From f1cb4a51c9db03fdf5d4d836794c44de5f626731 Mon Sep 17 00:00:00 2001 From: Clement Delafargue Date: Mon, 25 Nov 2024 10:36:08 +0100 Subject: [PATCH] fixup! errors: display more info about failed checks and policies --- biscuit-auth/src/token/authorizer.rs | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/biscuit-auth/src/token/authorizer.rs b/biscuit-auth/src/token/authorizer.rs index dcba5ea4..9febb07e 100644 --- a/biscuit-auth/src/token/authorizer.rs +++ b/biscuit-auth/src/token/authorizer.rs @@ -1378,6 +1378,8 @@ impl AuthorizerExt for Authorizer { mod tests { use std::time::Duration; + use token::{public_keys::PublicKeys, DATALOG_3_1}; + use crate::{ builder::{Algorithm, BiscuitBuilder, BlockBuilder}, KeyPair, @@ -1815,4 +1817,38 @@ allow if true; let authorizer = Authorizer::new(); assert_eq!("", authorizer.to_string()) } + + #[test] + fn rule_validate_variables() { + let mut authorizer = Authorizer::new(); + let mut syms = SymbolTable::new(); + let rule_name = syms.insert("test"); + let pred_name = syms.insert("pred"); + let rule = datalog::rule( + rule_name, + &[datalog::var(&mut syms, "unbound")], + &[datalog::pred(pred_name, &[datalog::var(&mut syms, "any")])], + ); + let mut block = Block { + symbols: syms.clone(), + facts: vec![], + rules: vec![rule], + checks: vec![], + context: None, + version: DATALOG_3_1, + external_key: None, + public_keys: PublicKeys::new(), + scopes: vec![], + }; + + assert_eq!( + authorizer + .load_and_translate_block(&mut block, 0, &syms) + .unwrap_err(), + error::Token::FailedLogic(error::Logic::InvalidBlockRule( + 0, + "test($unbound) <- pred($any)".to_string() + )) + ); + } }