Skip to content
Permalink
Browse files

Add data/authorization to office users endpoint

  • Loading branch information...
garrettqmartin8 committed Jun 5, 2019
1 parent ba498bd commit 0386b3d35d05151761d55f5bdc67686b10fe44b5

Some generated files are not rendered by default. Learn more.

@@ -0,0 +1,11 @@
package auth

import "errors"

func AuthorizeAdminUser(session *Session) error {
if !session.IsSuperuser {
return errors.New("USER_UNAUTHORIZED")
}

return nil
}
@@ -0,0 +1,46 @@
package auth

import (
"errors"
"testing"
)

func TestAuthorizeAdminUser(t *testing.T) {
testcases := []struct {
description string
session *Session
expected error
}{
{
description: "authorized",
session: &Session{IsSuperuser: true},
expected: nil,
},
{
description: "not authorized",
session: &Session{},
expected: errors.New("USER_UNAUTHORIZED"),
},
}

for _, testcase := range testcases {
t.Run(testcase.description, func(t *testing.T) {
result := AuthorizeAdminUser(testcase.session)
expected := testcase.expected

var failed bool
// check that the type returned is an error
_, ok := result.(error)

if ok {
failed = result.Error() != expected.Error()
} else {
failed = result != expected
}

if failed {
t.Errorf("got %#v, expected %#v", result, testcase.expected)
}
})
}
}
@@ -6,6 +6,7 @@ import (

"github.com/go-openapi/loads"

"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/gen/adminapi"
adminops "github.com/transcom/mymove/pkg/gen/adminapi/adminoperations"
"github.com/transcom/mymove/pkg/handlers"
@@ -28,7 +29,7 @@ func NewAdminAPIHandler(context handlers.HandlerContext) http.Handler {
adminAPI.OfficeIndexOfficeUsersHandler = IndexOfficeUsersHandler{
HandlerContext: context,
NewQueryFilter: query.NewQueryFilter,
OfficeUserListFetcher: user.NewOfficeUserListFetcher(queryBuilder),
OfficeUserListFetcher: user.NewOfficeUserListFetcher(queryBuilder, auth.AuthorizeAdminUser),
}

return adminAPI.Serve(nil)
@@ -3,6 +3,7 @@ package adminapi
import (
"github.com/go-openapi/runtime/middleware"

"github.com/transcom/mymove/pkg/auth"
officeuserop "github.com/transcom/mymove/pkg/gen/adminapi/adminoperations/office"
"github.com/transcom/mymove/pkg/gen/adminmessages"
"github.com/transcom/mymove/pkg/handlers"
@@ -12,7 +13,12 @@ import (

// TODO: fill this in
func payloadForOfficeUserModel(o models.OfficeUser) *adminmessages.OfficeUser {
return &adminmessages.OfficeUser{ID: *handlers.FmtUUID(o.ID)}
return &adminmessages.OfficeUser{
ID: *handlers.FmtUUID(o.ID),
FirstName: o.FirstName,
LastName: o.LastName,
Email: o.Email,
}
}

// IndexOfficeUsersHandler returns a list of office users via GET /office_users
@@ -24,12 +30,13 @@ type IndexOfficeUsersHandler struct {

// Handle retrieves a list of office users
func (h IndexOfficeUsersHandler) Handle(params officeuserop.IndexOfficeUsersParams) middleware.Responder {
session := auth.SessionFromRequestContext(params.HTTPRequest)
// Here is where NewQueryFilter will be used to create Filters from the 'filter' query param
queryFilters := []services.QueryFilter{
h.NewQueryFilter("id", "=", "d874d002-5582-4a91-97d3-786e8f66c763"),
// h.NewQueryFilter("id", "=", "d874d002-5582-4a91-97d3-786e8f66c763"),
}

officeUsers, err := h.OfficeUserListFetcher.FetchOfficeUserList(queryFilters)
officeUsers, err := h.OfficeUserListFetcher.FetchOfficeUserList(queryFilters, session)
if err != nil {
return handlers.ResponseForError(h.Logger(), err)
}
@@ -9,6 +9,7 @@ import (
"github.com/stretchr/testify/mock"

"github.com/transcom/mymove/mocks"
"github.com/transcom/mymove/pkg/auth"
officeuserop "github.com/transcom/mymove/pkg/gen/adminapi/adminoperations/office"
"github.com/transcom/mymove/pkg/handlers"
"github.com/transcom/mymove/pkg/models"
@@ -38,7 +39,7 @@ func (suite *HandlerSuite) TestIndexOfficeUsersHandler() {

requestUser := testdatagen.MakeDefaultUser(suite.DB())
req := httptest.NewRequest("GET", "/office_users", nil)
req = suite.AuthenticateUserRequest(req, requestUser)
req = suite.AuthenticateAdminRequest(req, requestUser)

// test that everything is wired up
suite.T().Run("integration test ok response", func(t *testing.T) {
@@ -50,14 +51,14 @@ func (suite *HandlerSuite) TestIndexOfficeUsersHandler() {
handler := IndexOfficeUsersHandler{
HandlerContext: handlers.NewHandlerContext(suite.DB(), suite.TestLogger()),
NewQueryFilter: query.NewQueryFilter,
OfficeUserListFetcher: user.NewOfficeUserListFetcher(queryBuilder),
OfficeUserListFetcher: user.NewOfficeUserListFetcher(queryBuilder, auth.AuthorizeAdminUser),
}

response := handler.Handle(params)

suite.IsType(&officeuserop.IndexOfficeUsersOK{}, response)
okResponse := response.(*officeuserop.IndexOfficeUsersOK)
suite.Len(okResponse.Payload, 1)
suite.Len(okResponse.Payload, 2)
suite.Equal(uuidString, okResponse.Payload[0].ID.String())
})

@@ -177,6 +177,18 @@ func (suite *BaseHandlerTestSuite) AuthenticateDpsRequest(req *http.Request, ser
return req.WithContext(ctx)
}

// AuthenticateAdminRequest authenticates DPS users
func (suite *BaseHandlerTestSuite) AuthenticateAdminRequest(req *http.Request, user models.User) *http.Request {
session := auth.Session{
ApplicationName: auth.AdminApp,
UserID: user.ID,
IDToken: "fake token",
IsSuperuser: true,
}
ctx := auth.SetSessionInRequestContext(req, &session)
return req.WithContext(ctx)
}

// Fixture allows us to include a fixture like a PDF in the test
func (suite *BaseHandlerTestSuite) Fixture(name string) *runtime.File {
fixtureDir := "fixtures"
@@ -1,6 +1,9 @@
package services

import "github.com/transcom/mymove/pkg/models"
import (
"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/models"
)

// OfficeUserFetcher is the exported interface for fetching a single office user
type OfficeUserFetcher interface {
@@ -9,5 +12,5 @@ type OfficeUserFetcher interface {

// OfficeUserListFetcher is the exported interface for fetching multiple office users
type OfficeUserListFetcher interface {
FetchOfficeUserList(filters []QueryFilter) (models.OfficeUsers, error)
FetchOfficeUserList(filters []QueryFilter, session *auth.Session) (models.OfficeUsers, error)
}
@@ -1,6 +1,7 @@
package user

import (
"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/models"
"github.com/transcom/mymove/pkg/services"
)
@@ -9,18 +10,25 @@ type officeUserListQueryBuilder interface {
FetchMany(model interface{}, filters []services.QueryFilter) error
}

type authorizeAdminUser func(session *auth.Session) error

type officeUserListFetcher struct {
builder officeUserListQueryBuilder
builder officeUserListQueryBuilder
authFunction authorizeAdminUser
}

// FetchOfficeUserList is uses the passed query builder to fetch a list of office users
func (o *officeUserListFetcher) FetchOfficeUserList(filters []services.QueryFilter) (models.OfficeUsers, error) {
// FetchOfficeUserList uses the passed query builder to fetch a list of office users
func (o *officeUserListFetcher) FetchOfficeUserList(filters []services.QueryFilter, session *auth.Session) (models.OfficeUsers, error) {
err := o.authFunction(session)
if err != nil {
return nil, err
}
var officeUsers models.OfficeUsers
error := o.builder.FetchMany(&officeUsers, filters)
return officeUsers, error
}

// NewOfficeUserListFetcher returns an implementation of OfficeUserListFetcher
func NewOfficeUserListFetcher(builder officeUserListQueryBuilder) services.OfficeUserListFetcher {
return &officeUserListFetcher{builder}
func NewOfficeUserListFetcher(builder officeUserListQueryBuilder, authFunction authorizeAdminUser) services.OfficeUserListFetcher {
return &officeUserListFetcher{builder, authFunction}
}
@@ -7,6 +7,7 @@ import (

"github.com/gofrs/uuid"

"github.com/transcom/mymove/pkg/auth"
"github.com/transcom/mymove/pkg/models"
"github.com/transcom/mymove/pkg/services"
"github.com/transcom/mymove/pkg/services/query"
@@ -33,12 +34,19 @@ func (suite *UserServiceSuite) TestFetchOfficeUserList() {
builder := &testOfficeUserListQueryBuilder{
fakeFetchMany: fakeFetchMany,
}
fetcher := NewOfficeUserListFetcher(builder)

// Mocking authorization
session := auth.Session{}
authFunction := func(session *auth.Session) error {
return nil
}

fetcher := NewOfficeUserListFetcher(builder, authFunction)
filters := []services.QueryFilter{
query.NewQueryFilter("id", "=", id.String()),
}

officeUsers, err := fetcher.FetchOfficeUserList(filters)
officeUsers, err := fetcher.FetchOfficeUserList(filters, &session)

suite.NoError(err)
suite.Equal(id, officeUsers[0].ID)
@@ -51,12 +59,42 @@ func (suite *UserServiceSuite) TestFetchOfficeUserList() {
builder := &testOfficeUserListQueryBuilder{
fakeFetchMany: fakeFetchMany,
}
fetcher := NewOfficeUserListFetcher(builder)

officeUsers, err := fetcher.FetchOfficeUserList([]services.QueryFilter{})
// Mocking authorization
session := auth.Session{}
authFunction := func(session *auth.Session) error {
return nil
}

fetcher := NewOfficeUserListFetcher(builder, authFunction)

officeUsers, err := fetcher.FetchOfficeUserList([]services.QueryFilter{}, &session)

suite.Error(err)
suite.Equal(err.Error(), "Fetch error")
suite.Equal(models.OfficeUsers(nil), officeUsers)
})

suite.T().Run("if the user is unauthorized, we get an error", func(t *testing.T) {
fakeFetchMany := func(model interface{}) error {
return nil
}
builder := &testOfficeUserListQueryBuilder{
fakeFetchMany: fakeFetchMany,
}

// Mocking authorization
session := auth.Session{}
authFunction := func(session *auth.Session) error {
return errors.New("USER_UNAUTHORIZED")
}

fetcher := NewOfficeUserListFetcher(builder, authFunction)

officeUsers, err := fetcher.FetchOfficeUserList([]services.QueryFilter{}, &session)

suite.Error(err)
suite.Equal(err.Error(), "USER_UNAUTHORIZED")
suite.Equal(models.OfficeUsers(nil), officeUsers)
})
}

0 comments on commit 0386b3d

Please sign in to comment.
You can’t perform that action at this time.