| 33 | func (m *mockUserStore) LastUpdate(_ uint) int64 { return 0 } |
| 34 | |
| 35 | func TestProxyAuthCreateUserRestrictsDefaults(t *testing.T) { |
| 36 | t.Parallel() |
| 37 | |
| 38 | store := &mockUserStore{users: make(map[string]*users.User)} |
| 39 | srv := &settings.Server{Root: t.TempDir()} |
| 40 | |
| 41 | s := &settings.Settings{ |
| 42 | Key: []byte("key"), |
| 43 | AuthMethod: MethodProxyAuth, |
| 44 | Defaults: settings.UserDefaults{ |
| 45 | Perm: users.Permissions{ |
| 46 | Admin: true, |
| 47 | Execute: true, |
| 48 | Create: true, |
| 49 | Rename: true, |
| 50 | Modify: true, |
| 51 | Delete: true, |
| 52 | Share: true, |
| 53 | Download: true, |
| 54 | }, |
| 55 | Commands: []string{"git", "ls", "cat", "id"}, |
| 56 | }, |
| 57 | } |
| 58 | |
| 59 | auth := ProxyAuth{Header: "X-Remote-User"} |
| 60 | req, _ := http.NewRequest(http.MethodGet, "/", http.NoBody) |
| 61 | req.Header.Set("X-Remote-User", "newproxyuser") |
| 62 | |
| 63 | user, err := auth.Auth(req, store, s, srv) |
| 64 | if err != nil { |
| 65 | t.Fatalf("Auth() error: %v", err) |
| 66 | } |
| 67 | |
| 68 | if user.Perm.Admin { |
| 69 | t.Error("auto-provisioned proxy user should not have Admin permission") |
| 70 | } |
| 71 | if user.Perm.Execute { |
| 72 | t.Error("auto-provisioned proxy user should not have Execute permission") |
| 73 | } |
| 74 | if len(user.Commands) != 0 { |
| 75 | t.Errorf("auto-provisioned proxy user should have empty Commands, got %v", user.Commands) |
| 76 | } |
| 77 | if !user.Perm.Create { |
| 78 | t.Error("auto-provisioned proxy user should retain Create permission from defaults") |
| 79 | } |
| 80 | } |