Skip to content

Commit

Permalink
engine: Send 403 when authorization result is negative (#93)
Browse files Browse the repository at this point in the history
Closes #75

Signed-off-by: aeneasr <[email protected]>
  • Loading branch information
aeneasr authored Apr 7, 2019
1 parent 4d44174 commit de806d8
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 5 deletions.
8 changes: 5 additions & 3 deletions cmd/engines_acp_ory_allowed.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (

"github.com/ory/keto/cmd/client"
"github.com/ory/keto/sdk/go/keto/swagger"
"github.com/ory/keto/x"
"github.com/ory/x/cmdx"
)

Expand All @@ -40,9 +39,12 @@ var enginesAcpOryAllowedCmd = &cobra.Command{
Resource: args[2],
Action: args[3],
})
x.CheckResponse(err, http.StatusOK, res)
cmdx.Must(err, "Command failed because error occurred: %s", err)

if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusForbidden {
cmdx.Fatalf("Expected status code %d or %d but got: %d", http.StatusOK, http.StatusForbidden, res.StatusCode)
}

cmdx.Must(err, "Unable to decode data to json: %s", err)
fmt.Println(cmdx.FormatResponse(&a))
},
}
Expand Down
7 changes: 6 additions & 1 deletion engine/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,12 @@ func (h *Engine) Evaluate(e evaluator) httprouter.Handle {
return
}

h.h.Write(w, r, &AuthorizationResult{Allowed: allowed})
code := http.StatusOK
if !allowed {
code = http.StatusForbidden
}

h.h.WriteCode(w, r, code, &AuthorizationResult{Allowed: allowed})
}
}

Expand Down
6 changes: 5 additions & 1 deletion engine/ladon/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,11 @@ func TestAllowed(t *testing.T) {
for k, c := range requests[f] {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
d, res, err := cl.DoOryAccessControlPoliciesAllow(f, c.req)
x.CheckResponseTest(t, err, http.StatusOK, res)
if c.allowed {
x.CheckResponseTest(t, err, http.StatusOK, res)
} else {
x.CheckResponseTest(t, err, http.StatusForbidden, res)
}
assert.Equal(t, c.allowed, d.Allowed)
})
}
Expand Down

0 comments on commit de806d8

Please sign in to comment.