Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 60

feat: authz tests

Browse source
This commit is contained in:
Jahziel Villasana-Espinoza 2024-05-24 15:21:46 -04:00
parent 333e733ab3
commit 517acb4523
2 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
server/service/mdm.go
View file

@ -2278,7 +2278,11 @@ func uploadMDMAppleAPNSCertEndpoint(ctx context.Context, request interface{}, sv
func (svc *Service) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeeker) error {
if err := svc.authz.Authorize(ctx, &fleet.AppleCSR{}, fleet.ActionWrite); err != nil {
return ctxerr.Wrap(ctx, err)
return err
}
if cert == nil {
return fleet.NewInvalidArgumentError("certificate", "Invalid certificate. Please provide a valid certificate from Apple Push Certificate Portal.")
}
// Get cert file bytes
@ -2287,7 +2291,7 @@ func (svc *Service) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeek
return ctxerr.Wrap(ctx, err, "reading apns certificate")
}
// Validate cert TODO(JVE): is there more to do here for validation?
// Validate cert
block, _ := pem.Decode(certBytes)
if block == nil {
return fleet.NewInvalidArgumentError("certificate", "Invalid certificate. Please provide a valid certificate from Apple Push Certificate Portal.")
@ -2323,7 +2327,7 @@ func deleteMDMAppleAPNSCertEndpoint(ctx context.Context, request interface{}, sv
func (svc *Service) DeleteMDMAppleAPNSCert(ctx context.Context) error {
if err := svc.authz.Authorize(ctx, &fleet.AppleCSR{}, fleet.ActionWrite); err != nil {
return ctxerr.Wrap(ctx, err)
return err
}
return ctxerr.Wrap(ctx, svc.ds.DeleteMDMConfigAssetsByName(ctx, []fleet.MDMAssetName{

10
server/service/mdm_test.go
View file

@ -70,6 +70,8 @@ func TestMDMAppleAuthorization(t *testing.T) {
return &fleet.AppConfig{OrgInfo: fleet.OrgInfo{OrgName: "Nurv"}}, nil
}
ds.DeleteMDMConfigAssetsByNameFunc = func(ctx context.Context, assetNames []fleet.MDMAssetName) error { return nil }
// use a custom implementation of checkAuthErr as the service call will fail
// with a not found error (given that MDM is not really configured) in case
// of success, and the package-wide checkAuthErr requires no error.
@ -94,6 +96,14 @@ func TestMDMAppleAuthorization(t *testing.T) {
checkAuthErr(t, shouldFailWithAuth, err)
_, err = svc.GetMDMAppleCSR(ctx)
require.Error(t, err)
checkAuthErr(t, shouldFailWithAuth, err)
err = svc.UploadMDMAppleAPNSCert(ctx, nil)
require.Error(t, err)
checkAuthErr(t, shouldFailWithAuth, err)
err = svc.DeleteMDMAppleAPNSCert(ctx) // Don't expect anything other than an authz error here, since this is pretty much just a DB wrapper.
checkAuthErr(t, shouldFailWithAuth, err)
}