From 85a72b37b636c6ff58e13c9b1759563548db7c7a Mon Sep 17 00:00:00 2001 From: slisson Date: Wed, 11 Dec 2024 17:36:20 +0100 Subject: [PATCH] fix(authorization): allow only resource owners/admins to manage permissions The previous behavior of allowing to grant your own permission to others might be too risky. It's hardcoded to --- .../authorization/AuthorizationPlugin.kt | 12 +++- .../modelix/authorization/KtorAuthUtils.kt | 5 ++ .../authorization/PermissionManagementPage.kt | 72 ++++++++++++------- .../permissions/PermissionEvaluator.kt | 5 +- .../server/ModelServerPermissionSchema.kt | 16 +---- .../modelix/model/server/LazyLoadingTest.kt | 2 - .../modelix/model/server/ModelClientTest.kt | 8 +-- .../model/server/ModelServerTestUtil.kt | 2 - .../model/server/PullPerformanceTest.kt | 2 - .../model/server/ReplicatedModelTest.kt | 2 - .../model/server/ReplicatedRepositoryTest.kt | 2 - .../org/modelix/model/server/V1ApiTest.kt | 2 - .../model/server/handlers/HealthApiTest.kt | 2 - .../handlers/KeyValueLikeModelServerTest.kt | 2 - ...icationServerBackwardsCompatibilityTest.kt | 2 - .../handlers/ModelReplicationServerTest.kt | 2 - .../model/server/handlers/ui/IndexPageTest.kt | 2 - .../AdminPermissionOnServerTest.kt | 2 - 18 files changed, 67 insertions(+), 75 deletions(-) diff --git a/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt b/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt index 4409631eb9..a040fa2a82 100644 --- a/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt +++ b/authorization/src/main/kotlin/org/modelix/authorization/AuthorizationPlugin.kt @@ -32,6 +32,8 @@ import io.ktor.server.routing.get import io.ktor.server.routing.routing import io.ktor.util.AttributeKey import org.modelix.authorization.permissions.PermissionEvaluator +import org.modelix.authorization.permissions.PermissionInstanceReference +import org.modelix.authorization.permissions.PermissionParser import org.modelix.authorization.permissions.PermissionParts import org.modelix.authorization.permissions.SchemaInstance import java.nio.charset.StandardCharsets @@ -169,11 +171,15 @@ class ModelixAuthorizationPluginInstance(val config: ModelixAuthorizationConfig) private val deniedPermissionRequests: MutableSet = Collections.synchronizedSet(LinkedHashSet()) private val permissionCache = CacheBuilder.newBuilder() .expireAfterWrite(5, TimeUnit.SECONDS) - .build, Boolean>() + .build, Boolean>() fun getDeniedPermissions(): Set = deniedPermissionRequests.toSet() fun hasPermission(call: ApplicationCall, permissionToCheck: PermissionParts): Boolean { + return hasPermission(call, PermissionParser(config.permissionSchema).parse(permissionToCheck)) + } + + fun hasPermission(call: ApplicationCall, permissionToCheck: PermissionInstanceReference): Boolean { if (!config.permissionCheckingEnabled()) return true val principal = call.principal() ?: throw NotLoggedInException() @@ -184,7 +190,7 @@ class ModelixAuthorizationPluginInstance(val config: ModelixAuthorizationConfig) if (userId != null) { synchronized(deniedPermissionRequests) { deniedPermissionRequests += DeniedPermissionRequest( - permissionId = permissionToCheck, + permissionRef = permissionToCheck, userId = userId, jwtPayload = principal.jwt.payload, ) @@ -222,7 +228,7 @@ class ModelixAuthorizationPluginInstance(val config: ModelixAuthorizationConfig) } data class DeniedPermissionRequest( - val permissionId: PermissionParts, + val permissionRef: PermissionInstanceReference, val userId: String, val jwtPayload: String, ) { diff --git a/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt b/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt index 18908fbc28..1f079b3c6d 100644 --- a/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt +++ b/authorization/src/main/kotlin/org/modelix/authorization/KtorAuthUtils.kt @@ -17,6 +17,7 @@ import io.ktor.server.request.header import io.ktor.server.routing.Route import io.ktor.util.pipeline.PipelineContext import org.modelix.authorization.permissions.PermissionEvaluator +import org.modelix.authorization.permissions.PermissionInstanceReference import org.modelix.authorization.permissions.PermissionParts internal const val MODELIX_JWT_AUTH = "modelixJwtAuth" @@ -49,6 +50,10 @@ fun ApplicationCall.hasPermission(permissionToCheck: PermissionParts): Boolean { return application.plugin(ModelixAuthorization).hasPermission(this, permissionToCheck) } +fun ApplicationCall.hasPermission(permissionToCheck: PermissionInstanceReference): Boolean { + return application.plugin(ModelixAuthorization).hasPermission(this, permissionToCheck) +} + fun ApplicationCall.getPermissionEvaluator(): PermissionEvaluator { return application.plugin(ModelixAuthorization).getPermissionEvaluator(this) } diff --git a/authorization/src/main/kotlin/org/modelix/authorization/PermissionManagementPage.kt b/authorization/src/main/kotlin/org/modelix/authorization/PermissionManagementPage.kt index 1cdbfdfa06..651b1e56e5 100644 --- a/authorization/src/main/kotlin/org/modelix/authorization/PermissionManagementPage.kt +++ b/authorization/src/main/kotlin/org/modelix/authorization/PermissionManagementPage.kt @@ -4,6 +4,7 @@ import io.ktor.server.application.ApplicationCall import io.ktor.server.application.application import io.ktor.server.application.call import io.ktor.server.application.plugin +import io.ktor.server.auth.principal import io.ktor.server.html.respondHtml import io.ktor.server.request.receiveParameters import io.ktor.server.response.respond @@ -26,8 +27,8 @@ import kotlinx.html.td import kotlinx.html.textInput import kotlinx.html.th import kotlinx.html.tr -import org.modelix.authorization.permissions.PermissionParts -import org.modelix.authorization.permissions.PermissionSchemaBase +import org.modelix.authorization.permissions.PermissionInstanceReference +import org.modelix.authorization.permissions.PermissionParser fun Route.installPermissionManagementHandlers() { route("permissions") { @@ -42,9 +43,7 @@ fun Route.installPermissionManagementHandlers() { val roleId = formParameters["roleId"] require(userId != null || roleId != null) { "userId or roleId required" } val permissionId = requireNotNull(formParameters["permissionId"]) { "permissionId not specified" } - - // a user can grant his own permission to other users - checkPermission(PermissionParts.fromString(permissionId)) + call.checkCanGranPermission(permissionId) if (userId != null) { application.plugin(ModelixAuthorization).config.accessControlPersistence.update { @@ -59,12 +58,12 @@ fun Route.installPermissionManagementHandlers() { call.respond("Granted $permissionId to ${userId ?: roleId}") } post("remove-grant") { - call.checkPermission(PermissionSchemaBase.permissionData.write) val formParameters = call.receiveParameters() val userId = formParameters["userId"] val roleId = formParameters["roleId"] require(userId != null || roleId != null) { "userId or roleId required" } val permissionId = requireNotNull(formParameters["permissionId"]) { "permissionId not specified" } + call.checkCanGranPermission(permissionId) if (userId != null) { application.plugin(ModelixAuthorization).config.accessControlPersistence.update { it.withoutGrantToUser(userId, permissionId) @@ -138,7 +137,7 @@ fun HTML.buildPermissionManagementPage(call: ApplicationCall, pluginInstance: Mo th { +"Permission" } } for ((userId, permission) in pluginInstance.config.accessControlPersistence.read().grantsToUsers.flatMap { entry -> entry.value.map { entry.key to it } }) { - if (!call.hasPermission(PermissionParts.fromString(permission))) continue + if (!call.canGrantPermission(permission)) continue tr { td { @@ -174,7 +173,7 @@ fun HTML.buildPermissionManagementPage(call: ApplicationCall, pluginInstance: Mo th { +"Permission" } } for ((roleId, permission) in pluginInstance.config.accessControlPersistence.read().grantsToRoles.flatMap { entry -> entry.value.map { entry.key to it } }) { - if (!call.hasPermission(PermissionParts.fromString(permission))) continue + if (!call.canGrantPermission(permission)) continue tr { td { @@ -213,32 +212,30 @@ fun HTML.buildPermissionManagementPage(call: ApplicationCall, pluginInstance: Mo th { +"Grant" } } for (deniedPermission in pluginInstance.getDeniedPermissions()) { - if (!call.hasPermission(deniedPermission.permissionId)) continue + if (!call.canGrantPermission(deniedPermission.permissionRef)) continue val userId = deniedPermission.userId tr { td { - +userId.orEmpty() + +userId } td { - +deniedPermission.permissionId.fullId + +deniedPermission.permissionRef.toPermissionParts().fullId } td { - if (userId != null) { - val evaluator = pluginInstance.createPermissionEvaluator() - val permissionInstance = evaluator.instantiatePermission(deniedPermission.permissionId) - val candidates = (setOf(permissionInstance) + permissionInstance.transitiveIncludedIn()) - postForm(action = "grant") { - hiddenInput { - name = "userId" - value = userId - } - for (candidate in candidates) { - div { - submitInput { - name = "permissionId" - value = candidate.ref.toString() - } + val evaluator = pluginInstance.createPermissionEvaluator() + val permissionInstance = evaluator.instantiatePermission(deniedPermission.permissionRef) + val candidates = (setOf(permissionInstance) + permissionInstance.transitiveIncludedIn()) + postForm(action = "grant") { + hiddenInput { + name = "userId" + value = userId + } + for (candidate in candidates) { + div { + submitInput { + name = "permissionId" + value = candidate.ref.toString() } } } @@ -249,3 +246,26 @@ fun HTML.buildPermissionManagementPage(call: ApplicationCall, pluginInstance: Mo } } } + +fun ApplicationCall.canGrantPermission(permissionId: String): Boolean { + return canGrantPermission(parsePermission(permissionId)) +} + +fun ApplicationCall.canGrantPermission(permissionRef: PermissionInstanceReference): Boolean { + val resources = generateSequence(permissionRef.resource) { it.parent } + return resources.any { + // hardcoded admin/owner to keep it simple and not having to introduce a permission schema for permissions + hasPermission(PermissionInstanceReference("admin", it)) || hasPermission(PermissionInstanceReference("owner", it)) + } +} + +fun ApplicationCall.checkCanGranPermission(id: String) { + if (!canGrantPermission(id)) { + val principal = principal() + throw NoPermissionException(principal, null, null, "${principal?.getUserName()} has no permission '$id'") + } +} + +fun ApplicationCall.parsePermission(id: String): PermissionInstanceReference { + return application.plugin(ModelixAuthorization).config.permissionSchema.let { PermissionParser(it) }.parse(id) +} diff --git a/authorization/src/main/kotlin/org/modelix/authorization/permissions/PermissionEvaluator.kt b/authorization/src/main/kotlin/org/modelix/authorization/permissions/PermissionEvaluator.kt index 8244e1aa80..a9c46783c3 100644 --- a/authorization/src/main/kotlin/org/modelix/authorization/permissions/PermissionEvaluator.kt +++ b/authorization/src/main/kotlin/org/modelix/authorization/permissions/PermissionEvaluator.kt @@ -38,7 +38,10 @@ class PermissionEvaluator(val schemaInstance: SchemaInstance) { } fun instantiatePermission(permissionId: PermissionParts): SchemaInstance.ResourceInstance.PermissionInstance { - val permissionRef = parser.parse(permissionId) + return instantiatePermission(parser.parse(permissionId)) + } + + fun instantiatePermission(permissionRef: PermissionInstanceReference): SchemaInstance.ResourceInstance.PermissionInstance { val instance = schemaInstance.instantiatePermission(permissionRef) hasPermission(permissionRef) // permissions are instantiated during the check return instance diff --git a/model-server/src/main/kotlin/org/modelix/model/server/ModelServerPermissionSchema.kt b/model-server/src/main/kotlin/org/modelix/model/server/ModelServerPermissionSchema.kt index ac4623812d..511a8d5429 100644 --- a/model-server/src/main/kotlin/org/modelix/model/server/ModelServerPermissionSchema.kt +++ b/model-server/src/main/kotlin/org/modelix/model/server/ModelServerPermissionSchema.kt @@ -9,7 +9,6 @@ import org.modelix.model.lazy.RepositoryId object ModelServerPermissionSchema { private const val MODEL_SERVER = "model-server" private const val ADMIN = "admin" - private const val PERMISSION_SCHEMA = "permission-schema" private const val WRITE = "write" private const val READ = "read" private const val LEGACY_USER_DEFINED_ENTRIES = "legacy-user-defined-entries" @@ -35,28 +34,17 @@ object ModelServerPermissionSchema { } } - resource(PERMISSION_SCHEMA) { - permission(WRITE) { - includedIn(MODEL_SERVER, ADMIN) - permission(READ) - } - } - resource(LEGACY_USER_DEFINED_ENTRIES) { - permission(READ) { - includedIn(MODEL_SERVER, ADMIN) - } permission(WRITE) { includedIn(MODEL_SERVER, ADMIN) + permission(READ) } } resource(LEGACY_GLOBAL_OBJECTS) { - permission(READ) { - includedIn(MODEL_SERVER, ADMIN) - } permission(ADD) { includedIn(MODEL_SERVER, ADMIN) + permission(READ) } } diff --git a/model-server/src/test/kotlin/org/modelix/model/server/LazyLoadingTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/LazyLoadingTest.kt index d513fc1c16..92884b5cd2 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/LazyLoadingTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/LazyLoadingTest.kt @@ -2,7 +2,6 @@ package org.modelix.model.server import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication -import org.modelix.authorization.installAuthentication import org.modelix.model.api.INode import org.modelix.model.api.NullChildLink import org.modelix.model.api.PBranch @@ -39,7 +38,6 @@ class LazyLoadingTest { private fun runTest(block: suspend ApplicationTestBuilder.() -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() val store = InMemoryStoreClient() val repoManager = RepositoriesManager(store) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/ModelClientTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/ModelClientTest.kt index 16a26f6737..ec0e9706a6 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/ModelClientTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/ModelClientTest.kt @@ -1,13 +1,9 @@ package org.modelix.model.server -import io.ktor.server.application.install -import io.ktor.server.resources.Resources -import io.ktor.server.routing.IgnoreTrailingSlash import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication import kotlinx.coroutines.delay import kotlinx.coroutines.withTimeout -import org.modelix.authorization.installAuthentication import org.modelix.model.IKeyListener import org.modelix.model.client.RestWebModelClient import org.modelix.model.server.handlers.KeyValueLikeModelServer @@ -24,9 +20,7 @@ class ModelClientTest { private fun runTest(block: suspend ApplicationTestBuilder.() -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) - install(Resources) - install(IgnoreTrailingSlash) + installDefaultServerPlugins() KeyValueLikeModelServer(RepositoriesManager(InMemoryStoreClient())).init(this) } block() diff --git a/model-server/src/test/kotlin/org/modelix/model/server/ModelServerTestUtil.kt b/model-server/src/test/kotlin/org/modelix/model/server/ModelServerTestUtil.kt index 01136d5bb3..ac09c332a5 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/ModelServerTestUtil.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/ModelServerTestUtil.kt @@ -13,7 +13,6 @@ import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.websocket.WebSockets import kotlinx.coroutines.runBlocking import org.modelix.authorization.ModelixAuthorization -import org.modelix.authorization.installAuthentication import org.modelix.model.client2.ModelClientV2 import org.modelix.model.server.Main.installStatusPages import org.modelix.model.server.handlers.Paths.registerJsonTypes @@ -55,7 +54,6 @@ fun runWithNettyServer( testBlock: suspend (server: NettyApplicationEngine) -> Unit, ) { val nettyServer: NettyApplicationEngine = io.ktor.server.engine.embeddedServer(Netty, port = 0) { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() setupBlock(this) } diff --git a/model-server/src/test/kotlin/org/modelix/model/server/PullPerformanceTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/PullPerformanceTest.kt index 1035fddb7b..502434a48f 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/PullPerformanceTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/PullPerformanceTest.kt @@ -3,7 +3,6 @@ package org.modelix.model.server import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication import kotlinx.coroutines.coroutineScope -import org.modelix.authorization.installAuthentication import org.modelix.model.api.IChildLink import org.modelix.model.api.IConceptReference import org.modelix.model.api.INode @@ -25,7 +24,6 @@ class PullPerformanceTest { val storeClientWithStatistics = StoreClientWithStatistics(InMemoryStoreClient()) val repositoriesManager = RepositoriesManager(storeClientWithStatistics) application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() ModelReplicationServer(repositoriesManager).init(this) KeyValueLikeModelServer(repositoriesManager).init(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedModelTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedModelTest.kt index 8ec240b2a3..4402fd0d93 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedModelTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedModelTest.kt @@ -7,7 +7,6 @@ import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.launch import org.junit.Assert.assertFalse -import org.modelix.authorization.installAuthentication import org.modelix.model.api.ChildLinkFromName import org.modelix.model.api.ConceptReference import org.modelix.model.api.IBranch @@ -117,7 +116,6 @@ class ReplicatedModelTest { private fun runTest(block: suspend ApplicationTestBuilder.() -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() val repoManager = RepositoriesManager(InMemoryStoreClient()) ModelReplicationServer(repoManager).init(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedRepositoryTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedRepositoryTest.kt index 99f295387e..46ccde30aa 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedRepositoryTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/ReplicatedRepositoryTest.kt @@ -9,7 +9,6 @@ import kotlinx.coroutines.launch import kotlinx.coroutines.withTimeout import org.junit.jupiter.api.RepeatedTest import org.junit.jupiter.api.RepetitionInfo -import org.modelix.authorization.installAuthentication import org.modelix.model.ModelFacade import org.modelix.model.VersionMerger import org.modelix.model.api.IBranch @@ -51,7 +50,6 @@ class ReplicatedRepositoryTest { private fun runTest(block: suspend ApplicationTestBuilder.(scope: CoroutineScope) -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() val storeClient = InMemoryStoreClient() val repositoriesManager = RepositoriesManager(storeClient) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/V1ApiTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/V1ApiTest.kt index 5bbbacd0fa..99c8fd7524 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/V1ApiTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/V1ApiTest.kt @@ -14,7 +14,6 @@ import io.ktor.server.testing.testApplication import kotlinx.coroutines.async import kotlinx.coroutines.sync.Mutex import org.junit.jupiter.api.Test -import org.modelix.authorization.installAuthentication import org.modelix.model.server.handlers.KeyValueLikeModelServer import org.modelix.model.server.handlers.RepositoriesManager import org.modelix.model.server.store.InMemoryStoreClient @@ -27,7 +26,6 @@ class V1ApiTest { val repositoriesManager = RepositoriesManager(InMemoryStoreClient()) application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() KeyValueLikeModelServer(repositoriesManager).init(this) } diff --git a/model-server/src/test/kotlin/org/modelix/model/server/handlers/HealthApiTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/handlers/HealthApiTest.kt index 7bf50f8d5a..eb7a6742b0 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/handlers/HealthApiTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/handlers/HealthApiTest.kt @@ -11,7 +11,6 @@ import io.mockk.every import io.mockk.spyk import kotlinx.serialization.json.Json import org.junit.jupiter.api.Test -import org.modelix.authorization.installAuthentication import org.modelix.model.server.installDefaultServerPlugins import org.modelix.model.server.store.InMemoryStoreClient import kotlin.test.AfterTest @@ -24,7 +23,6 @@ class HealthApiTest { private fun runApiTest(block: suspend ApplicationTestBuilder.() -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() routing { healthApiSpy.installRoutes(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServerTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServerTest.kt index fa1789ca15..101cada62b 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServerTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/handlers/KeyValueLikeModelServerTest.kt @@ -10,7 +10,6 @@ import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication import kotlinx.serialization.json.Json import kotlinx.serialization.json.JsonElement -import org.modelix.authorization.installAuthentication import org.modelix.model.client.RestWebModelClient import org.modelix.model.client2.runWrite import org.modelix.model.lazy.CLVersion @@ -31,7 +30,6 @@ class KeyValueLikeModelServerTest { val repositoriesManager = RepositoriesManager(store) application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() KeyValueLikeModelServer(repositoriesManager).init(this) ModelReplicationServer(repositoriesManager).init(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerBackwardsCompatibilityTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerBackwardsCompatibilityTest.kt index fcb11a351f..7071161ef4 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerBackwardsCompatibilityTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerBackwardsCompatibilityTest.kt @@ -4,7 +4,6 @@ import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.coroutineScope -import org.modelix.authorization.installAuthentication import org.modelix.model.client.RestWebModelClient import org.modelix.model.client2.ModelClientV2 import org.modelix.model.lazy.RepositoryId @@ -24,7 +23,6 @@ class ModelReplicationServerBackwardsCompatibilityTest { val modelReplicationServer = ModelReplicationServer(repositoriesManager) val keyValueLikeModelServer = KeyValueLikeModelServer(repositoriesManager) application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() modelReplicationServer.init(this) keyValueLikeModelServer.init(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerTest.kt index 74ad071fed..357ae98750 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ModelReplicationServerTest.kt @@ -40,7 +40,6 @@ import kotlinx.coroutines.flow.flow import kotlinx.coroutines.flow.onEmpty import kotlinx.coroutines.test.runTest import kotlinx.coroutines.withTimeout -import org.modelix.authorization.installAuthentication import org.modelix.model.api.IConceptReference import org.modelix.model.client2.ModelClientV2 import org.modelix.model.client2.readVersionDelta @@ -82,7 +81,6 @@ class ModelReplicationServerTest { block: suspend ApplicationTestBuilder.(scope: CoroutineScope, fixture: Fixture) -> Unit, ) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() fixture.modelReplicationServer.init(this) IdsApiImpl(fixture.repositoriesManager).init(this) diff --git a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ui/IndexPageTest.kt b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ui/IndexPageTest.kt index d5fa91374f..e93720c1eb 100644 --- a/model-server/src/test/kotlin/org/modelix/model/server/handlers/ui/IndexPageTest.kt +++ b/model-server/src/test/kotlin/org/modelix/model/server/handlers/ui/IndexPageTest.kt @@ -4,7 +4,6 @@ import io.ktor.client.request.get import io.ktor.client.statement.bodyAsText import io.ktor.server.testing.ApplicationTestBuilder import io.ktor.server.testing.testApplication -import org.modelix.authorization.installAuthentication import org.modelix.model.client.successful import org.modelix.model.server.installDefaultServerPlugins import kotlin.test.Test @@ -14,7 +13,6 @@ class IndexPageTest { private fun runTest(block: suspend ApplicationTestBuilder.() -> Unit) = testApplication { application { - installAuthentication(unitTestMode = true) installDefaultServerPlugins() IndexPage().init(this) } diff --git a/model-server/src/test/kotlin/permissions/AdminPermissionOnServerTest.kt b/model-server/src/test/kotlin/permissions/AdminPermissionOnServerTest.kt index 88530f7f22..858c71fa53 100644 --- a/model-server/src/test/kotlin/permissions/AdminPermissionOnServerTest.kt +++ b/model-server/src/test/kotlin/permissions/AdminPermissionOnServerTest.kt @@ -17,8 +17,6 @@ class AdminPermissionOnServerTest : PermissionTestBase(listOf(ModelServerPermiss "legacy-user-defined-entries/read", "legacy-user-defined-entries/write", "model-server/admin", - "permission-schema/read", - "permission-schema/write", "repository/my-repo/admin", "repository/my-repo/branch/my-branch/admin", "repository/my-repo/branch/my-branch/create",