tomas/pocketbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lock the _mfas and _otps delete api rule, fixed flaky tests, fixed jsvm types example

Browse Source
This commit is contained in:
Gani Georgiev
2024-10-24 21:59:00 +03:00
parent 0b7741f1f7
commit 8c45d4d92d
13 changed files with 5639 additions and 5307 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apis/record_crud_mfa_test.go
+19 -2
View File
@@ -170,7 +170,7 @@ func TestRecordCrudMFADelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 404,
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
@@ -187,7 +187,7 @@ func TestRecordCrudMFADelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 404,
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
@@ -204,6 +204,23 @@ func TestRecordCrudMFADelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
{
Name: "superusers auth",
Method: http.MethodDelete,
URL: "/api/collections/" + core.CollectionNameMFAs + "/records/user1_0",
Headers: map[string]string{
// superusers, test@example.com
"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiY18zMzIzODY2MzM5IiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.v_bMAygr6hXPwD2DpPrFpNQ7dd68Q3pGstmYAsvNBJg",
},
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
if err := tests.StubMFARecords(app); err != nil {
t.Fatal(err)
}
},
ExpectedStatus: 204,
ExpectedEvents: map[string]int{
"*": 0,
apis/record_crud_otp_test.go
+21 -4
View File
@@ -170,12 +170,12 @@ func TestRecordCrudOTPDelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 404,
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
{
Name: "non-owner",
Name: "non-owner auth",
Method: http.MethodDelete,
URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0",
Headers: map[string]string{
@@ -187,12 +187,12 @@ func TestRecordCrudOTPDelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 404,
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
{
Name: "owner",
Name: "owner regular auth",
Method: http.MethodDelete,
URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0",
Headers: map[string]string{
@@ -204,6 +204,23 @@ func TestRecordCrudOTPDelete(t *testing.T) {
t.Fatal(err)
}
},
ExpectedStatus: 403,
ExpectedContent: []string{`"data":{}`},
ExpectedEvents: map[string]int{"*": 0},
},
{
Name: "superusers auth",
Method: http.MethodDelete,
URL: "/api/collections/" + core.CollectionNameOTPs + "/records/user1_0",
Headers: map[string]string{
// superusers, test@example.com
"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiY18zMzIzODY2MzM5IiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.v_bMAygr6hXPwD2DpPrFpNQ7dd68Q3pGstmYAsvNBJg",
},
BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
if err := tests.StubOTPRecords(app); err != nil {
t.Fatal(err)
}
},
ExpectedStatus: 204,
ExpectedEvents: map[string]int{
"*": 0,
apis/record_helpers.go
+4 -4
View File
@@ -256,13 +256,13 @@ func EnrichRecords(e *core.RequestEvent, records []*core.Record, defaultExpands
return triggerRecordEnrichHooks(e.App, info, records, func() error {
expands := defaultExpands
if param := e.Request.URL.Query().Get(expandQueryParam); param != "" {
if param := info.Query[expandQueryParam]; param != "" {
expands = append(expands, strings.Split(param, ",")...)
}
err := defaultEnrichRecords(e.App, info, records, expands...)
if err != nil {
// only log as it is not critical
// only log because it is not critical
e.App.Logger().Warn("failed to apply default enriching", "error", err)
}
@@ -270,8 +270,6 @@ func EnrichRecords(e *core.RequestEvent, records []*core.Record, defaultExpands
})
}
var iterate func(record *core.Record) error
type iterator[T any] struct {
items []T
index int
@@ -297,6 +295,7 @@ func triggerRecordEnrichHooks(app core.App, requestInfo *core.RequestInfo, recor
event.App = app
event.RequestInfo = requestInfo
var iterate func(record *core.Record) error
iterate = func(record *core.Record) error {
if record == nil {
return nil
@@ -350,6 +349,7 @@ func defaultEnrichRecords(app core.App, requestInfo *core.RequestInfo, records [
// expandFetch is the records fetch function that is used to expand related records.
func expandFetch(app core.App, originalRequestInfo *core.RequestInfo) core.ExpandFetchFunc {
// shallow clone the provided request info to set an "expand" context
requestInfoClone := *originalRequestInfo
requestInfoPtr := &requestInfoClone
requestInfoPtr.Context = core.RequestInfoContextExpand
apis/record_helpers_test.go
+17 -9
View File
@@ -23,6 +23,14 @@ func TestEnrichRecords(t *testing.T) {
app, _ := tests.NewTestApp()
defer app.Cleanup()
freshRecords := func(records []*core.Record) []*core.Record {
result := make([]*core.Record, len(records))
for i, r := range records {
result[i] = r.Fresh()
}
return result
}
user, err := app.FindAuthRecordByEmail("users", "test@example.com")
if err != nil {
t.Fatal(err)
@@ -77,7 +85,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility] guest",
auth: nil,
records: usersRecords,
records: freshRecords(usersRecords),
queryExpand: "",
defaultExpands: nil,
expected: []string{
@@ -91,7 +99,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility] owner",
auth: user,
records: usersRecords,
records: freshRecords(usersRecords),
queryExpand: "",
defaultExpands: nil,
expected: []string{
@@ -103,7 +111,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility] manager",
auth: user,
records: nologinRecords,
records: freshRecords(nologinRecords),
queryExpand: "",
defaultExpands: nil,
expected: []string{
@@ -115,7 +123,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility] superuser",
auth: superuser,
records: nologinRecords,
records: freshRecords(nologinRecords),
queryExpand: "",
defaultExpands: nil,
expected: []string{
@@ -127,7 +135,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility + expand] recursive auth rule checks (regular user)",
auth: user,
records: demo1Records,
records: freshRecords(demo1Records),
queryExpand: "",
defaultExpands: []string{"rel_many"},
expected: []string{
@@ -144,7 +152,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[emailVisibility + expand] recursive auth rule checks (superuser)",
auth: superuser,
records: demo1Records,
records: freshRecords(demo1Records),
queryExpand: "",
defaultExpands: []string{"rel_many"},
expected: []string{
@@ -164,7 +172,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[expand] guest (query)",
auth: nil,
records: usersRecords,
records: freshRecords(usersRecords),
queryExpand: "rel",
defaultExpands: nil,
expected: []string{
@@ -180,7 +188,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[expand] guest (default expands)",
auth: nil,
records: usersRecords,
records: freshRecords(usersRecords),
queryExpand: "",
defaultExpands: []string{"rel"},
expected: []string{
@@ -193,7 +201,7 @@ func TestEnrichRecords(t *testing.T) {
{
name: "[expand] @request.context=expand check",
auth: nil,
records: demo5Records,
records: freshRecords(demo5Records),
queryExpand: "rel_one",
defaultExpands: []string{"rel_many"},
expected: []string{