From 942671b60485754d74522bef6cf34597f4251afa Mon Sep 17 00:00:00 2001 From: Michael Desa Date: Wed, 22 Nov 2017 15:03:15 -0500 Subject: [PATCH] Ensure that organzation on role is valid org id --- server/users.go | 3 +++ server/users_test.go | 39 +++++++++++++++++++++++++++++---------- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/server/users.go b/server/users.go index 6030ba3011..37e50f75fb 100644 --- a/server/users.go +++ b/server/users.go @@ -63,6 +63,9 @@ func (r *userRequest) ValidRoles() error { if r.Organization == "" { return fmt.Errorf("no organization was provided") } + if _, err := parseOrganizationID(r.Organization); err != nil { + return fmt.Errorf("failed to parse organization ID: %v", err) + } if _, ok := orgs[r.Organization]; ok { return fmt.Errorf("duplicate organization %q in roles", r.Organization) } diff --git a/server/users_test.go b/server/users_test.go index 82bb611ad8..d8c1c3159b 100644 --- a/server/users_test.go +++ b/server/users_test.go @@ -178,11 +178,11 @@ func TestService_NewUser(t *testing.T) { Roles: []chronograf.Role{ { Name: roles.AdminRoleName, - Organization: "bobbetta org", + Organization: "1", }, { Name: roles.ViewerRoleName, - Organization: "billieta org", + Organization: "2", }, }, }, @@ -199,11 +199,11 @@ func TestService_NewUser(t *testing.T) { Roles: []chronograf.Role{ { Name: roles.AdminRoleName, - Organization: "bobbetta org", + Organization: "1", }, { Name: roles.ViewerRoleName, - Organization: "billieta org", + Organization: "2", }, }, }, nil @@ -212,7 +212,7 @@ func TestService_NewUser(t *testing.T) { }, wantStatus: http.StatusCreated, wantContentType: "application/json", - wantBody: `{"id":"1338","superAdmin":false,"name":"bob","provider":"github","scheme":"oauth2","roles":[{"name":"admin","organization":"bobbetta org"},{"name":"viewer","organization":"billieta org"}],"links":{"self":"/chronograf/v1/users/1338"}}`, + wantBody: `{"id":"1338","superAdmin":false,"name":"bob","provider":"github","scheme":"oauth2","roles":[{"name":"admin","organization":"1"},{"name":"viewer","organization":"2"}],"links":{"self":"/chronograf/v1/users/1338"}}`, }, { name: "Create a new Chronograf User with multiple roles same org", @@ -230,11 +230,11 @@ func TestService_NewUser(t *testing.T) { Roles: []chronograf.Role{ { Name: roles.AdminRoleName, - Organization: "bobbetta org", + Organization: "1", }, { Name: roles.ViewerRoleName, - Organization: "bobbetta org", + Organization: "1", }, }, }, @@ -251,11 +251,11 @@ func TestService_NewUser(t *testing.T) { Roles: []chronograf.Role{ { Name: roles.AdminRoleName, - Organization: "bobbetta org", + Organization: "1", }, { Name: roles.ViewerRoleName, - Organization: "bobbetta org", + Organization: "1", }, }, }, nil @@ -264,7 +264,7 @@ func TestService_NewUser(t *testing.T) { }, wantStatus: http.StatusUnprocessableEntity, wantContentType: "application/json", - wantBody: `{"code":422,"message":"duplicate organization \"bobbetta org\" in roles"}`, + wantBody: `{"code":422,"message":"duplicate organization \"1\" in roles"}`, }, { name: "Create a new SuperAdmin User - Not as superadmin", @@ -1017,6 +1017,25 @@ func TestUserRequest_ValidCreate(t *testing.T) { wantErr: false, err: nil, }, + { + name: "Invalid - bad organization", + args: args{ + u: &userRequest{ + ID: 1337, + Name: "billietta", + Provider: "auth0", + Scheme: "oauth2", + Roles: []chronograf.Role{ + { + Name: roles.EditorRoleName, + Organization: "l", // this is the character L not integer One + }, + }, + }, + }, + wantErr: true, + err: fmt.Errorf("failed to parse organization ID: strconv.ParseUint: parsing \"l\": invalid syntax"), + }, { name: "Invalid – Name missing", args: args{