auth-framework 0.5.0-rc19

A comprehensive, production-ready authentication and authorization framework for Rust applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

// Comprehensive tests for ABAC and delegation
#[cfg(test)]
mod tests {

    use crate::permissions::{AbacPolicy, AbacRule, Delegation, Permission, PermissionChecker};
    use chrono::Utc;
    use serde_json::json;
    use std::collections::{HashMap, HashSet};

    #[test]
    fn test_abac_grant() {
        let checker = PermissionChecker::default();
        let write_permission = Permission::new("write", "documents");
        let abac_policy = AbacPolicy {
            attributes: HashMap::new(),
            rules: vec![AbacRule {
                attribute: "department".to_string(),
                expected_value: json!("engineering"),
                permission: write_permission.clone(),
            }],
        };
        let mut attrs = HashMap::new();
        attrs.insert("department".to_string(), json!("engineering"));
        assert!(checker.check_abac(&attrs, &write_permission, &abac_policy));
    }

    #[test]
    fn test_abac_deny() {
        let checker = PermissionChecker::default();
        let write_permission = Permission::new("write", "documents");
        let abac_policy = AbacPolicy {
            attributes: HashMap::new(),
            rules: vec![AbacRule {
                attribute: "department".to_string(),
                expected_value: json!("engineering"),
                permission: write_permission.clone(),
            }],
        };
        let mut attrs = HashMap::new();
        attrs.insert("department".to_string(), json!("sales"));
        assert!(!checker.check_abac(&attrs, &write_permission, &abac_policy));
    }

    #[test]
    fn test_delegation_grant() {
        let checker = PermissionChecker::default();
        let read_permission = Permission::new("read", "documents");
        let delegations = vec![Delegation {
            delegator: "admin".to_string(),
            delegatee: "user1".to_string(),
            permissions: HashSet::from([read_permission.clone()]),
            expires_at: Some(Utc::now() + chrono::Duration::hours(1)),
        }];
        assert!(checker.check_delegation("user1", &read_permission, &delegations));
    }

    #[test]
    fn test_delegation_expired() {
        let checker = PermissionChecker::default();
        let read_permission = Permission::new("read", "documents");
        let delegations = vec![Delegation {
            delegator: "admin".to_string(),
            delegatee: "user1".to_string(),
            permissions: HashSet::from([read_permission.clone()]),
            expires_at: Some(Utc::now() - chrono::Duration::hours(1)),
        }];
        assert!(!checker.check_delegation("user1", &read_permission, &delegations));
    }
}