From 97d0a9facbb96c2d8081a45005f051279da37b80 Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 24 May 2024 14:55:56 +0200 Subject: [PATCH] Add samples --- biscuit-auth/examples/testcases.rs | 148 ++++++ biscuit-auth/samples/README.md | 422 +++++++++++++++++- biscuit-auth/samples/samples.json | 401 ++++++++++++++++- .../samples/test028_expressions_v4.bc | Bin 388 -> 388 bytes .../samples/test031_heterogeneous_equal.bc | Bin 0 -> 203 bytes .../test032_heterogeneous_not_equal.bc | Bin 0 -> 203 bytes biscuit-auth/samples/test033_strict_equal.bc | Bin 0 -> 203 bytes .../samples/test034_strict_not_equal.bc | Bin 0 -> 203 bytes 8 files changed, 957 insertions(+), 14 deletions(-) create mode 100644 biscuit-auth/samples/test031_heterogeneous_equal.bc create mode 100644 biscuit-auth/samples/test032_heterogeneous_not_equal.bc create mode 100644 biscuit-auth/samples/test033_strict_equal.bc create mode 100644 biscuit-auth/samples/test034_strict_not_equal.bc diff --git a/biscuit-auth/examples/testcases.rs b/biscuit-auth/examples/testcases.rs index 0c875ef3..6d99dde2 100644 --- a/biscuit-auth/examples/testcases.rs +++ b/biscuit-auth/examples/testcases.rs @@ -146,6 +146,14 @@ fn main() { add_test_result(&mut results, null(&target, &root, test)); + add_test_result(&mut results, heterogeneous_equal(&target, &root, test)); + + add_test_result(&mut results, heterogeneous_not_equal(&target, &root, test)); + + add_test_result(&mut results, strict_equal(&target, &root, test)); + + add_test_result(&mut results, strict_not_equal(&target, &root, test)); + if json { let s = serde_json::to_string_pretty(&TestCases { root_private_key: hex::encode(root.private().to_bytes()), @@ -2033,6 +2041,146 @@ fn null(target: &str, root: &KeyPair, test: bool) -> TestResult { } } +fn heterogeneous_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { + let mut rng: StdRng = SeedableRng::seed_from_u64(1234); + let title = "test heterogeneous equal".to_string(); + let filename = "test031_heterogeneous_equal".to_string(); + let token; + + let biscuit = biscuit!( + r#" + check if fact(1, $value), 1 == $value; + "# + ) + .build_with_rng(&root, SymbolTable::default(), &mut rng) + .unwrap(); + token = print_blocks(&biscuit); + + let data = write_or_load_testcase(target, &filename, root, &biscuit, test); + + let mut validations = BTreeMap::new(); + validations.insert( + "authorized same type".to_string(), + validate_token(root, &data[..], "fact(1, 1); allow if true"), + ); + validations.insert( + "unauthorized failed logic different type".to_string(), + validate_token(root, &data[..], "fact(1, true); allow if true"), + ); + + TestResult { + title, + filename, + token, + validations, + } +} + +fn heterogeneous_not_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { + let mut rng: StdRng = SeedableRng::seed_from_u64(1234); + let title = "test heterogeneous not equal".to_string(); + let filename = "test032_heterogeneous_not_equal".to_string(); + let token; + + let biscuit = biscuit!( + r#" + check if fact(1, $value), 1 != $value; + "# + ) + .build_with_rng(&root, SymbolTable::default(), &mut rng) + .unwrap(); + token = print_blocks(&biscuit); + + let data = write_or_load_testcase(target, &filename, root, &biscuit, test); + + let mut validations = BTreeMap::new(); + validations.insert( + "unauthorized failed logic same type".to_string(), + validate_token(root, &data[..], "fact(1, 1); allow if true"), + ); + validations.insert( + "authorized different type".to_string(), + validate_token(root, &data[..], "fact(1, true); allow if true"), + ); + + TestResult { + title, + filename, + token, + validations, + } +} + +fn strict_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { + let mut rng: StdRng = SeedableRng::seed_from_u64(1234); + let title = "test strict equal".to_string(); + let filename = "test033_strict_equal".to_string(); + let token; + + let biscuit = biscuit!( + r#" + check if fact(1, $value), 1 === $value; + "# + ) + .build_with_rng(&root, SymbolTable::default(), &mut rng) + .unwrap(); + token = print_blocks(&biscuit); + + let data = write_or_load_testcase(target, &filename, root, &biscuit, test); + + let mut validations = BTreeMap::new(); + validations.insert( + "authorized same type".to_string(), + validate_token(root, &data[..], "fact(1, 1); allow if true"), + ); + validations.insert( + "error invalid type".to_string(), + validate_token(root, &data[..], "fact(1, true); allow if true"), + ); + + TestResult { + title, + filename, + token, + validations, + } +} + +fn strict_not_equal(target: &str, root: &KeyPair, test: bool) -> TestResult { + let mut rng: StdRng = SeedableRng::seed_from_u64(1234); + let title = "test strict not equal".to_string(); + let filename = "test034_strict_not_equal".to_string(); + let token; + + let biscuit = biscuit!( + r#" + check if fact(1, $value), 1 !== $value; + "# + ) + .build_with_rng(&root, SymbolTable::default(), &mut rng) + .unwrap(); + token = print_blocks(&biscuit); + + let data = write_or_load_testcase(target, &filename, root, &biscuit, test); + + let mut validations = BTreeMap::new(); + validations.insert( + "unauthorized failed logic same type".to_string(), + validate_token(root, &data[..], "fact(1, 1); allow if true"), + ); + validations.insert( + "error invalid type".to_string(), + validate_token(root, &data[..], "fact(1, true); allow if true"), + ); + + TestResult { + title, + filename, + token, + validations, + } +} + fn print_blocks(token: &Biscuit) -> Vec { let mut v = Vec::new(); diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md index 029ead92..e159c604 100644 --- a/biscuit-auth/samples/README.md +++ b/biscuit-auth/samples/README.md @@ -1270,7 +1270,7 @@ allow if true; ``` revocation ids: -- `3d5b23b502b3dd920bfb68b9039164d1563bb8927210166fa5c17f41b76b31bb957bc2ed3318452958f658baa2d398fe4cf25c58a27e6c8bc42c9702c8aa1b0c` +- `de85fa2c3be6cfd3f746ecbdacf534e742c92c939d603bba621e54fde4c1c0b2cab1ea0d22d9f81749ed35573ff9f210889a3d654d6db55723f2061ea94a8402` authorizer world: ``` @@ -2276,7 +2276,7 @@ allow if true; ``` revocation ids: -- `3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05` +- `a57be539aae237040fe6c2c28c4263516147c9f0d1d7ba88a385f1574f504c544164a2c747efd8b30eaab9d351c383cc1875642f173546d5f4b53b2220c87a0a` authorizer world: ``` @@ -2331,7 +2331,7 @@ allow if true; ``` revocation ids: -- `117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b` +- `dd4e67340c5c008b252d69746f004382e52ecdaf1c60ea1cec8dda437f5a25fa5a7cc5e6dfe0409a42055b7b91bcf84d48d4a8d2666584a8c1baa6ef0ea06701` authorizer world: ``` @@ -2489,7 +2489,7 @@ allow if true; ``` revocation ids: -- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003` +- `35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02` authorizer world: ``` @@ -2533,7 +2533,7 @@ allow if true; ``` revocation ids: -- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003` +- `35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02` authorizer world: ``` @@ -2577,7 +2577,7 @@ allow if true; ``` revocation ids: -- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003` +- `35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02` authorizer world: ``` @@ -2621,7 +2621,7 @@ allow if true; ``` revocation ids: -- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003` +- `35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02` authorizer world: ``` @@ -2656,3 +2656,411 @@ World { result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(null, $value), $value == null" }), Block(FailedBlockCheck { block_id: 0, check_id: 1, rule: "reject if fact(null, $value), $value != null" })] }))` + +------------------------------ + +## test heterogeneous equal: test031_heterogeneous_equal.bc +### token + +authority: +symbols: ["fact", "value"] + +public keys: [] + +``` +check if fact(1, $value), 1 == $value; +``` + +### validation for "authorized same type" + +authorizer code: +``` +fact(1, 1); + +allow if true; +``` + +revocation ids: +- `06316d762408770a7b360a40cc686540936ae6545b85adcd5a104a71682f447cee26bf3af5ee56bb5c55a0b40bfe5e512dc32118c1070295984a713396194403` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, 1)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 == $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Ok(0)` +### validation for "unauthorized failed logic different type" + +authorizer code: +``` +fact(1, true); + +allow if true; +``` + +revocation ids: +- `06316d762408770a7b360a40cc686540936ae6545b85adcd5a104a71682f447cee26bf3af5ee56bb5c55a0b40bfe5e512dc32118c1070295984a713396194403` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, true)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 == $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(1, $value), 1 == $value" })] }))` + + +------------------------------ + +## test heterogeneous not equal: test032_heterogeneous_not_equal.bc +### token + +authority: +symbols: ["fact", "value"] + +public keys: [] + +``` +check if fact(1, $value), 1 != $value; +``` + +### validation for "authorized different type" + +authorizer code: +``` +fact(1, true); + +allow if true; +``` + +revocation ids: +- `a39e00193733fc15f65a6adeb200833b220ea981368f44e66bd5e9b65c08e42706ddd2a9dccf2252c5b25d876350a5700827dc2e29cee9e75395c36beb0ad00d` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, true)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 != $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Ok(0)` +### validation for "unauthorized failed logic same type" + +authorizer code: +``` +fact(1, 1); + +allow if true; +``` + +revocation ids: +- `a39e00193733fc15f65a6adeb200833b220ea981368f44e66bd5e9b65c08e42706ddd2a9dccf2252c5b25d876350a5700827dc2e29cee9e75395c36beb0ad00d` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, 1)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 != $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(1, $value), 1 != $value" })] }))` + + +------------------------------ + +## test strict equal: test033_strict_equal.bc +### token + +authority: +symbols: ["fact", "value"] + +public keys: [] + +``` +check if fact(1, $value), 1 === $value; +``` + +### validation for "authorized same type" + +authorizer code: +``` +fact(1, 1); + +allow if true; +``` + +revocation ids: +- `b1de59505ce02af2bcfd461c46404200ff4f1b0c0af5ba8ce9d27e1dd4a84874baa7de0729835087f45b2a64d28c4ec2a25458d99855eb7ad5a4e03f31fac004` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, 1)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 === $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Ok(0)` +### validation for "error invalid type" + +authorizer code: +``` +fact(1, true); + +allow if true; +``` + +revocation ids: +- `b1de59505ce02af2bcfd461c46404200ff4f1b0c0af5ba8ce9d27e1dd4a84874baa7de0729835087f45b2a64d28c4ec2a25458d99855eb7ad5a4e03f31fac004` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, true)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 === $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Err(Execution(InvalidType))` + + +------------------------------ + +## test strict not equal: test034_strict_not_equal.bc +### token + +authority: +symbols: ["fact", "value"] + +public keys: [] + +``` +check if fact(1, $value), 1 !== $value; +``` + +### validation for "error invalid type" + +authorizer code: +``` +fact(1, true); + +allow if true; +``` + +revocation ids: +- `58b42f1e11fd7c219f92a4ae88bc95d34d515b25fd30e9e50da77e0538d25344474c880b04719cb600655f35c4d1f802e9263d635bd9f5c5d594103c55546706` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, true)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 !== $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Err(Execution(InvalidType))` +### validation for "unauthorized failed logic same type" + +authorizer code: +``` +fact(1, 1); + +allow if true; +``` + +revocation ids: +- `58b42f1e11fd7c219f92a4ae88bc95d34d515b25fd30e9e50da77e0538d25344474c880b04719cb600655f35c4d1f802e9263d635bd9f5c5d594103c55546706` + +authorizer world: +``` +World { + facts: [ + Facts { + origin: { + None, + }, + facts: [ + "fact(1, 1)", + ], + }, +] + rules: [] + checks: [ + Checks { + origin: Some( + 0, + ), + checks: [ + "check if fact(1, $value), 1 !== $value", + ], + }, +] + policies: [ + "allow if true", +] +} +``` + +result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(1, $value), 1 !== $value" })] }))` + diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json index 54a1ee9e..0d53a40f 100644 --- a/biscuit-auth/samples/samples.json +++ b/biscuit-auth/samples/samples.json @@ -1310,7 +1310,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "3d5b23b502b3dd920bfb68b9039164d1563bb8927210166fa5c17f41b76b31bb957bc2ed3318452958f658baa2d398fe4cf25c58a27e6c8bc42c9702c8aa1b0c" + "de85fa2c3be6cfd3f746ecbdacf534e742c92c939d603bba621e54fde4c1c0b2cab1ea0d22d9f81749ed35573ff9f210889a3d654d6db55723f2061ea94a8402" ] } } @@ -2127,7 +2127,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05" + "a57be539aae237040fe6c2c28c4263516147c9f0d1d7ba88a385f1574f504c544164a2c747efd8b30eaab9d351c383cc1875642f173546d5f4b53b2220c87a0a" ] } } @@ -2173,7 +2173,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b" + "dd4e67340c5c008b252d69746f004382e52ecdaf1c60ea1cec8dda437f5a25fa5a7cc5e6dfe0409a42055b7b91bcf84d48d4a8d2666584a8c1baa6ef0ea06701" ] } } @@ -2323,7 +2323,7 @@ }, "authorizer_code": "fact(null, null);\n\nallow if true;\n", "revocation_ids": [ - "bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003" + "35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02" ] }, "rejection1": { @@ -2381,7 +2381,7 @@ }, "authorizer_code": "fact(null, 1);\n\nallow if true;\n", "revocation_ids": [ - "bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003" + "35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02" ] }, "rejection2": { @@ -2439,7 +2439,7 @@ }, "authorizer_code": "fact(null, true);\n\nallow if true;\n", "revocation_ids": [ - "bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003" + "35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02" ] }, "rejection3": { @@ -2497,7 +2497,394 @@ }, "authorizer_code": "fact(null, \"abcd\");\n\nallow if true;\n", "revocation_ids": [ - "bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003" + "35d99762ee4343b245d66b719f7ad6180c76dd899c39e4072cf61dcf8673e7510374922457ce260b8c576431e894e38c7c0bacd3e5cae2bfc63e3286d2078d02" + ] + } + } + }, + { + "title": "test heterogeneous equal", + "filename": "test031_heterogeneous_equal.bc", + "token": [ + { + "symbols": [ + "fact", + "value" + ], + "public_keys": [], + "external_key": null, + "code": "check if fact(1, $value), 1 == $value;\n" + } + ], + "validations": { + "authorized same type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, 1)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 == $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Ok": 0 + }, + "authorizer_code": "fact(1, 1);\n\nallow if true;\n", + "revocation_ids": [ + "06316d762408770a7b360a40cc686540936ae6545b85adcd5a104a71682f447cee26bf3af5ee56bb5c55a0b40bfe5e512dc32118c1070295984a713396194403" + ] + }, + "unauthorized failed logic different type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, true)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 == $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Err": { + "FailedLogic": { + "Unauthorized": { + "policy": { + "Allow": 0 + }, + "checks": [ + { + "Block": { + "block_id": 0, + "check_id": 0, + "rule": "check if fact(1, $value), 1 == $value" + } + } + ] + } + } + } + }, + "authorizer_code": "fact(1, true);\n\nallow if true;\n", + "revocation_ids": [ + "06316d762408770a7b360a40cc686540936ae6545b85adcd5a104a71682f447cee26bf3af5ee56bb5c55a0b40bfe5e512dc32118c1070295984a713396194403" + ] + } + } + }, + { + "title": "test heterogeneous not equal", + "filename": "test032_heterogeneous_not_equal.bc", + "token": [ + { + "symbols": [ + "fact", + "value" + ], + "public_keys": [], + "external_key": null, + "code": "check if fact(1, $value), 1 != $value;\n" + } + ], + "validations": { + "authorized different type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, true)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 != $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Ok": 0 + }, + "authorizer_code": "fact(1, true);\n\nallow if true;\n", + "revocation_ids": [ + "a39e00193733fc15f65a6adeb200833b220ea981368f44e66bd5e9b65c08e42706ddd2a9dccf2252c5b25d876350a5700827dc2e29cee9e75395c36beb0ad00d" + ] + }, + "unauthorized failed logic same type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, 1)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 != $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Err": { + "FailedLogic": { + "Unauthorized": { + "policy": { + "Allow": 0 + }, + "checks": [ + { + "Block": { + "block_id": 0, + "check_id": 0, + "rule": "check if fact(1, $value), 1 != $value" + } + } + ] + } + } + } + }, + "authorizer_code": "fact(1, 1);\n\nallow if true;\n", + "revocation_ids": [ + "a39e00193733fc15f65a6adeb200833b220ea981368f44e66bd5e9b65c08e42706ddd2a9dccf2252c5b25d876350a5700827dc2e29cee9e75395c36beb0ad00d" + ] + } + } + }, + { + "title": "test strict equal", + "filename": "test033_strict_equal.bc", + "token": [ + { + "symbols": [ + "fact", + "value" + ], + "public_keys": [], + "external_key": null, + "code": "check if fact(1, $value), 1 === $value;\n" + } + ], + "validations": { + "authorized same type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, 1)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 === $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Ok": 0 + }, + "authorizer_code": "fact(1, 1);\n\nallow if true;\n", + "revocation_ids": [ + "b1de59505ce02af2bcfd461c46404200ff4f1b0c0af5ba8ce9d27e1dd4a84874baa7de0729835087f45b2a64d28c4ec2a25458d99855eb7ad5a4e03f31fac004" + ] + }, + "error invalid type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, true)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 === $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Err": { + "Execution": "InvalidType" + } + }, + "authorizer_code": "fact(1, true);\n\nallow if true;\n", + "revocation_ids": [ + "b1de59505ce02af2bcfd461c46404200ff4f1b0c0af5ba8ce9d27e1dd4a84874baa7de0729835087f45b2a64d28c4ec2a25458d99855eb7ad5a4e03f31fac004" + ] + } + } + }, + { + "title": "test strict not equal", + "filename": "test034_strict_not_equal.bc", + "token": [ + { + "symbols": [ + "fact", + "value" + ], + "public_keys": [], + "external_key": null, + "code": "check if fact(1, $value), 1 !== $value;\n" + } + ], + "validations": { + "error invalid type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, true)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 !== $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Err": { + "Execution": "InvalidType" + } + }, + "authorizer_code": "fact(1, true);\n\nallow if true;\n", + "revocation_ids": [ + "58b42f1e11fd7c219f92a4ae88bc95d34d515b25fd30e9e50da77e0538d25344474c880b04719cb600655f35c4d1f802e9263d635bd9f5c5d594103c55546706" + ] + }, + "unauthorized failed logic same type": { + "world": { + "facts": [ + { + "origin": [ + null + ], + "facts": [ + "fact(1, 1)" + ] + } + ], + "rules": [], + "checks": [ + { + "origin": 0, + "checks": [ + "check if fact(1, $value), 1 !== $value" + ] + } + ], + "policies": [ + "allow if true" + ] + }, + "result": { + "Err": { + "FailedLogic": { + "Unauthorized": { + "policy": { + "Allow": 0 + }, + "checks": [ + { + "Block": { + "block_id": 0, + "check_id": 0, + "rule": "check if fact(1, $value), 1 !== $value" + } + } + ] + } + } + } + }, + "authorizer_code": "fact(1, 1);\n\nallow if true;\n", + "revocation_ids": [ + "58b42f1e11fd7c219f92a4ae88bc95d34d515b25fd30e9e50da77e0538d25344474c880b04719cb600655f35c4d1f802e9263d635bd9f5c5d594103c55546706" ] } } diff --git a/biscuit-auth/samples/test028_expressions_v4.bc b/biscuit-auth/samples/test028_expressions_v4.bc index c34d7a103fcfe7a1ada52e0be46ec70f544137e0..c8da29bbf293ce4dbcb8b705d6cf95be3e7c05a7 100644 GIT binary patch delta 110 zcmZo+ZegAv!N@vMQkqe0qNy>X=)_D}Agf&&NUT->5@)o5#19RJyME~=JTVO2s=Apa z`3%lYPxa2Omq~af^QQNfbA6QRuc(@%&+b2PnB~M8T|IHn4_}WfD=wv_wyZd~YuS6g L1?h~F6Btzh`$#K# delta 110 zcmZo+ZegAv!N@XEQkqd@qNy>El_?8kwJQUO)e1o3j5d(?q2VA{zbv@Kr*&##Xk1o) z9$-5E~0G!)xmb&!LID3y8w?8dx{T@4ejU`PNOZcV-UlgzP>1weDrC}( zPQs#8SlO6W>w49s;6E|?zyu;93Lu&2dk&FUQy%WM1OF8!ZYv|gqELGijGY@FDzsSN FEnyp_MFju= literal 0 HcmV?d00001 diff --git a/biscuit-auth/samples/test034_strict_not_equal.bc b/biscuit-auth/samples/test034_strict_not_equal.bc new file mode 100644 index 0000000000000000000000000000000000000000..f455b54cdf161ddbf8b8213dce5c6ec30fc57374 GIT binary patch literal 203 zcmV;+05ty+qyY*#3It|hV{{4yc42IFWf%l9DGDbF0tg!t3E#Wleg!zvQ$$BhhzkU9oVEaEUp2(h z_yXxBJ!4zh^~Kec5Ij{>X9gl73Lu&2dk&FUQy%WM1OF8!ZYv|gqELGijGY@FDzsSN FEn!GJK}Y}q literal 0 HcmV?d00001