gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity

[FIXED] LeafNode: wrong permission check prevented message flow

Browse Source 
This commit simply includes a change to the test that was added
for PR #2455 that fixed a similar issue (in deliverMsg). This
issue has to do with initial send of subscription interest.

Resolves #2469

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
This commit is contained in:
Ivan Kozlovic
2021-08-24 16:20:09 -06:00
parent 8f666900e6
commit 4a50ba8753
1 changed files with 27 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
test/leafnode_test.go
View File

@@ -1610,6 +1610,27 @@ func TestLeafNodeOperatorAndPermissions(t *testing.T) {
srvcreds := genCredsFile(t, srvujwt, seed)
defer os.Remove(srvcreds)
// Create connection for SRV
srvnc, err := nats.Connect(s.ClientURL(), nats.UserCredentials(srvcreds))
if err != nil {
t.Fatalf("Error on connect: %v", err)
}
defer srvnc.Close()
// Create on the server "s" a subscription on "*" and on "foo".
// We check that the subscription on "*" will be able to receive
// messages since LEAF has publish permissions on "foo", so msg
// should be received.
srvsubStar, err := srvnc.SubscribeSync("*")
if err != nil {
t.Fatalf("Error on subscribe: %v", err)
}
srvsubFoo, err := srvnc.SubscribeSync("foo")
if err != nil {
t.Fatalf("Error on subscribe: %v", err)
}
srvnc.Flush()
// Create LEAF user, with pub perms on "foo" and sub perms on "bar"
leafnuc := jwt.NewUserClaims(pub)
leafnuc.Permissions.Pub.Allow.Add("foo")
@@ -1640,21 +1661,8 @@ func TestLeafNodeOperatorAndPermissions(t *testing.T) {
checkLeafNodeConnected(t, s)
// Create connection for SRV
srvnc, err := nats.Connect(s.ClientURL(), nats.UserCredentials(srvcreds))
if err != nil {
t.Fatalf("Error on connect: %v", err)
}
defer srvnc.Close()
// Create on the "s" server with user "SRV" a subscription on "foo"
srvsubFoo, err := srvnc.SubscribeSync("foo")
if err != nil {
t.Fatalf("Error on subscribe: %v", err)
}
srvnc.Flush()
// Check that interest makes it to "sl" server
// Check that interest makes it to "sl" server.
// This helper does not check for wildcard interest...
checkSubInterest(t, sl, "$G", "foo", time.Second)
// Create connection for LEAF and subscribe on "bar"
@@ -1697,6 +1705,10 @@ func TestLeafNodeOperatorAndPermissions(t *testing.T) {
if _, err := srvsubFoo.NextMsg(time.Second); err != nil {
t.Fatalf("SRV did not get message: %v", err)
}
// The wildcard subscription should get it too.
if _, err := srvsubStar.NextMsg(time.Second); err != nil {
t.Fatalf("SRV did not get message: %v", err)
}
// However, even when using an unrestricted user connects to "sl" and
// publishes on "bar", the user SRV on "s" should not receive it because