update tests

biscuit-auth · Nov 27, 2024 · cdf646d · cdf646d
1 parent e0948d5
commit cdf646d
Show file tree

Hide file tree

Showing 8 changed files with 254 additions and 230 deletions.
diff --git a/biscuit-auth/benches/token.rs b/biscuit-auth/benches/token.rs
diff --git a/biscuit-auth/examples/testcases.rs b/biscuit-auth/examples/testcases.rs
@@ -878,9 +878,9 @@ fn scoped_rules(target: &str, root: &KeyPair, test: bool) -> TestResult {
         )
         .unwrap();
 
-    let mut block3 = BlockBuilder::new();
-
-    block3.add_fact(r#"owner("alice", "file2")"#).unwrap();
+    let block3 = BlockBuilder::new()
+        .add_fact(r#"owner("alice", "file2")"#)
+        .unwrap();
 
     let keypair3 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let biscuit3 = biscuit2.append_with_keypair(&keypair3, block3).unwrap();
@@ -973,14 +973,13 @@ fn expired_token(target: &str, root: &KeyPair, test: bool) -> TestResult {
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
-    let mut block2 = block!(r#"check if resource("file1");"#);
-
-    // January 1 2019
-    block2.check_expiration_date(
-        UNIX_EPOCH
-            .checked_add(Duration::from_secs(49 * 365 * 24 * 3600))
-            .unwrap(),
-    );
+    let block2 = block!(r#"check if resource("file1");"#)
+        // January 1 2019
+        .check_expiration_date(
+            UNIX_EPOCH
+                .checked_add(Duration::from_secs(49 * 365 * 24 * 3600))
+                .unwrap(),
+        );
 
     let keypair2 = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let biscuit2 = biscuit1.append_with_keypair(&keypair2, block2).unwrap();
@@ -1410,10 +1409,8 @@ fn unbound_variables_in_rule(target: &str, root: &KeyPair, test: bool) -> TestRe
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
-    let mut block2 = BlockBuilder::new();
-
-    // this one does not go through the parser because it checks for unused variables
-    block2
+    let block2 = BlockBuilder::new()
+        // this one does not go through the parser because it checks for unused variables
         .add_rule(rule(
             "operation",
             &[var("unbound"), string("read")],

diff --git a/biscuit-auth/examples/third_party.rs b/biscuit-auth/examples/third_party.rs
@@ -7,18 +7,13 @@ fn main() {
     let mut rng: StdRng = SeedableRng::seed_from_u64(0);
     let root = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
     let external = KeyPair::new_with_rng(Algorithm::Ed25519, &mut rng);
-
-    let mut builder = Biscuit::builder();
-
     let external_pub = hex::encode(external.public().to_bytes());
 
-    builder
+    let biscuit1 = Biscuit::builder()
         .add_check(
             format!("check if external_fact(\"hello\") trusting ed25519/{external_pub}").as_str(),
         )
-        .unwrap();
-
-    let biscuit1 = builder
+        .unwrap()
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
 
@@ -27,8 +22,9 @@ fn main() {
     let serialized_req = biscuit1.third_party_request().unwrap().serialize().unwrap();
 
     let req = biscuit_auth::ThirdPartyRequest::deserialize(&serialized_req).unwrap();
-    let mut builder = BlockBuilder::new();
-    builder.add_fact("external_fact(\"hello\")").unwrap();
+    let builder = BlockBuilder::new()
+        .add_fact("external_fact(\"hello\")")
+        .unwrap();
     let res = req.create_block(&external.private(), builder).unwrap();
 
     let biscuit2 = biscuit1.append_third_party(external.public(), res).unwrap();

diff --git a/biscuit-auth/src/token/authorizer.rs b/biscuit-auth/src/token/authorizer.rs
@@ -203,38 +203,40 @@ impl Authorizer {
 
     /// Add the rules, facts, checks, and policies of another `Authorizer`.
     /// If a token has already been added to `other`, it is not merged into `self`.
-    pub fn merge(&mut self, mut other: Authorizer) {
-        self.merge_block(other.authorizer_block_builder);
+    pub fn merge(&mut self, mut other: Authorizer) -> Result<(), error::Token> {
+        self.merge_block(other.authorizer_block_builder)?;
         self.policies.append(&mut other.policies);
+        Ok(())
     }
 
     /// Add the rules, facts, and checks of another `BlockBuilder`.
     pub fn merge_block(&mut self, other: BlockBuilder) -> Result<(), error::Token> {
-        self.authorizer_block_builder = self.authorizer_block_builder.merge(other);
+        self.authorizer_block_builder = self.authorizer_block_builder.clone().merge(other);
         Ok(())
     }
 
     pub fn add_fact<F: TryInto<Fact>>(&mut self, fact: F) -> Result<(), error::Token>
     where
         error::Token: From<<F as TryInto<Fact>>::Error>,
     {
-        self.authorizer_block_builder = self.authorizer_block_builder.add_fact(fact)?;
+        self.authorizer_block_builder = self.authorizer_block_builder.clone().add_fact(fact)?;
         Ok(())
     }
 
     pub fn add_rule<Ru: TryInto<Rule>>(&mut self, rule: Ru) -> Result<(), error::Token>
     where
         error::Token: From<<Ru as TryInto<Rule>>::Error>,
     {
-        self.authorizer_block_builder = self.authorizer_block_builder.add_rule(rule)?;
+        self.authorizer_block_builder = self.authorizer_block_builder.clone().add_rule(rule)?;
         Ok(())
     }
 
     pub fn add_check<C: TryInto<Check>>(&mut self, check: C) -> Result<(), error::Token>
     where
         error::Token: From<<C as TryInto<Check>>::Error>,
     {
-        self.authorizer_block_builder.add_check(check)
+        self.authorizer_block_builder = self.authorizer_block_builder.clone().add_check(check)?;
+        Ok(())
     }
 
     /// adds some datalog code to the authorizer
@@ -383,7 +385,7 @@ impl Authorizer {
     }
 
     pub fn add_scope(&mut self, scope: Scope) {
-        self.authorizer_block_builder.add_scope(scope);
+        self.authorizer_block_builder = self.authorizer_block_builder.clone().add_scope(scope);
     }
 
     /// Returns the runtime limits of the authorizer
@@ -611,7 +613,11 @@ impl Authorizer {
     /// adds a fact with the current time
     pub fn set_time(&mut self) {
         let fact = fact("time", &[date(&SystemTime::now())]);
-        self.authorizer_block_builder = self.authorizer_block_builder.add_fact(fact).unwrap();
+        self.authorizer_block_builder = self
+            .authorizer_block_builder
+            .clone()
+            .add_fact(fact)
+            .unwrap();
     }
 
     /// add a policy to the authorizer

diff --git a/biscuit-auth/tests/macros.rs b/biscuit-auth/tests/macros.rs
@@ -23,7 +23,7 @@ fn block_macro() {
     );
 
     let is_true = true;
-    block_merge!(&mut b, r#"appended({is_true});"#);
+    b = block_merge!(b, r#"appended({is_true});"#);
 
     assert_eq!(
         b.to_string(),
@@ -123,8 +123,8 @@ fn biscuit_macro() {
     b.set_root_key_id(2);
 
     let is_true = true;
-    biscuit_merge!(
-        &mut b,
+    b = biscuit_merge!(
+        b,
         r#"appended({is_true});
         check if true;
       "#

diff --git a/biscuit-auth/tests/rights.rs b/biscuit-auth/tests/rights.rs
@@ -11,22 +11,22 @@ fn main() {
     let mut rng: StdRng = SeedableRng::seed_from_u64(1234);
     let root = KeyPair::new_with_rng(builder::Algorithm::Ed25519, &mut rng);
 
-    let mut builder = Biscuit::builder();
-
-    builder.add_fact(fact(
-        "right",
-        &[string("authority"), string("file1"), string("read")],
-    ));
-    builder.add_fact(fact(
-        "right",
-        &[string("authority"), string("file2"), string("read")],
-    ));
-    builder.add_fact(fact(
-        "right",
-        &[string("authority"), string("file1"), string("write")],
-    ));
-
-    let biscuit1 = builder
+    let biscuit1 = Biscuit::builder()
+        .add_fact(fact(
+            "right",
+            &[string("authority"), string("file1"), string("read")],
+        ))
+        .unwrap()
+        .add_fact(fact(
+            "right",
+            &[string("authority"), string("file2"), string("read")],
+        ))
+        .unwrap()
+        .add_fact(fact(
+            "right",
+            &[string("authority"), string("file1"), string("write")],
+        ))
+        .unwrap()
         .build_with_rng(&root, SymbolTable::default(), &mut rng)
         .unwrap();
     println!("{}", biscuit1);

diff --git a/biscuit-capi/src/lib.rs b/biscuit-capi/src/lib.rs
@@ -858,7 +858,7 @@ pub unsafe extern "C" fn block_builder_add_fact(
         return false;
     }
 
-    builder
+    builder.0 = builder
         .0
         .add_fact(s.unwrap())
         .map_err(|e| {

diff --git a/biscuit-quote/src/lib.rs b/biscuit-quote/src/lib.rs
@@ -349,7 +349,7 @@ impl Item {
             },
             middle: TokenStream::new(),
             end: quote! {
-                __biscuit_auth_builder.add_fact(__biscuit_auth_item).unwrap();
+                __biscuit_auth_builder = __biscuit_auth_builder.add_fact(__biscuit_auth_item).unwrap();
             },
         }
     }
@@ -361,7 +361,7 @@ impl Item {
             },
             middle: TokenStream::new(),
             end: quote! {
-                __biscuit_auth_builder.add_rule(__biscuit_auth_item).unwrap();
+                __biscuit_auth_builder = __biscuit_auth_builder.add_rule(__biscuit_auth_item).unwrap();
             },
         }
     }
@@ -374,7 +374,7 @@ impl Item {
             },
             middle: TokenStream::new(),
             end: quote! {
-                __biscuit_auth_builder.add_check(__biscuit_auth_item).unwrap();
+                __biscuit_auth_builder =__biscuit_auth_builder.add_check(__biscuit_auth_item).unwrap();
             },
         }
     }
@@ -387,7 +387,7 @@ impl Item {
             },
             middle: TokenStream::new(),
             end: quote! {
-                __biscuit_auth_builder.add_policy(__biscuit_auth_item).unwrap();
+                __biscuit_auth_builder = __biscuit_auth_builder.add_policy(__biscuit_auth_item).unwrap();
             },
         }
     }