feat: allow heterogeneous equality tests

Fixes biscuit-auth/biscuit#130
biscuit-auth · Dec 28, 2023 · ae72f8e · ae72f8e
1 parent 18fca86
commit ae72f8e
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 7 deletions.
diff --git a/biscuit-auth/examples/testcases.rs b/biscuit-auth/examples/testcases.rs
@@ -1268,6 +1268,10 @@ fn expressions(target: &str, root: &KeyPair, test: bool) -> TestResult {
         check if [1, 2, 3].intersection([1, 2]).contains(1);
         // chained method calls with unary method
         check if [1, 2, 3].intersection([1, 2]).length() == 2;
+
+        // heterogeneous equals
+        check if !("a" == 2);
+        check if "a" != 2;
     "#)
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();

diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md
@@ -1155,7 +1155,7 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB
 ### token
 
 authority:
-symbols: ["hello world", "hello", "world", "aaabde", "a*c?.e", "abd", "aaa", "b", "de", "abcD12", "abc", "def"]
+symbols: ["hello world", "hello", "world", "aaabde", "a*c?.e", "abd", "aaa", "b", "de", "abcD12", "abc", "def", "a"]
 
 public keys: []
 
@@ -1199,6 +1199,8 @@ check if [1, 2].intersection([2, 3]) == [2];
 check if [1, 2].union([2, 3]) == [1, 2, 3];
 check if [1, 2, 3].intersection([1, 2]).contains(1);
 check if [1, 2, 3].intersection([1, 2]).length() == 2;
+check if !("a" == 2);
+check if "a" != 2;
 ```
 
 ### validation
@@ -1209,16 +1211,18 @@ allow if true;
 ```
 
 revocation ids:
-- `f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e`
+- `ab8cb36d2e2b4cbdc4fc8f16f01920104cb16a9eda5beafabea85446c366ca4965d805d73fc13fc98034aa326d08fab5b2f794386077f76b32eef4a347b91008`
 
 authorizer world:
 ```
 World {
   facts: {}
   rules: {}
   checks: {
+    "check if !(\"a\" == 2)",
     "check if !false",
     "check if !false && true",
+    "check if \"a\" != 2",
     "check if \"aaabde\" == \"aaa\" + \"b\" + \"de\"",
     "check if \"aaabde\".contains(\"abd\")",
     "check if \"aaabde\".matches(\"a*c?.e\")",

diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json
@@ -1195,11 +1195,12 @@
             "de",
             "abcD12",
             "abc",
-            "def"
+            "def",
+            "a"
           ],
           "public_keys": [],
           "external_key": null,
-          "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false || true;\ncheck if (true || false) && true;\ncheck if true == true;\ncheck if false == false;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2].contains([2]);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 2].intersection([2, 3]) == [2];\ncheck if [1, 2].union([2, 3]) == [1, 2, 3];\ncheck if [1, 2, 3].intersection([1, 2]).contains(1);\ncheck if [1, 2, 3].intersection([1, 2]).length() == 2;\n"
+          "code": "check if true;\ncheck if !false;\ncheck if !false && true;\ncheck if false || true;\ncheck if (true || false) && true;\ncheck if true == true;\ncheck if false == false;\ncheck if 1 < 2;\ncheck if 2 > 1;\ncheck if 1 <= 2;\ncheck if 1 <= 1;\ncheck if 2 >= 1;\ncheck if 2 >= 2;\ncheck if 3 == 3;\ncheck if 1 + 2 * 3 - 4 / 2 == 5;\ncheck if \"hello world\".starts_with(\"hello\") && \"hello world\".ends_with(\"world\");\ncheck if \"aaabde\".matches(\"a*c?.e\");\ncheck if \"aaabde\".contains(\"abd\");\ncheck if \"aaabde\" == \"aaa\" + \"b\" + \"de\";\ncheck if \"abcD12\" == \"abcD12\";\ncheck if 2019-12-04T09:46:41Z < 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z > 2019-12-04T09:46:41Z;\ncheck if 2019-12-04T09:46:41Z <= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;\ncheck if 2020-12-04T09:46:41Z == 2020-12-04T09:46:41Z;\ncheck if hex:12ab == hex:12ab;\ncheck if [1, 2].contains(2);\ncheck if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);\ncheck if [false, true].contains(true);\ncheck if [\"abc\", \"def\"].contains(\"abc\");\ncheck if [hex:12ab, hex:34de].contains(hex:34de);\ncheck if [1, 2].contains([2]);\ncheck if [1, 2] == [1, 2];\ncheck if [1, 2].intersection([2, 3]) == [2];\ncheck if [1, 2].union([2, 3]) == [1, 2, 3];\ncheck if [1, 2, 3].intersection([1, 2]).contains(1);\ncheck if [1, 2, 3].intersection([1, 2]).length() == 2;\ncheck if !(\"a\" == 2);\ncheck if \"a\" != 2;\n"
         }
       ],
       "validations": {
@@ -1208,8 +1209,10 @@
             "facts": [],
             "rules": [],
             "checks": [
+              "check if !(\"a\" == 2)",
               "check if !false",
               "check if !false && true",
+              "check if \"a\" != 2",
               "check if \"aaabde\" == \"aaa\" + \"b\" + \"de\"",
               "check if \"aaabde\".contains(\"abd\")",
               "check if \"aaabde\".matches(\"a*c?.e\")",
@@ -1256,7 +1259,7 @@
           },
           "authorizer_code": "allow if true;\n",
           "revocation_ids": [
-            "f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e"
+            "ab8cb36d2e2b4cbdc4fc8f16f01920104cb16a9eda5beafabea85446c366ca4965d805d73fc13fc98034aa326d08fab5b2f794386077f76b32eef4a347b91008"
           ]
         }
       }

diff --git a/biscuit-auth/samples/test017_expressions.bc b/biscuit-auth/samples/test017_expressions.bc
diff --git a/biscuit-auth/src/datalog/expression.rs b/biscuit-auth/src/datalog/expression.rs
@@ -170,8 +170,6 @@ impl Binary {
             (Binary::Equal, Term::Date(i), Term::Date(j)) => Ok(Term::Bool(i == j)),
             (Binary::NotEqual, Term::Date(i), Term::Date(j)) => Ok(Term::Bool(i != j)),
 
-            // symbol
-
             // byte array
             (Binary::Equal, Term::Bytes(i), Term::Bytes(j)) => Ok(Term::Bool(i == j)),
             (Binary::NotEqual, Term::Bytes(i), Term::Bytes(j)) => Ok(Term::Bool(i != j)),
@@ -208,6 +206,10 @@ impl Binary {
             (Binary::Equal, Term::Bool(i), Term::Bool(j)) => Ok(Term::Bool(i == j)),
             (Binary::NotEqual, Term::Bool(i), Term::Bool(j)) => Ok(Term::Bool(i != j)),
 
+            // catch-all for equal
+            (Binary::Equal, _, _) => Ok(Term::Bool(false)),
+            (Binary::NotEqual, _, _) => Ok(Term::Bool(true)),
+
             _ => {
                 //println!("unexpected value type on the stack");
                 Err(error::Expression::InvalidType)