Skip to content

Commit

Permalink
add support for the null type (#218)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Geal
Geal authored May 23, 2024
1 parent b898f99 commit b0b09d0
Show file tree
Hide file tree
Showing 12 changed files with 641 additions and 11 deletions.
47 changes: 47 additions & 0 deletions biscuit-auth/examples/testcases.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ fn main() {
};

let mut results = Vec::new();

add_test_result(&mut results, basic_token(&target, &root, test));

add_test_result(&mut results, different_root_key(&target, &root, test));
Expand Down Expand Up @@ -143,6 +144,8 @@ fn main() {

add_test_result(&mut results, reject_if(&target, &root, test));

add_test_result(&mut results, null(&target, &root, test));

if json {
let s = serde_json::to_string_pretty(&TestCases {
root_private_key: hex::encode(root.private().to_bytes()),
Expand Down Expand Up @@ -1986,6 +1989,50 @@ fn reject_if(target: &str, root: &KeyPair, test: bool) -> TestResult {
}
}

fn null(target: &str, root: &KeyPair, test: bool) -> TestResult {
let mut rng: StdRng = SeedableRng::seed_from_u64(1234);
let title = "test null".to_string();
let filename = "test31_null".to_string();
let token;

let biscuit = biscuit!(
r#"
check if fact(null, $value), $value == null;
reject if fact(null, $value), $value != null;
"#
)
.build_with_rng(&root, SymbolTable::default(), &mut rng)
.unwrap();
token = print_blocks(&biscuit);

let data = write_or_load_testcase(target, &filename, root, &biscuit, test);

let mut validations = BTreeMap::new();
validations.insert(
"".to_string(),
validate_token(root, &data[..], "fact(null, null); allow if true"),
);
validations.insert(
"rejection1".to_string(),
validate_token(root, &data[..], "fact(null, 1); allow if true"),
);
validations.insert(
"rejection2".to_string(),
validate_token(root, &data[..], "fact(null, true); allow if true"),
);
validations.insert(
"rejection3".to_string(),
validate_token(root, &data[..], "fact(null, \"abcd\"); allow if true"),
);

TestResult {
title,
filename,
token,
validations,
}
}

fn print_blocks(token: &Biscuit) -> Vec<BlockContent> {
let mut v = Vec::new();

Expand Down
193 changes: 193 additions & 0 deletions biscuit-auth/samples/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2463,3 +2463,196 @@ World {

result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "reject if test($test), $test" })] }))`


------------------------------

## test null: test31_null.bc
### token

authority:
symbols: ["fact", "value"]

public keys: []

```
check if fact(null, $value), $value == null;
reject if fact(null, $value), $value != null;
```

### validation

authorizer code:
```
fact(null, null);
allow if true;
```

revocation ids:
- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(null, null)",
],
},
]
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(null, $value), $value == null",
"reject if fact(null, $value), $value != null",
],
},
]
policies: [
"allow if true",
]
}
```

result: `Ok(0)`
### validation for "rejection1"

authorizer code:
```
fact(null, 1);
allow if true;
```

revocation ids:
- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(null, 1)",
],
},
]
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(null, $value), $value == null",
"reject if fact(null, $value), $value != null",
],
},
]
policies: [
"allow if true",
]
}
```

result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(null, $value), $value == null" }), Block(FailedBlockCheck { block_id: 0, check_id: 1, rule: "reject if fact(null, $value), $value != null" })] }))`
### validation for "rejection2"

authorizer code:
```
fact(null, true);
allow if true;
```

revocation ids:
- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(null, true)",
],
},
]
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(null, $value), $value == null",
"reject if fact(null, $value), $value != null",
],
},
]
policies: [
"allow if true",
]
}
```

result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(null, $value), $value == null" }), Block(FailedBlockCheck { block_id: 0, check_id: 1, rule: "reject if fact(null, $value), $value != null" })] }))`
### validation for "rejection3"

authorizer code:
```
fact(null, "abcd");
allow if true;
```

revocation ids:
- `bbf3ad51a70e935126b334f37be2bf66e90162353c19c524c0d3579ee71034996872b8433b132e6e0b519d371b0ab20481d58c4619183e8997c3744786e8e003`

authorizer world:
```
World {
facts: [
Facts {
origin: {
None,
},
facts: [
"fact(null, \"abcd\")",
],
},
]
rules: []
checks: [
Checks {
origin: Some(
0,
),
checks: [
"check if fact(null, $value), $value == null",
"reject if fact(null, $value), $value != null",
],
},
]
policies: [
"allow if true",
]
}
```

result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if fact(null, $value), $value == null" }), Block(FailedBlockCheck { block_id: 0, check_id: 1, rule: "reject if fact(null, $value), $value != null" })] }))`

Loading

0 comments on commit b0b09d0

Please sign in to comment.