Skip to content

Commit

Permalink
use the new API in tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@Geal
Geal committed Nov 27, 2024
1 parent f7fe86f commit e0948d5
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 115 deletions.
183 changes: 75 additions & 108 deletions biscuit-auth/src/token/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -720,13 +720,13 @@ mod tests {
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let serialized1 = {
let mut builder = Biscuit::builder();

builder.add_fact("right(\"file1\", \"read\")").unwrap();
builder.add_fact("right(\"file2\", \"read\")").unwrap();
builder.add_fact("right(\"file1\", \"write\")").unwrap();

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_fact("right(\"file1\", \"read\")")
.unwrap()
.add_fact("right(\"file2\", \"read\")")
.unwrap()
.add_fact("right(\"file1\", \"write\")")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

Expand Down Expand Up @@ -772,9 +772,7 @@ mod tests {
let biscuit1_deser = Biscuit::from(&serialized1, root.public()).unwrap();

// new check: can only have read access1
let mut block2 = BlockBuilder::new();

block2
let block2 = BlockBuilder::new()
.add_check(rule(
"check1",
&[var("resource")],
Expand Down Expand Up @@ -803,9 +801,7 @@ mod tests {
let biscuit2_deser = Biscuit::from(&serialized2, root.public()).unwrap();

// new check: can only access file1
let mut block3 = BlockBuilder::new();

block3
let block3 = BlockBuilder::new()
.add_check(rule(
"check2",
&[string("file1")],
Expand Down Expand Up @@ -963,21 +959,18 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();

builder.add_right("file1", "read");
builder.add_right("file2", "read");

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_right("file1", "read")
.add_right("file2", "read")
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

let mut block2 = BlockBuilder::new();

block2.check_expiration_date(SystemTime::now() + Duration::from_secs(30));
block2.add_fact("key(1234)").unwrap();
let block2 = BlockBuilder::new()
.check_expiration_date(SystemTime::now() + Duration::from_secs(30))
.add_fact("key(1234)")
.unwrap();

let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();
Expand Down Expand Up @@ -1021,24 +1014,21 @@ mod tests {
fn sealed_token() {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let mut builder = Biscuit::builder();

builder.add_right("/folder1/file1", "read");
builder.add_right("/folder1/file1", "write");
builder.add_right("/folder1/file2", "read");
builder.add_right("/folder1/file2", "write");
builder.add_right("/folder2/file3", "read");

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_right("/folder1/file1", "read")
.add_right("/folder1/file1", "write")
.add_right("/folder1/file2", "read")
.add_right("/folder1/file2", "write")
.add_right("/folder2/file3", "read")
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

let mut block2 = BlockBuilder::new();

block2.check_resource_prefix("/folder1/");
block2.check_right("read");
let block2 = BlockBuilder::new()
.check_resource_prefix("/folder1/")
.check_right("read")
.unwrap();

let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();
Expand Down Expand Up @@ -1086,19 +1076,13 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(1234);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();

builder
let biscuit1 = Biscuit::builder()
.add_fact(fact("right", &[string("file1"), string("read")]))
.unwrap();
builder
.unwrap()
.add_fact(fact("right", &[string("file2"), string("read")]))
.unwrap();
builder
.unwrap()
.add_fact(fact("right", &[string("file1"), string("write")]))
.unwrap();

let biscuit1 = builder
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();
println!("{}", biscuit1);
Expand Down Expand Up @@ -1134,30 +1118,28 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();

builder.add_right("file1", "read");
builder.add_right("file2", "read");
builder.add_fact("key(0000)").unwrap();

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_right("file1", "read")
.add_right("file2", "read")
.add_fact("key(0000)")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

let mut block2 = BlockBuilder::new();

block2.check_expiration_date(SystemTime::now() + Duration::from_secs(30));
block2.add_fact("key(1234)").unwrap();
let block2 = BlockBuilder::new()
.check_expiration_date(SystemTime::now() + Duration::from_secs(30))
.add_fact("key(1234)")
.unwrap();

let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();

let mut block3 = BlockBuilder::new();

block3.check_expiration_date(SystemTime::now() + Duration::from_secs(10));
block3.add_fact("key(5678)").unwrap();
let block3 = BlockBuilder::new()
.check_expiration_date(SystemTime::now() + Duration::from_secs(10))
.add_fact("key(5678)")
.unwrap();

let keypair3 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let biscuit3 = biscuit2.append_with_keypair(&keypair3, block3).unwrap();
Expand Down Expand Up @@ -1222,24 +1204,21 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();

builder
let biscuit1 = Biscuit::builder()
.add_check(check(
&[pred("resource", &[string("hello")])],
CheckKind::One,
))
.unwrap();

let biscuit1 = builder
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

// new check: can only have read access1
let mut block2 = BlockBuilder::new();
block2.add_fact(fact("check1", &[string("test")])).unwrap();
let block2 = BlockBuilder::new()
.add_fact(fact("check1", &[string("test")]))
.unwrap();

let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();
Expand Down Expand Up @@ -1326,16 +1305,15 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();
builder.add_fact("bytes(hex:0102AB)").unwrap();
let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_fact("bytes(hex:0102AB)")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

let mut block2 = BlockBuilder::new();
block2
let block2 = BlockBuilder::new()
.add_rule("has_bytes($0) <- bytes($0), { hex:00000000, hex:0102AB }.contains($0)")
.unwrap();
let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
Expand Down Expand Up @@ -1373,20 +1351,15 @@ mod tests {
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let serialized1 = {
let mut builder = Biscuit::builder();

builder
let biscuit1 = Biscuit::builder()
.add_fact("right(\"/folder1/file1\", \"read\")")
.unwrap();
builder
.unwrap()
.add_fact("right(\"/folder1/file1\", \"write\")")
.unwrap();
builder
.unwrap()
.add_fact("right(\"/folder2/file1\", \"read\")")
.unwrap();
builder.add_check("check if operation(\"read\")").unwrap();

let biscuit1 = builder
.unwrap()
.add_check("check if operation(\"read\")")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

Expand All @@ -1403,20 +1376,18 @@ mod tests {
let biscuit1_deser = Biscuit::from(&serialized1, |_| Ok(root.public())).unwrap();

// new check: can only have read access1
let mut block2 = BlockBuilder::new();
let block2 = BlockBuilder::new()

// Bypass `check if operation("read")` from authority block
block2
.add_rule("operation(\"read\") <- operation($any)")
.unwrap();
.unwrap()

// Bypass `check if resource($file), $file.starts_with("/folder1/")` from block #1
block2
.add_rule("resource(\"/folder1/\") <- resource($any)")
.unwrap();
.unwrap()

// Add missing rights
block2.add_rule("right($file, $right) <- right($any1, $any2), resource($file), operation($right)")
.add_rule("right($file, $right) <- right($any1, $any2), resource($file), operation($right)")
.unwrap();

let keypair2 = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
Expand Down Expand Up @@ -1458,21 +1429,17 @@ mod tests {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);

let mut builder = Biscuit::builder();

builder.add_check("check if fact($v), $v < 1").unwrap();

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_check("check if fact($v), $v < 1")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

println!("biscuit1 (authority): {}", biscuit1);

let mut builder = Biscuit::builder();

builder.add_check("check all fact($v), $v < 1").unwrap();

let biscuit2 = builder
let biscuit2 = Biscuit::builder()
.add_check("check all fact($v), $v < 1")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

Expand Down Expand Up @@ -1579,13 +1546,13 @@ mod tests {
fn verified_unverified_consistency() {
let mut rng: StdRng = SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
let mut builder = Biscuit::builder();

builder.add_fact("right(\"file1\", \"read\")").unwrap();
builder.add_fact("right(\"file2\", \"read\")").unwrap();
builder.add_fact("right(\"file1\", \"write\")").unwrap();

let biscuit1 = builder
let biscuit1 = Biscuit::builder()
.add_fact("right(\"file1\", \"read\")")
.unwrap()
.add_fact("right(\"file2\", \"read\")")
.unwrap()
.add_fact("right(\"file1\", \"write\")")
.unwrap()
.build_with_rng(&root, default_symbol_table(), &mut rng)
.unwrap();

Expand Down
14 changes: 7 additions & 7 deletions biscuit-auth/src/token/third_party.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,13 +159,13 @@ mod tests {
fn third_party_request_roundtrip() {
let mut rng: rand::rngs::StdRng = rand::SeedableRng::seed_from_u64(0);
let root = KeyPair::new_with_rng(crate::builder::Algorithm::Ed25519, &mut rng);
let mut builder = crate::Biscuit::builder();

builder.add_fact("right(\"file1\", \"read\")").unwrap();
builder.add_fact("right(\"file2\", \"read\")").unwrap();
builder.add_fact("right(\"file1\", \"write\")").unwrap();

let biscuit1 = builder
let biscuit1 = crate::Biscuit::builder()
.add_fact("right(\"file1\", \"read\")")
.unwrap()
.add_fact("right(\"file2\", \"read\")")
.unwrap()
.add_fact("right(\"file1\", \"write\")")
.unwrap()
.build_with_rng(&root, crate::token::default_symbol_table(), &mut rng)
.unwrap();
let req = biscuit1.third_party_request().unwrap();
Expand Down

0 comments on commit e0948d5

Please sign in to comment.