Hugging Face's logo

Spaces:
MVPilgrim
/
SemanticSearchPOC
Running

App Files Community
SemanticSearchPOC
File size: 3,421 Bytes 
b110593
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
//                           _       _
// __      _____  __ ___   ___  __ _| |_ ___
// \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
//  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
//   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
//
//  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
//
//  CONTACT: [email protected]
//

package v1

import (
	"context"
	"fmt"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/weaviate/weaviate/entities/models"
	"google.golang.org/grpc/metadata"
)

func TestAuth(t *testing.T) {
	tests := []struct {
		name        string
		buildCtx    func() context.Context
		shouldErr   bool
		expectedOut *models.Principal
		allowAnon   bool
	}{
		{
			name: "nothing provided, anon allowed",
			buildCtx: func() context.Context {
				return context.Background()
			},
			allowAnon: true,
			shouldErr: false,
		},
		{
			name: "nothing provided, anon forbidden",
			buildCtx: func() context.Context {
				return context.Background()
			},
			allowAnon: false,
			shouldErr: true,
		},
		{
			name: "with md, but nothing usable, anon allowed",
			buildCtx: func() context.Context {
				md := metadata.Pairs("unrelated", "unrelated")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			allowAnon: true,
			shouldErr: false,
		},
		{
			name: "with md, but nothing usable, anon forbidden",
			buildCtx: func() context.Context {
				md := metadata.Pairs("unrelated", "unrelated")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			allowAnon: false,
			shouldErr: true,
		},
		{
			name: "with md, but nothing usable, anon allowed",
			buildCtx: func() context.Context {
				md := metadata.Pairs("authorization", "wrong-format")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			allowAnon: true,
			shouldErr: false,
		},
		{
			name: "with md, but nothing usable, anon forbidden",
			buildCtx: func() context.Context {
				md := metadata.Pairs("authorization", "wrong-format")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			allowAnon: false,
			shouldErr: true,
		},
		{
			name: "with md, and a token",
			buildCtx: func() context.Context {
				md := metadata.Pairs("authorization", "Bearer Foo")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			shouldErr:   false,
			expectedOut: &models.Principal{Username: "Foo"},
		},
		{
			name: "with a token that makes extraction error",
			buildCtx: func() context.Context {
				md := metadata.Pairs("authorization", "Bearer err")
				return metadata.NewIncomingContext(context.Background(), md)
			},
			shouldErr: true,
		},
	}

	for _, test := range tests {
		t.Run(test.name, func(t *testing.T) {
			s := &Service{
				allowAnonymousAccess: test.allowAnon,
				authComposer: func(token string, scopes []string) (*models.Principal, error) {
					if token == "" {
						return nil, fmt.Errorf("not allowed")
					}
					if token == "err" {
						return nil, fmt.Errorf("other error")
					}
					return &models.Principal{Username: token}, nil
				},
			}

			p, err := s.principalFromContext(test.buildCtx())
			if test.shouldErr {
				require.NotNil(t, err)
			} else {
				require.Nil(t, err)
				assert.Equal(t, test.expectedOut, p)
			}
		})
	}
}