Fix Datastore.compute()
authentication check (#4288)
Co-authored-by: Gerard Guillemas Martos <gerard.guillemas@surrealdb.com>
This commit is contained in:
parent
2197a71330
commit
8fdc930098
4 changed files with 36 additions and 21 deletions
|
@ -1192,7 +1192,7 @@ impl Datastore {
|
|||
|
||||
// Check if anonymous actors can compute values when auth is enabled
|
||||
// TODO(sgirones): Check this as part of the authorisation layer
|
||||
if self.auth_enabled && !self.capabilities.allows_guest_access() {
|
||||
if sess.au.is_anon() && self.auth_enabled && !self.capabilities.allows_guest_access() {
|
||||
return Err(IamError::NotAllowed {
|
||||
actor: "anonymous".to_string(),
|
||||
action: "compute".to_string(),
|
||||
|
|
|
@ -164,7 +164,7 @@ impl Default for StartServerArguments {
|
|||
wait_is_ready: true,
|
||||
tick_interval: time::Duration::new(1, 0),
|
||||
temporary_directory: None,
|
||||
args: "--allow-all".to_string(),
|
||||
args: "".to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -177,6 +177,22 @@ pub async fn start_server_without_auth() -> Result<(String, Child), Box<dyn Erro
|
|||
.await
|
||||
}
|
||||
|
||||
pub async fn start_server_with_functions() -> Result<(String, Child), Box<dyn Error>> {
|
||||
start_server(StartServerArguments {
|
||||
args: "--allow-funcs".to_string(),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
}
|
||||
|
||||
pub async fn start_server_with_guests() -> Result<(String, Child), Box<dyn Error>> {
|
||||
start_server(StartServerArguments {
|
||||
args: "--allow-guests".to_string(),
|
||||
..Default::default()
|
||||
})
|
||||
.await
|
||||
}
|
||||
|
||||
pub async fn start_server_with_defaults() -> Result<(String, Child), Box<dyn Error>> {
|
||||
start_server(StartServerArguments::default()).await
|
||||
}
|
||||
|
|
|
@ -211,12 +211,11 @@ async fn invalidate() -> Result<(), Box<dyn std::error::Error>> {
|
|||
// Send INVALIDATE command
|
||||
socket.send_request("invalidate", json!([])).await?;
|
||||
// Verify we have an invalidated session
|
||||
let res = socket.send_message_query("DEFINE NAMESPACE test").await?;
|
||||
assert_eq!(res[0]["status"], "ERR", "result: {:?}", res);
|
||||
let res = socket.send_request("query", json!(["DEFINE NAMESPACE test"])).await?;
|
||||
assert_eq!(
|
||||
res[0]["result"], "IAM error: Not enough permissions to perform this action",
|
||||
"result: {:?}",
|
||||
res
|
||||
res["error"]["message"],
|
||||
"There was a problem with the database: IAM error: Not enough permissions to perform this action",
|
||||
"result: {:?}", res
|
||||
);
|
||||
// Test passed
|
||||
server.finish().unwrap();
|
||||
|
@ -1476,7 +1475,7 @@ async fn session_reauthentication_expired() {
|
|||
#[test(tokio::test)]
|
||||
async fn run_functions() {
|
||||
// Setup database server
|
||||
let (addr, mut server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, mut server) = common::start_server_with_functions().await.unwrap();
|
||||
// Connect to WebSocket
|
||||
let mut socket = Socket::connect(&addr, SERVER, FORMAT).await.unwrap();
|
||||
// Authenticate the connection
|
||||
|
|
|
@ -15,7 +15,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn basic_auth() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let url = &format!("http://{addr}/sql");
|
||||
|
||||
// Prepare HTTP client
|
||||
|
@ -211,7 +211,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn bearer_auth() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let url = &format!("http://{addr}/sql");
|
||||
|
||||
let ns = Ulid::new().to_string();
|
||||
|
@ -776,7 +776,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn sql_endpoint() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let url = &format!("http://{addr}/sql");
|
||||
|
||||
// Prepare HTTP client
|
||||
|
@ -997,7 +997,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_select_all() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let num_records = 50;
|
||||
let url = &format!("http://{addr}/key/{table_name}");
|
||||
|
@ -1088,7 +1088,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_create_all() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
|
||||
// Prepare HTTP client
|
||||
let mut headers = reqwest::header::HeaderMap::new();
|
||||
|
@ -1150,7 +1150,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_update_all() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let num_records = 10;
|
||||
let url = &format!("http://{addr}/key/{table_name}");
|
||||
|
@ -1219,7 +1219,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_modify_all() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = Ulid::new().to_string();
|
||||
let num_records = 10;
|
||||
let url = &format!("http://{addr}/key/{table_name}");
|
||||
|
@ -1288,7 +1288,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_delete_all() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let num_records = 10;
|
||||
let url = &format!("http://{addr}/key/{table_name}");
|
||||
|
@ -1341,7 +1341,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_select_one() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let url = &format!("http://{addr}/key/{table_name}/1");
|
||||
|
||||
|
@ -1381,7 +1381,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_create_one() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
|
||||
// Prepare HTTP client
|
||||
|
@ -1477,7 +1477,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_update_one() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let url = &format!("http://{addr}/key/{table_name}/1");
|
||||
|
||||
|
@ -1553,7 +1553,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_modify_one() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let url = &format!("http://{addr}/key/{table_name}/1");
|
||||
|
||||
|
@ -1630,7 +1630,7 @@ mod http_integration {
|
|||
|
||||
#[test(tokio::test)]
|
||||
async fn key_endpoint_delete_one() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (addr, _server) = common::start_server_with_defaults().await.unwrap();
|
||||
let (addr, _server) = common::start_server_with_guests().await.unwrap();
|
||||
let table_name = "table";
|
||||
let base_url = &format!("http://{addr}/key/{table_name}");
|
||||
|
||||
|
|
Loading…
Reference in a new issue