3e20806aee
C-1. Session JWT signature verification (authZ bypass fix) - Add SUPABASE_JWT_SECRET env var; fail-fast at startup if unset. - auth.Client.VerifyToken uses github.com/golang-jwt/jwt/v5 to verify HS256 signatures, reject alg=none, enforce exp/nbf/iat. - Middleware stores verified claims in request context; WithUserID reads only verified claims (no more raw-cookie sub decoding). - API requests get 401 on missing/invalid token (was 302 redirect). - Refresh flow only runs on expiry; other signature failures reject outright and clear cookies. C-2. Dashboard Termine cross-user privacy leak - dashboard_service.loadUpcomingAppointments now mirrors TerminService.canSee: personal Termine (akte_id IS NULL) are creator-only; admins do NOT see other users' personal Termine. C-3. Role gate on Parteien + Termine mutations - ParteienService.Delete now partner/admin only (matches FristService). - TerminService.Update / Delete on Akte-linked Termine now require partner/admin (or the original creator). Personal Termine stay creator-only. C-4. Email gate → ALLOWED_EMAIL_DOMAINS whitelist - isHoganLovellsEmail → isAllowedEmailDomain reading the env var (default: hoganlovells.com,hlc.com,hlc.de). Case-insensitive, whitespace-tolerant. - login.tsx placeholder: name@hoganlovells.com → name@hlc.com - Error strings + login.hint (de/en) rewritten for HLC branding. C-5. Docker compose env wiring - docker-compose.yml gains SUPABASE_JWT_SECRET, CALDAV_ENCRYPTION_KEY, and ALLOWED_EMAIL_DOMAINS passthrough; commented-out ANTHROPIC_API_KEY line for Phase H readiness. Tests - auth_test.go: valid/wrong-secret/expired/alg-none/missing-sub/garbage token cases for VerifyToken. - handlers/auth_test.go: default + env-override cases for the email whitelist. - go build ./..., go vet ./..., go test ./... all clean.
41 lines
1.1 KiB
Go
41 lines
1.1 KiB
Go
package handlers
|
|
|
|
import (
|
|
"testing"
|
|
)
|
|
|
|
func TestIsAllowedEmailDomain_Default(t *testing.T) {
|
|
t.Setenv("ALLOWED_EMAIL_DOMAINS", "")
|
|
cases := []struct {
|
|
email string
|
|
want bool
|
|
}{
|
|
{"alice@hoganlovells.com", true},
|
|
{"alice@HOGANLOVELLS.COM", true},
|
|
{"alice@hlc.com", true},
|
|
{"alice@hlc.de", true},
|
|
{"alice@gmail.com", false},
|
|
{"alice@evil.hoganlovells.com.attacker.net", false},
|
|
{"", false},
|
|
{"no-at-sign", false},
|
|
}
|
|
for _, tc := range cases {
|
|
if got := isAllowedEmailDomain(tc.email); got != tc.want {
|
|
t.Errorf("isAllowedEmailDomain(%q) = %v; want %v", tc.email, got, tc.want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestIsAllowedEmailDomain_EnvOverride(t *testing.T) {
|
|
t.Setenv("ALLOWED_EMAIL_DOMAINS", "example.com, Other.Org ")
|
|
if !isAllowedEmailDomain("u@example.com") {
|
|
t.Error("example.com should be allowed by env override")
|
|
}
|
|
if !isAllowedEmailDomain("u@other.org") {
|
|
t.Error("other.org should be allowed (case-insensitive, trimmed)")
|
|
}
|
|
if isAllowedEmailDomain("u@hoganlovells.com") {
|
|
t.Error("env override should replace defaults — hoganlovells.com no longer allowed")
|
|
}
|
|
}
|