File

usermanager: Remove concept of global authz provider Rationale: - Removes a bunch of code! - We don't have many cases where an actor is not bound to one of our hosts - A notable exception is the admin shell, but if we ever attempt to lock those sessions down, there is a load of other work that also has to be done. And it's not clear if we would need a global authz provider for that anyway. - Removes an extra edge case from the necessary mental model for operators - Sessions that aren't bound to a host generally are anonymous or have an alternative auth model (such as by IP addres). - With the encapsulation now provided by util.roles, ad-hoc "detached roles" can still be created anyway by code that needs them.

-- This tests the format, not the randomness

local uuid = require "util.uuid";

describe("util.uuid", function()
	describe("#generate()", function()
		it("should work follow the UUID pattern", function()
			-- https://www.rfc-editor.org/rfc/rfc4122.html#section-4.4

			local pattern = "^" .. table.concat({
				string.rep("%x", 8),
				string.rep("%x", 4),
				"4" .. -- version
				string.rep("%x", 3),
				"[89ab]" .. -- reserved bits of 1 and 0
				string.rep("%x", 3),
				string.rep("%x", 12),
			}, "%-") .. "$";

			for _ = 1, 100 do
				assert.is_string(uuid.generate():match(pattern));
			end
		end);
	end);
end);