Return user roles in graphql me

interline-io · Oct 28, 2023 · eb35ca2 · eb35ca2
1 parent 4ce820e
commit eb35ca2
Show file tree

Hide file tree

Showing 15 changed files with 483 additions and 410 deletions.
diff --git a/auth/ancheck/gatekeeper.go b/auth/ancheck/gatekeeper.go
@@ -97,9 +97,6 @@ func (gk *Gatekeeper) updateUsers(ctx context.Context) {
 	keys := gk.cache.GetRecheckKeys(ctx)
 	for _, userKey := range keys {
 		gk.updateUser(ctx, userKey)
-		// ; err != nil {
-		// 	// Failed :( Error logging handled in updateUser
-		// }
 	}
 }
 

diff --git a/auth/ancheck/gatekeeper_test.go b/auth/ancheck/gatekeeper_test.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/go-redis/redismock/v8"
+	"github.com/interline-io/transitland-server/auth/authn"
 	"github.com/interline-io/transitland-server/internal/ecache"
 	"github.com/stretchr/testify/assert"
 )
@@ -70,7 +71,7 @@ func TestGatekeeper(t *testing.T) {
 		name  string
 		mwf   MiddlewareFunc
 		code  int
-		user  userWithRoles
+		user  authn.User
 		after func(*testing.T)
 	}{
 		{
@@ -251,16 +252,16 @@ func cacheRedisKey(topic string, key string) string {
 
 // Trivial implementation of Gatekeeper for testing purposes
 type GatekeeperTestServer struct {
-	users  map[string]userWithRoles
+	users  map[string]authn.User
 	counts map[string]int
 	lock   sync.Mutex
 }
 
-func (gk *GatekeeperTestServer) AddUser(key string, user userWithRoles) {
+func (gk *GatekeeperTestServer) AddUser(key string, user authn.User) {
 	gk.lock.Lock()
 	defer gk.lock.Unlock()
 	if gk.users == nil {
-		gk.users = map[string]userWithRoles{}
+		gk.users = map[string]authn.User{}
 	}
 	gk.users[key] = newCtxUser(user.ID()).WithRoles(user.Roles()...)
 }
@@ -269,7 +270,7 @@ func (gk *GatekeeperTestServer) ServeHTTP(w http.ResponseWriter, r *http.Request
 	gk.lock.Lock()
 	defer gk.lock.Unlock()
 	u := r.URL.Query()
-	var user userWithRoles
+	var user authn.User
 	if a := u["user"]; len(a) > 0 {
 		user = gk.users[a[0]]
 	}

diff --git a/auth/ancheck/mw.go b/auth/ancheck/mw.go
@@ -48,16 +48,16 @@ func GetUserMiddleware(authType string, cfg AuthConfig, client *redis.Client) (M
 
 // AdminDefaultMiddleware uses a default "admin" context.
 func AdminDefaultMiddleware(defaultName string) func(http.Handler) http.Handler {
-	return newUserDefaultMiddleware(func() authn.User { return authn.NewCtxUser(defaultName, "", "").WithRoles("admin") })
+	return NewUserDefaultMiddleware(func() authn.User { return authn.NewCtxUser(defaultName, "", "").WithRoles("admin") })
 }
 
 // UserDefaultMiddleware uses a default "user" context.
 func UserDefaultMiddleware(defaultName string) func(http.Handler) http.Handler {
-	return newUserDefaultMiddleware(func() authn.User { return authn.NewCtxUser(defaultName, "", "") })
+	return NewUserDefaultMiddleware(func() authn.User { return authn.NewCtxUser(defaultName, "", "") })
 }
 
-// newUserDefaultMiddleware uses a default "user" context.
-func newUserDefaultMiddleware(cb func() authn.User) func(http.Handler) http.Handler {
+// NewUserDefaultMiddleware uses a default "user" context.
+func NewUserDefaultMiddleware(cb func() authn.User) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := cb()

diff --git a/auth/ancheck/mw_test.go b/auth/ancheck/mw_test.go
@@ -13,11 +13,6 @@ func newCtxUser(id string) authn.CtxUser {
 	return authn.NewCtxUser(id, "", "")
 }
 
-type userWithRoles interface {
-	authn.User
-	Roles() []string
-}
-
 func TestUserMiddleware(t *testing.T) {
 	a := UserDefaultMiddleware("test")
 	req := httptest.NewRequest(http.MethodGet, "/", nil)
@@ -39,7 +34,7 @@ func TestNoMiddleware(t *testing.T) {
 	testAuthMiddleware(t, req, a, 200, nil)
 }
 
-func testAuthMiddleware(t *testing.T, req *http.Request, mwf MiddlewareFunc, expectCode int, expectUser userWithRoles) {
+func testAuthMiddleware(t *testing.T, req *http.Request, mwf MiddlewareFunc, expectCode int, expectUser authn.User) {
 	var user authn.User
 	testHandler := func(w http.ResponseWriter, r *http.Request) {
 		user = authn.ForContext(r.Context())
@@ -69,7 +64,7 @@ func TestUserRequired(t *testing.T) {
 		name string
 		mwf  MiddlewareFunc
 		code int
-		user userWithRoles
+		user authn.User
 	}{
 		{"with user", func(next http.Handler) http.Handler { return AdminDefaultMiddleware("test")(UserRequired(next)) }, 200, newCtxUser("test").WithRoles("admin")},
 		{"with user", func(next http.Handler) http.Handler { return UserDefaultMiddleware("test")(UserRequired(next)) }, 200, newCtxUser("test")},
@@ -88,7 +83,7 @@ func TestAdminRequired(t *testing.T) {
 		name string
 		mwf  MiddlewareFunc
 		code int
-		user userWithRoles
+		user authn.User
 	}{
 		{"with admin", func(next http.Handler) http.Handler { return AdminDefaultMiddleware("test")(AdminRequired(next)) }, 200, newCtxUser("test").WithRoles("admin")},
 		{"with user", func(next http.Handler) http.Handler { return UserDefaultMiddleware("test")(AdminRequired(next)) }, 401, nil}, // mw kills request before handler

diff --git a/auth/ancheck/user_header_test.go b/auth/ancheck/user_header_test.go
@@ -4,14 +4,16 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"testing"
+
+	"github.com/interline-io/transitland-server/auth/authn"
 )
 
 func TestKongMiddleware(t *testing.T) {
 	tcs := []struct {
 		name       string
 		consumerId string
 		code       int
-		user       userWithRoles
+		user       authn.User
 	}{
 		{"test", "test@transitland", 200, newCtxUser("test@transitland")},
 		{"no user", "", 200, nil},

diff --git a/auth/authn/authn.go b/auth/authn/authn.go
@@ -7,6 +7,7 @@ type User interface {
 	ID() string
 	Name() string
 	Email() string
+	Roles() []string
 	HasRole(string) bool
 	GetExternalData(string) (string, bool)
 }