hotfix(api): forbidden create unresolved contact type (#1031)

moira-alert · May 28, 2024 · 3e19ed3 · 3e19ed3
1 parent f8ec459
commit 3e19ed3
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 12 deletions.
diff --git a/api/controller/contact.go b/api/controller/contact.go
@@ -61,7 +61,7 @@ func CreateContact(
 		return api.ErrorInternalServer(fmt.Errorf("CreateContact: cannot create contact when both userLogin and teamID specified"))
 	}
 
-	if !isAllowedContactType(auth, userLogin, contact.Type) {
+	if !isAllowedToUseContactType(auth, userLogin, contact.Type) {
 		return api.ErrorInvalidRequest(ErrNotAllowedContactType)
 	}
 
@@ -110,7 +110,7 @@ func UpdateContact(
 	contactDTO dto.Contact,
 	contactData moira.ContactData,
 ) (dto.Contact, *api.ErrorResponse) {
-	if !isAllowedContactType(auth, contactDTO.User, contactDTO.Type) {
+	if !isAllowedToUseContactType(auth, contactDTO.User, contactDTO.Type) {
 		return contactDTO, api.ErrorInvalidRequest(ErrNotAllowedContactType)
 	}
 
@@ -250,10 +250,10 @@ func isContactExists(dataBase moira.Database, contactID string) (bool, error) {
 	return true, nil
 }
 
-func isAllowedContactType(auth *api.Authorization, userLogin string, contactType string) bool {
+func isAllowedToUseContactType(auth *api.Authorization, userLogin string, contactType string) bool {
+	isAuthEnabled := auth.IsEnabled()
 	isAdmin := auth.IsAdmin(userLogin)
+	_, isAllowedContactType := auth.AllowedContactTypes[contactType]
 
-	_, isAllowedContact := auth.AllowedContactTypes[contactType]
-
-	return isAllowedContact || isAdmin
+	return isAllowedContactType || isAdmin || !isAuthEnabled
 }
diff --git a/api/controller/contact_test.go b/api/controller/contact_test.go
@@ -121,7 +121,7 @@ func TestCreateContact(t *testing.T) {
 	)
 
 	auth := &api.Authorization{
-		Enabled: false,
+		Enabled: true,
 		AllowedContactTypes: map[string]struct{}{
 			contactType: {},
 		},
@@ -193,6 +193,32 @@ func TestCreateContact(t *testing.T) {
 			So(err, ShouldResemble, expectedErr)
 		})
 
+		Convey("Successfully create not allowed contact with disabled auth", func() {
+			auth.Enabled = false
+			defer func() {
+				auth.Enabled = true
+			}()
+
+			contact := &dto.Contact{
+				ID:    uuid.Must(uuid.NewV4()).String(),
+				Value: contactValue,
+				Type:  notAllowedContactType,
+			}
+
+			expectedContact := moira.ContactData{
+				ID:    contact.ID,
+				Value: contact.Value,
+				Type:  contact.Type,
+				User:  userLogin,
+			}
+
+			dataBase.EXPECT().GetContact(contact.ID).Return(moira.ContactData{}, database.ErrNil)
+			dataBase.EXPECT().SaveContact(&expectedContact).Return(nil)
+
+			err := CreateContact(dataBase, auth, contact, userLogin, "")
+			So(err, ShouldBeNil)
+		})
+
 		Convey("Error save contact", func() {
 			contact := &dto.Contact{
 				Value: contactValue,
@@ -298,6 +324,32 @@ func TestCreateContact(t *testing.T) {
 			So(err, ShouldResemble, expectedErr)
 		})
 
+		Convey("Successfully create not allowed contact with disabled auth", func() {
+			auth.Enabled = false
+			defer func() {
+				auth.Enabled = true
+			}()
+
+			contact := &dto.Contact{
+				ID:    uuid.Must(uuid.NewV4()).String(),
+				Value: contactValue,
+				Type:  notAllowedContactType,
+			}
+
+			expectedContact := moira.ContactData{
+				ID:    contact.ID,
+				Value: contact.Value,
+				Type:  contact.Type,
+				Team:  teamID,
+			}
+
+			dataBase.EXPECT().GetContact(contact.ID).Return(moira.ContactData{}, database.ErrNil)
+			dataBase.EXPECT().SaveContact(&expectedContact).Return(nil)
+
+			err := CreateContact(dataBase, auth, contact, "", teamID)
+			So(err, ShouldBeNil)
+		})
+
 		Convey("Error save contact", func() {
 			contact := &dto.Contact{
 				Value: contactValue,
@@ -423,7 +475,7 @@ func TestUpdateContact(t *testing.T) {
 	)
 
 	auth := &api.Authorization{
-		Enabled: false,
+		Enabled: true,
 		AllowedContactTypes: map[string]struct{}{
 			contactType: {},
 		},
@@ -466,6 +518,34 @@ func TestUpdateContact(t *testing.T) {
 			So(expectedContact.Name, ShouldResemble, contactDTO.Name)
 		})
 
+		Convey("Successfully update not allowed contact with disabled auth", func() {
+			auth.Enabled = false
+			defer func() {
+				auth.Enabled = true
+			}()
+
+			contactDTO := dto.Contact{
+				Value: contactValue,
+				Name:  "some-name",
+				Type:  notAllowedContactType,
+			}
+			contactID := uuid.Must(uuid.NewV4()).String()
+			contact := moira.ContactData{
+				Value: contactDTO.Value,
+				Type:  contactDTO.Type,
+				Name:  contactDTO.Name,
+				ID:    contactID,
+				User:  userLogin,
+			}
+
+			dataBase.EXPECT().SaveContact(&contact).Return(nil)
+			expectedContact, err := UpdateContact(dataBase, auth, contactDTO, moira.ContactData{ID: contactID, User: userLogin})
+			So(err, ShouldBeNil)
+			So(expectedContact.User, ShouldResemble, userLogin)
+			So(expectedContact.ID, ShouldResemble, contactID)
+			So(expectedContact.Name, ShouldResemble, contactDTO.Name)
+		})
+
 		Convey("Error save", func() {
 			contactDTO := dto.Contact{
 				Value: contactValue,
@@ -549,22 +629,34 @@ func TestIsAllowedContactType(t *testing.T) {
 
 	Convey("Test isAllowedContactType", t, func() {
 		Convey("Test with user and allowed contact type", func() {
-			isAllowed := isAllowedContactType(auth, user, allowedContactType)
+			isAllowed := isAllowedToUseContactType(auth, user, allowedContactType)
 			So(isAllowed, ShouldBeTrue)
 		})
 
 		Convey("Test with user and not allowed contact type", func() {
-			isAllowed := isAllowedContactType(auth, user, notAllowedContactType)
+			isAllowed := isAllowedToUseContactType(auth, user, notAllowedContactType)
 			So(isAllowed, ShouldBeFalse)
 		})
 
 		Convey("Test with admin and allowed contact type", func() {
-			isAllowed := isAllowedContactType(auth, admin, allowedContactType)
+			isAllowed := isAllowedToUseContactType(auth, admin, allowedContactType)
 			So(isAllowed, ShouldBeTrue)
 		})
 
 		Convey("Test with admin and not allowed contact type", func() {
-			isAllowed := isAllowedContactType(auth, admin, notAllowedContactType)
+			isAllowed := isAllowedToUseContactType(auth, admin, notAllowedContactType)
+			So(isAllowed, ShouldBeTrue)
+		})
+
+		Convey("Test with disabled auth and not allowed contact type", func() {
+			auth.Enabled = false
+			isAllowed := isAllowedToUseContactType(auth, admin, notAllowedContactType)
+			So(isAllowed, ShouldBeTrue)
+		})
+
+		Convey("Test with disabled auth and allowed contact type", func() {
+			auth.Enabled = false
+			isAllowed := isAllowedToUseContactType(auth, admin, allowedContactType)
 			So(isAllowed, ShouldBeTrue)
 		})
 	})