test: Test user record selfModifiable behavior

2025-03-10 16:58:28 +03:00 · 2024-04-24 19:41:03 -04:00 · 2024-04-24 19:41:03 -04:00 · 58117af9c0
commit 58117af9c0
parent ea9f50a0cd
2 changed files with 102 additions and 0 deletions
--- a/src/test/meson.build
+++ b/src/test/meson.build
@ -182,6 +182,7 @@ simple_tests += files(
        'test-umask-util.c',
        'test-unaligned.c',
        'test-unit-file.c',
+        'test-user-record.c',
        'test-user-util.c',
        'test-utf8.c',
        'test-verbs.c',
--- a/src/test/test-user-record.c
+++ b/src/test/test-user-record.c
@ -0,0 +1,101 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "json-util.h"
+#include "macro.h"
+#include "tests.h"
+#include "user-record.h"
+
+#define USER(ret, ...)                          \
+        ({                                      \
+                typeof(ret) _r = (ret);         \
+                user_record_unref(*_r);         \
+                assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \
+                0;                              \
+        })
+
+TEST(self_changes) {
+        _cleanup_(user_record_unrefp) UserRecord *curr = NULL, *new = NULL;
+
+        /* not allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999));
+        assert_se(!user_record_self_changes_allowed(curr, new));
+
+        /* manually allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111),
+             SD_JSON_BUILD_PAIR_ARRAY("selfModifiableFields", SD_JSON_BUILD_STRING("notInHardCodedList")));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_ARRAY("selfModifiableFields", SD_JSON_BUILD_STRING("notInHardCodedList")),
+             /* change in order shouldn't affect things */
+             SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999));
+        assert_se(user_record_self_changes_allowed(curr, new));
+
+        /* default allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_STRING("realName", "Old Name"));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_STRING("realName", "New Name"));
+        assert_se(user_record_self_changes_allowed(curr, new));
+
+        /* introduced new default allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_STRING("realName", "New Name"));
+        assert_se(user_record_self_changes_allowed(curr, new));
+
+        /* introduced new not allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999));
+        assert_se(!user_record_self_changes_allowed(curr, new));
+
+        /* privileged section: default allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_STRING("passwordHint", "Old Hint")));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_STRING("passwordHint", "New Hint")));
+        assert_se(user_record_self_changes_allowed(curr, new));
+
+        /* privileged section: not allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111)));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999)));
+        assert_se(!user_record_self_changes_allowed(curr, new));
+
+        /* privileged section: manually allowlisted */
+        USER(&curr,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_ARRAY("selfModifiablePrivileged", SD_JSON_BUILD_STRING("notInHardCodedList")),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 11111)));
+        USER(&new,
+             SD_JSON_BUILD_PAIR_STRING("userName", "test"),
+             SD_JSON_BUILD_PAIR_ARRAY("selfModifiablePrivileged", SD_JSON_BUILD_STRING("notInHardCodedList")),
+             SD_JSON_BUILD_PAIR_OBJECT("privileged",
+                                    SD_JSON_BUILD_PAIR_UNSIGNED("notInHardCodedList", 99999)));
+        assert_se(user_record_self_changes_allowed(curr, new));
+}
+
+DEFINE_TEST_MAIN(LOG_INFO);