Fix return of REST-returned permissions when auth_list is set

2025-04-16 09:40:20 +00:00 · 2022-09-13 23:10:04 +02:00 · 2022-09-13 23:10:04 +02:00 · f2346c1868
commit f2346c1868
parent 31aee29e4e
3 changed files with 78 additions and 1 deletions
--- a/changelog/62022.fixed
+++ b/changelog/62022.fixed
@ -0,0 +1 @@
+Fix return of REST-returned permissions when auth_list is set
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1904,6 +1904,8 @@ class Login(LowDataAdapter):

            if token["eauth"] == "django" and "^model" in eauth:
                perms = token["auth_list"]
+            elif token["eauth"] == "rest" and "auth_list" in token:
+                perms = token["auth_list"]
            else:
                perms = salt.netapi.sum_permissions(token, eauth)
                perms = salt.netapi.sorted_permissions(perms)
@ -1927,7 +1929,7 @@ class Login(LowDataAdapter):
                    "start": token["start"],
                    "user": token["name"],
                    "eauth": token["eauth"],
-                    "perms": perms or {},
+                    "perms": perms or [],
                }
            ]
        }
--- a/tests/pytests/unit/netapi/cherrypy/test_login.py
+++ b/tests/pytests/unit/netapi/cherrypy/test_login.py
@ -0,0 +1,74 @@
+from types import SimpleNamespace
+
+import pytest
+
+import salt.netapi.rest_cherrypy.app as cherrypy_app
+from tests.support.mock import MagicMock, patch
+
+
+class MockCherryPy:
+    session = MagicMock(cache={}, id="6d1b722e")
+    config = {
+        "saltopts": {},
+        "apiopts": {
+            "external_auth": {"rest": {"^url": "https://test_url/rest"}},
+            "cachedir": "/tmp",
+        },
+    }
+    request = SimpleNamespace(
+        lowstate=[{"username": "fred", "password": "secret"}],
+        remote=SimpleNamespace(ip="1.2.3.4"),
+    )
+    serving = SimpleNamespace(request=request)
+    response = SimpleNamespace(headers={})
+
+
+class MockNetapiClient:
+    def __init__(self, *args, **kwargs):
+        pass
+
+    def _is_master_running(self):
+        return True
+
+
+class MockResolver:
+    def __init__(self, *args, **kwargs):
+        pass
+
+    def mk_token(self, load):
+        return {
+            "token": "6d1b722e",
+            "start": 10000.0,
+            "expire": 20000.0,
+            "name": "fred",
+            "eauth": "rest",
+            "auth_list": [
+                "@test123",
+            ],
+        }
+
+    def get_token(self, token):
+        pass
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {cherrypy_app: {}}
+
+
+def test__loigin_rest_match_token():
+    with patch("salt.netapi.rest_cherrypy.app.cherrypy", MockCherryPy()):
+        with patch("salt.netapi.NetapiClient", MockNetapiClient):
+            with patch("salt.auth.Resolver", MockResolver):
+                login = cherrypy_app.Login()
+                authtoken = login.POST()["return"][0]
+                assert authtoken["token"] == "6d1b722e"
+
+
+def test__login_rest_returns_perms():
+    with patch("salt.netapi.rest_cherrypy.app.cherrypy", MockCherryPy()):
+        with patch("salt.netapi.NetapiClient", MockNetapiClient):
+            with patch("salt.auth.Resolver", MockResolver):
+                login = cherrypy_app.Login()
+                authtoken = login.POST()["return"][0]
+                assert authtoken["perms"] == ["@test123"]
				`@ -0,0 +1 @@`
				`Fix return of REST-returned permissions when auth_list is set`