetGroups implements the Service interface.
 func (t tracing) GetGroups(w http.ResponseWriter, r *http.Request) {
 	t.next.GetGroups(w, r)