authenticate/proxy: add user impersonation, refresh, dashboard (#123)

proxy: Add user dashboard. [GH-123] proxy/authenticate: Add manual refresh of their session. [GH-73] authorize: Add administrator (super user) account support. [GH-110] internal/policy: Allow administrators to impersonate other users. [GH-110]
2025-06-02 10:52:49 +02:00 · 2019-05-26 12:33:00 -07:00 · 2019-05-26 12:33:00 -07:00 · 66b4c2d3cd
commit 66b4c2d3cd
parent dc2eb9668c
42 changed files with 1644 additions and 1006 deletions
--- a/proxy/clients/authorize_client_test.go
+++ b/proxy/clients/authorize_client_test.go
@ -43,3 +43,35 @@ func TestAuthorizeGRPC_Authorize(t *testing.T) {
 		})
 	}
 }
+func TestAuthorizeGRPC_IsAdmin(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	client := mock.NewMockAuthorizerClient(ctrl)
+	client.EXPECT().IsAdmin(
+		gomock.Any(),
+		gomock.Any(),
+	).Return(&authorize.IsAdminReply{IsAdmin: true}, nil).AnyTimes()
+
+	tests := []struct {
+		name    string
+		s       *sessions.SessionState
+		want    bool
+		wantErr bool
+	}{
+		{"good", &sessions.SessionState{User: "admin@pomerium.io", Email: "admin@pomerium.io"}, true, false},
+		{"session cannot be nil", nil, false, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := &AuthorizeGRPC{client: client}
+			got, err := a.IsAdmin(context.Background(), tt.s)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("AuthorizeGRPC.IsAdmin() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("AuthorizeGRPC.IsAdmin() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}