Mercurial > gemma
comparison schema/manage_users_tests.sql @ 410:3f803d64a6ee
Do not rely on session_user for authorization
Privileges are usually checked based on current_user, which
can be changed using SET ROLE, while session_user is based on the actually
logged in user and can only be changed by a superuser using
SET SESSION AUTHORIZATION. Using session_user for authorization purposes
prevents the expected behaviour of SET ROLE.
current_user_country() does not need to be SECURITY DEFINER since a while,
because there is no RLS policy affected by what is mentioned in the
removed comment.
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Wed, 15 Aug 2018 16:39:00 +0200 |
parents | f5087cebc740 |
children | 5611cf72cc92 |
comparison
equal
deleted
inserted
replaced
409:cdd63547930a | 410:3f803d64a6ee |
---|---|
136 $$ | 136 $$ |
137 SELECT '' WHERE false -- Empty result set | 137 SELECT '' WHERE false -- Empty result set |
138 $$, | 138 $$, |
139 'Waterway admin cannot update attributes of other users in country'); | 139 'Waterway admin cannot update attributes of other users in country'); |
140 | 140 |
141 -- The above test will pass even if the password is actually updated in case | |
142 -- a trigger returns NULL after ALTER ROLE ... PASSWORD ... has been executed. | |
143 RESET SESSION AUTHORIZATION; | |
144 CREATE TEMP TABLE old_pw_hash AS | |
145 SELECT rolpassword FROM pg_authid WHERE rolname = 'test_user_at'; | |
146 SET SESSION AUTHORIZATION test_admin_at; | |
147 UPDATE users.list_users | |
148 SET pw = 'test_user_at2!' | |
149 WHERE username = 'test_user_at'; | |
150 RESET SESSION AUTHORIZATION; | |
151 SELECT set_eq($$ | |
152 SELECT rolpassword FROM old_pw_hash | |
153 $$, | |
154 $$ | |
155 SELECT rolpassword FROM pg_authid WHERE rolname = 'test_user_at' | |
156 $$, | |
157 'Waterway admin cannot update password of other users in country'); | |
158 | |
159 | |
141 SET SESSION AUTHORIZATION test_sys_admin1; | 160 SET SESSION AUTHORIZATION test_sys_admin1; |
142 | 161 |
143 SELECT lives_ok($$ | 162 SELECT lives_ok($$ |
144 INSERT INTO users.list_users VALUES ( | 163 INSERT INTO users.list_users VALUES ( |
145 'waterway_user', 'test2', 'secret1$', 'AT', NULL, 'test2'); | 164 'waterway_user', 'test2', 'secret1$', 'AT', NULL, 'test2'); |
221 'Non-compliant password is not accepted'); | 240 'Non-compliant password is not accepted'); |
222 | 241 |
223 -- To compare passwords, we need to run the following tests as superuser | 242 -- To compare passwords, we need to run the following tests as superuser |
224 RESET SESSION AUTHORIZATION; | 243 RESET SESSION AUTHORIZATION; |
225 | 244 |
226 CREATE TEMP TABLE old_pw_hash AS | 245 UPDATE old_pw_hash SET rolpassword = ( |
227 SELECT rolpassword FROM pg_authid WHERE rolname = 'test_user_at'; | 246 SELECT rolpassword FROM pg_authid WHERE rolname = 'test_user_at'); |
228 | 247 |
229 UPDATE users.list_users | 248 UPDATE users.list_users |
230 SET (rolname, username, pw, country, map_extent, email_address) | 249 SET (rolname, username, pw, country, map_extent, email_address) |
231 = ('waterway_user', 'test_user_at', NULL, 'AT', | 250 = ('waterway_user', 'test_user_at', NULL, 'AT', |
232 (SELECT map_extent FROM internal.user_profiles | 251 (SELECT map_extent FROM internal.user_profiles |