File: //opt/go/pkg/mod/github.com/go-openapi/
[email protected]/security/basic_auth_test.go
// Copyright 2015 go-swagger maintainers
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package security
import (
"context"
"net/http"
"testing"
"github.com/go-openapi/errors"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
type secTestKey uint8
const (
original secTestKey = iota
extra
reason
)
const (
wisdom = "The man who is swimming against the stream knows the strength of it."
extraWisdom = "Our greatest glory is not in never falling, but in rising every time we fall."
expReason = "I like the dreams of the future better than the history of the past."
testPassword = "123456"
)
func TestBasicAuth(t *testing.T) {
basicAuthHandler := UserPassAuthentication(func(user, pass string) (interface{}, error) {
if user == principal && pass == testPassword {
return principal, nil
}
return "", errors.Unauthenticated("basic")
})
ba := BasicAuth(basicAuthHandler)
t.Run("with valid basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, testPassword)
ok, usr, err := ba.Authenticate(req)
require.NoError(t, err)
assert.True(t, ok)
assert.Equal(t, principal, usr)
})
t.Run("with invalid basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := ba.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.NotEmpty(t, FailedBasicAuth(req))
assert.Equal(t, DefaultRealmName, FailedBasicAuth(req))
})
t.Run("with missing basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
ok, usr, err := ba.Authenticate(req)
require.NoError(t, err)
assert.False(t, ok)
assert.Nil(t, usr)
assert.NotEmpty(t, FailedBasicAuth(req))
assert.Equal(t, DefaultRealmName, FailedBasicAuth(req))
})
t.Run("basic auth without request", func(*testing.T) {
ok, usr, err := ba.Authenticate("token")
require.NoError(t, err)
assert.False(t, ok)
assert.Nil(t, usr)
})
t.Run("with realm, invalid basic auth", func(t *testing.T) {
br := BasicAuthRealm("realm", basicAuthHandler)
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := br.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.Equal(t, "realm", FailedBasicAuth(req))
})
t.Run("with empty realm, invalid basic auth", func(t *testing.T) {
br := BasicAuthRealm("", basicAuthHandler)
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := br.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.Equal(t, DefaultRealmName, FailedBasicAuth(req))
})
}
func TestBasicAuthCtx(t *testing.T) {
basicAuthHandlerCtx := UserPassAuthenticationCtx(func(ctx context.Context, user, pass string) (context.Context, interface{}, error) {
if user == principal && pass == testPassword {
return context.WithValue(ctx, extra, extraWisdom), principal, nil
}
return context.WithValue(ctx, reason, expReason), "", errors.Unauthenticated("basic")
})
ba := BasicAuthCtx(basicAuthHandlerCtx)
ctx := context.WithValue(context.Background(), original, wisdom)
t.Run("with valid basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, testPassword)
ok, usr, err := ba.Authenticate(req)
require.NoError(t, err)
assert.True(t, ok)
assert.Equal(t, principal, usr)
assert.Equal(t, wisdom, req.Context().Value(original))
assert.Equal(t, extraWisdom, req.Context().Value(extra))
assert.Nil(t, req.Context().Value(reason))
})
t.Run("with invalid basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := ba.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.Equal(t, wisdom, req.Context().Value(original))
assert.Nil(t, req.Context().Value(extra))
assert.Equal(t, expReason, req.Context().Value(reason))
})
t.Run("with missing basic auth", func(t *testing.T) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, authPath, nil)
require.NoError(t, err)
ok, usr, err := ba.Authenticate(req)
require.NoError(t, err)
assert.False(t, ok)
assert.Nil(t, usr)
assert.Equal(t, wisdom, req.Context().Value(original))
assert.Nil(t, req.Context().Value(extra))
assert.Nil(t, req.Context().Value(reason))
})
t.Run("basic auth without request", func(*testing.T) {
ok, usr, err := ba.Authenticate("token")
require.NoError(t, err)
assert.False(t, ok)
assert.Nil(t, usr)
})
t.Run("with realm, invalid basic auth", func(t *testing.T) {
br := BasicAuthRealmCtx("realm", basicAuthHandlerCtx)
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := br.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.Equal(t, "realm", FailedBasicAuth(req))
})
t.Run("with empty realm, invalid basic auth", func(t *testing.T) {
br := BasicAuthRealmCtx("", basicAuthHandlerCtx)
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, authPath, nil)
require.NoError(t, err)
req.SetBasicAuth(principal, principal)
ok, usr, err := br.Authenticate(req)
require.Error(t, err)
assert.True(t, ok)
assert.Equal(t, "", usr)
assert.Equal(t, DefaultRealmName, FailedBasicAuth(req))
})
}