Skip to content

Commit

Permalink
test: ensure problematic chars are not creatable over REST (#709)
Browse files Browse the repository at this point in the history
  • Loading branch information
zepatrik authored Sep 15, 2021
1 parent b8b23c3 commit 12b7954
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 3 deletions.
2 changes: 1 addition & 1 deletion internal/relationtuple/transact_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func (h *handler) createRelation(w http.ResponseWriter, r *http.Request, _ httpr

if err := h.d.RelationTupleManager().WriteRelationTuples(r.Context(), &rel); err != nil {
h.d.Logger().WithError(err).WithFields(rel.ToLoggerFields()).Errorf("got an error while creating the relation tuple")
h.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrInternalServerError.WithError(err.Error())))
h.d.Writer().WriteError(w, r, err)
return
}

Expand Down
63 changes: 61 additions & 2 deletions internal/relationtuple/transact_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,21 @@ func TestWriteHandlers(t *testing.T) {
r := httprouter.New()
wr := &x.WriteRouter{Router: r}
rr := &x.ReadRouter{Router: r}
nspace := &namespace.Namespace{Name: "write handler test"}
reg := driver.NewSqliteTestRegistry(t, false)
require.NoError(t, reg.Config().Set(config.KeyNamespaces, []*namespace.Namespace{nspace}))

var nspaces []*namespace.Namespace
addNamespace := func(t *testing.T) *namespace.Namespace {
n := &namespace.Namespace{
ID: int32(len(nspaces)),
Name: t.Name(),
}
nspaces = append(nspaces, n)

require.NoError(t, reg.Config().Set(config.KeyNamespaces, nspaces))

return n
}

h := relationtuple.NewHandler(reg)
h.RegisterWriteRoutes(wr)
h.RegisterReadRoutes(rr)
Expand All @@ -46,6 +58,8 @@ func TestWriteHandlers(t *testing.T) {
}

t.Run("case=creates tuple", func(t *testing.T) {
nspace := addNamespace(t)

rt := &relationtuple.InternalRelationTuple{
Namespace: nspace.Name,
Object: "obj",
Expand Down Expand Up @@ -86,10 +100,51 @@ func TestWriteHandlers(t *testing.T) {
resp := doCreate([]byte("foo"))
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
})

t.Run("case=special chars error on creation already", func(t *testing.T) {
nspace := addNamespace(t)

rts := []*relationtuple.InternalRelationTuple{
{
Namespace: nspace.Name,
Object: "group:B",
Relation: "member",
Subject: &relationtuple.SubjectSet{
Namespace: nspace.Name,
Object: "group:A",
Relation: "member",
},
},
{
Namespace: nspace.Name,
Object: "@all",
Relation: "member",
Subject: &relationtuple.SubjectID{ID: "this:will#be interpreted:as a@subject set"},
},
}

for _, rt := range rts {
payload, err := json.Marshal(rt)
require.NoError(t, err)

resp := doCreate(payload)
assert.GreaterOrEqual(t, resp.StatusCode, http.StatusBadRequest)
assert.Less(t, resp.StatusCode, http.StatusInternalServerError)
}

actual, next, err := reg.RelationTupleManager().GetRelationTuples(context.Background(), &relationtuple.RelationQuery{
Namespace: nspace.Name,
})
require.NoError(t, err)
assert.Equal(t, "", next)
assert.Len(t, actual, 0)
})
})

t.Run("method=delete", func(t *testing.T) {
t.Run("case=deletes a tuple", func(t *testing.T) {
nspace := addNamespace(t)

rt := &relationtuple.InternalRelationTuple{
Namespace: nspace.Name,
Object: "deleted obj",
Expand All @@ -113,6 +168,8 @@ func TestWriteHandlers(t *testing.T) {

t.Run("method=patch", func(t *testing.T) {
t.Run("case=create and delete", func(t *testing.T) {
nspace := addNamespace(t)

deltas := []*relationtuple.PatchDelta{
{
Action: relationtuple.ActionInsert,
Expand Down Expand Up @@ -152,6 +209,8 @@ func TestWriteHandlers(t *testing.T) {
})

t.Run("case=ignores rest on err", func(t *testing.T) {
nspace := addNamespace(t)

deltas := []*relationtuple.PatchDelta{
{
Action: relationtuple.ActionInsert,
Expand Down

0 comments on commit 12b7954

Please sign in to comment.