-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce a more granular, site-based allowlist (#14)
This PR updates the allowlist in a few ways: 1. Move from a comma-delimited list of domains to a structured JSON-formatted file 2. Adds support for allowlisting individual emails, in addition to domains 3. Adds support for allowlisting an entity (domain or email) for only a specific set of sites It also removes the allowlists from the repo, as those will start containing more individual information.
- Loading branch information
Showing
18 changed files
with
344 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,33 +1,82 @@ | ||
package allowlist | ||
|
||
import "testing" | ||
import ( | ||
"testing" | ||
|
||
func TestCheck(t *testing.T) { | ||
allowedDomain := "example.com" | ||
"github.com/google/go-cmp/cmp" | ||
) | ||
|
||
c := NewChecker([]string{allowedDomain}) | ||
var exampleConfig = &config{ | ||
Format: "v1", | ||
Allowlist: []*AllowlistEntry{ | ||
&AllowlistEntry{Domain: "example.com"}, // Can access any site | ||
&AllowlistEntry{Domain: "only-opgee.com", Sites: []string{"OPGEE"}}, // Can only access OPGEE | ||
&AllowlistEntry{Email: "test@only-pacta.com", Sites: []string{"PACTA"}}, // Only test@ can access PACTA | ||
}, | ||
} | ||
|
||
allowed, err := c.Check("allowed@example.com") | ||
func TestCheck(t *testing.T) { | ||
c, err := newChecker(exampleConfig) | ||
if err != nil { | ||
t.Fatalf("Check: %v", err) | ||
t.Fatalf("failed to init checker: %v", err) | ||
} | ||
|
||
tests := []struct { | ||
desc string | ||
email string | ||
want *Entity | ||
}{ | ||
{ | ||
desc: "allowed on any site", | ||
email: "allowed@example.com", | ||
want: &Entity{AllowAllSites: true}, | ||
}, | ||
{ | ||
desc: "domain not in the allowlist", | ||
email: "denied@example.net", | ||
want: nil, | ||
}, | ||
{ | ||
desc: "domain allowlisted for OPGEE", | ||
email: "any-email@only-opgee.com", | ||
want: &Entity{AllowedSites: []Site{SiteOPGEE}}, | ||
}, | ||
{ | ||
desc: "email allowlisted for PACTA", | ||
email: "test@only-pacta.com", | ||
want: &Entity{AllowedSites: []Site{SitePACTA}}, | ||
}, | ||
{ | ||
desc: "different email allowlisted for PACTA", | ||
email: "not-allowed@only-pacta.com", | ||
want: nil, | ||
}, | ||
} | ||
if !allowed { | ||
t.Error("Check said email was not allowed, expected allowed") | ||
|
||
for _, test := range tests { | ||
t.Run(test.desc, func(t *testing.T) { | ||
got, err := c.Check(test.email) | ||
if err != nil { | ||
t.Fatalf("Check: %v", err) | ||
} | ||
if diff := cmp.Diff(test.want, got); diff != "" { | ||
t.Errorf("unexpected Check() results (-want +got)\n%s", diff) | ||
} | ||
}) | ||
} | ||
} | ||
|
||
allowed, err = c.Check("denied@example.net") | ||
func TestCheck_Error(t *testing.T) { | ||
c, err := newChecker(exampleConfig) | ||
if err != nil { | ||
t.Fatalf("Check: %v", err) | ||
} | ||
if allowed { | ||
t.Error("Check said email was allowed, expected not allowed") | ||
t.Fatalf("failed to init checker: %v", err) | ||
} | ||
|
||
allowed, err = c.Check("malformed.biz") | ||
entity, err := c.Check("malformed.biz") | ||
if err == nil { | ||
t.Fatal("Check returned no error for invalid email address") | ||
} | ||
if allowed { | ||
t.Error("Check said invalid email was allowed") | ||
if entity != nil { | ||
t.Errorf("Check said invalid email was allowed: %+v", entity) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.