v0.0.10 - Working on auth system
This commit is contained in:
Your Name
@@ -76,30 +76,15 @@ fi
|
||||
# Setup test environment and auth rules ONCE at the beginning
|
||||
mkdir -p "$TEST_DIR"
|
||||
|
||||
# Enable authentication rules
|
||||
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
|
||||
# Enable authentication rules using admin API
|
||||
curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "true"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
|
||||
|
||||
# Delete ALL existing auth rules and cache (clean slate)
|
||||
sqlite3 "$DB_PATH" "DELETE FROM auth_rules;"
|
||||
sqlite3 "$DB_PATH" "DELETE FROM auth_cache;"
|
||||
# Note: With the new simplified authentication system, we no longer use auth_rules table.
|
||||
# The system now uses a simpler approach with unified config table.
|
||||
|
||||
# Set up all test rules at once
|
||||
# 1. Whitelist for TEST_USER1 for upload operations (priority 10)
|
||||
sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
|
||||
VALUES ('pubkey_whitelist', '$TEST_USER1_PUBKEY', 'upload', 10, 1, 'TEST_WHITELIST_USER1');"
|
||||
|
||||
# 2. Blacklist for TEST_USER2 for upload operations (priority 5 - higher priority)
|
||||
sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
|
||||
VALUES ('pubkey_blacklist', '$TEST_USER2_PUBKEY', 'upload', 5, 1, 'TEST_BLACKLIST_USER2');"
|
||||
|
||||
# 3. Hash blacklist (will be set after we create a test file)
|
||||
# Create test files for blacklist testing
|
||||
echo "test content for hash blacklist" > "$TEST_DIR/blacklisted_file.txt"
|
||||
BLACKLISTED_HASH=$(sha256sum "$TEST_DIR/blacklisted_file.txt" | cut -d' ' -f1)
|
||||
sqlite3 "$DB_PATH" "INSERT INTO auth_rules (rule_type, rule_target, operation, priority, enabled, description)
|
||||
VALUES ('hash_blacklist', '$BLACKLISTED_HASH', 'upload', 5, 1, 'TEST_HASH_BLACKLIST');"
|
||||
|
||||
# Display the rules we created
|
||||
# (Auth rules configured for testing)
|
||||
|
||||
# Helper functions
|
||||
create_test_file() {
|
||||
@@ -156,31 +141,40 @@ test_upload() {
|
||||
|
||||
# Run the tests
|
||||
|
||||
# Test 1: Whitelisted user (should succeed)
|
||||
test_file1=$(create_test_file "whitelisted_upload.txt" "Content from whitelisted user")
|
||||
test_upload "Test 1: Whitelisted User Upload" "$TEST_USER1_PRIVKEY" "$test_file1" "200"
|
||||
# Test 1: Valid authenticated user (should succeed)
|
||||
test_file1=$(create_test_file "whitelisted_upload.txt" "Content from authenticated user")
|
||||
test_upload "Test 1: Authenticated User Upload" "$TEST_USER1_PRIVKEY" "$test_file1" "200"
|
||||
|
||||
# Test 2: Blacklisted user (should fail)
|
||||
test_file2=$(create_test_file "blacklisted_upload.txt" "Content from blacklisted user")
|
||||
test_upload "Test 2: Blacklisted User Upload" "$TEST_USER2_PRIVKEY" "$test_file2" "403"
|
||||
# Test 2: Another valid authenticated user (should succeed - no blacklisting in simplified system)
|
||||
test_file2=$(create_test_file "blacklisted_upload.txt" "Content from another authenticated user")
|
||||
test_upload "Test 2: Another Authenticated User Upload" "$TEST_USER2_PRIVKEY" "$test_file2" "200"
|
||||
|
||||
# Test 3: Whitelisted user uploading blacklisted hash (blacklist should win due to higher priority)
|
||||
test_upload "Test 3: Whitelisted User + Blacklisted Hash" "$TEST_USER1_PRIVKEY" "$TEST_DIR/blacklisted_file.txt" "403"
|
||||
# Test 3: Third valid authenticated user (should succeed - no hash blacklisting in simplified system)
|
||||
test_upload "Test 3: Authenticated User + Any Hash" "$TEST_USER1_PRIVKEY" "$TEST_DIR/blacklisted_file.txt" "200"
|
||||
|
||||
# Test 4: Random user with no specific rules (should be allowed since no restrictive whitelist applies to all users)
|
||||
# Test 4: Random user (should succeed with valid authentication)
|
||||
test_file4=$(create_test_file "random_upload.txt" "Content from random user")
|
||||
# Use a different private key that's not in any rules
|
||||
# Use a different private key
|
||||
RANDOM_PRIVKEY="abcd1234567890abcd1234567890abcd1234567890abcd1234567890abcd1234"
|
||||
test_upload "Test 4: Random User (No Rules)" "$RANDOM_PRIVKEY" "$test_file4" "ANY"
|
||||
test_upload "Test 4: Random User (Valid Auth)" "$RANDOM_PRIVKEY" "$test_file4" "200"
|
||||
|
||||
# Test 5: Test with authentication disabled
|
||||
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'false');"
|
||||
# First disable authentication using admin API
|
||||
curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "false"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
|
||||
|
||||
# No restart needed - admin API automatically refreshes cache
|
||||
echo "Using admin API to disable authentication (with automatic cache refresh)..."
|
||||
sleep 1 # Brief pause for API call to complete
|
||||
|
||||
test_file5=$(create_test_file "auth_disabled.txt" "Upload with auth disabled")
|
||||
test_upload "Test 5: Upload with Authentication Disabled" "$TEST_USER2_PRIVKEY" "$test_file5" "200"
|
||||
|
||||
# Re-enable authentication
|
||||
sqlite3 "$DB_PATH" "INSERT OR REPLACE INTO auth_config (key, value) VALUES ('auth_rules_enabled', 'true');"
|
||||
# Re-enable authentication using admin API (no restart needed thanks to cache refresh)
|
||||
curl -s -X PUT -H "Content-Type: application/json" -d '{"value": "true"}' "http://localhost:9001/api/config/auth_rules_enabled" > /dev/null
|
||||
|
||||
# No restart needed - admin API automatically refreshes cache
|
||||
echo "Re-enabling authentication via admin API (with automatic cache refresh)..."
|
||||
sleep 1 # Brief pause for API call to complete
|
||||
|
||||
# Test failure modes - comprehensive edge case testing
|
||||
|
||||
@@ -413,8 +407,8 @@ test_nip42_authentication() {
|
||||
|
||||
# Test NIP-42 configuration modes
|
||||
test_nip42_configuration() {
|
||||
# Check NIP-42 mode in database using correct table/column
|
||||
local nip42_mode=$(sqlite3 "$DB_PATH" "SELECT value FROM server_config WHERE key = 'require_nip42_auth';" 2>/dev/null || echo "")
|
||||
# Check NIP-42 mode in database using unified config table
|
||||
local nip42_mode=$(sqlite3 "$DB_PATH" "SELECT value FROM config WHERE key = 'require_nip42_auth';" 2>/dev/null || echo "")
|
||||
|
||||
if [[ -n "$nip42_mode" ]]; then
|
||||
case "$nip42_mode" in
|
||||
@@ -474,5 +468,5 @@ else
|
||||
echo "Success rate: $(( (TESTS_PASSED * 100) / TOTAL_TESTS ))%"
|
||||
fi
|
||||
echo
|
||||
echo "To clean up test data: sqlite3 $DB_PATH \"DELETE FROM auth_rules WHERE description LIKE 'TEST_%';\""
|
||||
echo "To clean up test data: rm -rf tests/auth_test_tmp/"
|
||||
echo "=========================================="
|
||||
Reference in New Issue
Block a user