diff --git a/maxctrl/lib/create.js b/maxctrl/lib/create.js index a3f9ce947..07ccd0a8d 100644 --- a/maxctrl/lib/create.js +++ b/maxctrl/lib/create.js @@ -174,6 +174,13 @@ exports.builder = function(yargs) { return doRequest(host, 'services/' + argv.service + '/listeners', null, {method: 'POST', body: listener}) }) }) + .group(['type'], 'Create user options:') + .option('type', { + describe: 'Type of user to create', + type: 'string', + default: 'basic', + choices: ['admin', 'basic'] + }) .command('user ', 'Create a new network user', {}, function(argv) { var user = { @@ -181,7 +188,8 @@ exports.builder = function(yargs) { 'id': argv.name, 'type': 'inet', 'attributes': { - 'password': argv.password + 'password': argv.password, + 'account': argv.type } } } diff --git a/maxctrl/lib/enable.js b/maxctrl/lib/enable.js index c4eb3bdd0..83ce99c75 100644 --- a/maxctrl/lib/enable.js +++ b/maxctrl/lib/enable.js @@ -35,11 +35,21 @@ exports.builder = function(yargs) { }) } }) + .group(['type'], 'Enable account options:') + .option('type', { + describe: 'Type of user to create', + type: 'string', + default: 'basic', + choices: ['admin', 'basic'] + }) .command('account ', 'Activate a Linux user account for administrative use', {}, function(argv) { var req_body = { data: { id: argv.name, - type: 'unix' + type: 'unix', + attributes: { + 'account': argv.type + } } } maxctrl(argv, function(host) { diff --git a/maxctrl/test/createdestroy.js b/maxctrl/test/createdestroy.js index b0e5bcb6f..54c8e67c8 100644 --- a/maxctrl/test/createdestroy.js +++ b/maxctrl/test/createdestroy.js @@ -131,14 +131,38 @@ describe("Create/Destroy Commands", function() { }) it('create user', function() { - return verifyCommand('create user testuser test', - 'users/inet/testuser') - .should.be.fulfilled + return verifyCommand('create user testuser test', 'users/inet/testuser') }) it('destroy user', function() { return doCommand('destroy user testuser') - .should.be.fulfilled + }) + + it('create admin user', function() { + return verifyCommand('create user testadmin test --type=admin', 'users/inet/testadmin') + .then((res) => { + res.data.attributes.account.should.equal('admin') + }) + }) + + it('destroy admin user', function() { + return doCommand('destroy user testadmin') + }) + + it('create basic user', function() { + return verifyCommand('create user testbasic test --type=basic', 'users/inet/testbasic') + .then((res) => { + res.data.attributes.account.should.equal('basic') + }) + }) + + it('destroy basic user', function() { + return doCommand('destroy user testbasic') + }) + + it('create user with bad type', function() { + return doCommand('create user testadmin test --type=superuser') + .should.be.rejected }) after(stopMaxScale) diff --git a/server/core/admin.cc b/server/core/admin.cc index c7ff370bd..9b9b1cb06 100644 --- a/server/core/admin.cc +++ b/server/core/admin.cc @@ -226,7 +226,7 @@ int handle_client(void *cls, { if (!do_auth(connection, url, method)) { - return MHD_YES; + return MHD_NO; } if (*con_cls == NULL) diff --git a/server/core/test/rest-api/test/auth.js b/server/core/test/rest-api/test/auth.js index aa0eaf783..cbde2ecd1 100644 --- a/server/core/test/rest-api/test/auth.js +++ b/server/core/test/rest-api/test/auth.js @@ -25,7 +25,8 @@ describe("Authentication", function() { id: "user1", type: "inet", attributes: { - password: "pw1" + password: "pw1", + account: "admin" } } } @@ -35,13 +36,26 @@ describe("Authentication", function() { id: "user2", type: "inet", attributes: { - password: "pw2" + password: "pw2", + account: "admin" + } + } + } + + var user3 = { + data: { + id: "user3", + type: "inet", + attributes: { + password: "pw3", + account: "basic" } } } var auth1 = "http://" + user1.data.id + ":" + user1.data.attributes.password + "@" var auth2 = "http://" + user2.data.id + ":" + user2.data.attributes.password + "@" + var auth3 = "http://" + user3.data.id + ":" + user3.data.attributes.password + "@" it("unauthorized request without authentication", function() { return request.get(base_url + "/maxscale") @@ -88,6 +102,25 @@ describe("Authentication", function() { .should.be.fulfilled }) + it("create basic user", function() { + return request.post(auth2 + host + "/users/inet", { json: user3 }) + .should.be.fulfilled + }) + + it("accept read request with basic user", function() { + return request.get(auth3 + host + "/servers/server1/") + .should.be.fulfilled + }) + + it("reject write request with basic user", function() { + return request.get(auth3 + host + "/servers/server1/") + .then(function(res) { + var obj = JSON.parse(res) + return request.patch(auth3 + host + "/servers/server1/", {json: obj}) + .should.be.rejected + }) + }) + it("request with wrong user", function() { return request.get(auth1 + host + "/maxscale") .should.be.rejected diff --git a/server/core/test/rest-api/test/users.js b/server/core/test/rest-api/test/users.js index de8af6fe7..4a0351a86 100644 --- a/server/core/test/rest-api/test/users.js +++ b/server/core/test/rest-api/test/users.js @@ -9,6 +9,7 @@ describe("Users", function() { id: "user1", type: "inet", attributes: { + account: "admin" } } }