2014-08-29 21:49:50 +04:00
|
|
|
// Copyright 2014 Manu Martinez-Almeida. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2014-08-12 13:32:06 +04:00
|
|
|
package gin
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestBasicAuthSucceed(t *testing.T) {
|
|
|
|
req, _ := http.NewRequest("GET", "/login", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
2014-08-18 21:48:48 +04:00
|
|
|
r := New()
|
2014-08-12 13:32:06 +04:00
|
|
|
accounts := Accounts{"admin": "password"}
|
|
|
|
r.Use(BasicAuth(accounts))
|
|
|
|
|
|
|
|
r.GET("/login", func(c *Context) {
|
|
|
|
c.String(200, "autorized")
|
|
|
|
})
|
|
|
|
|
|
|
|
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
|
|
|
r.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
if w.Code != 200 {
|
2015-03-23 06:38:32 +03:00
|
|
|
t.Errorf("Response code should be Ok, was: %d", w.Code)
|
2014-08-12 13:32:06 +04:00
|
|
|
}
|
|
|
|
bodyAsString := w.Body.String()
|
|
|
|
|
|
|
|
if bodyAsString != "autorized" {
|
|
|
|
t.Errorf("Response body should be `autorized`, was %s", bodyAsString)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestBasicAuth401(t *testing.T) {
|
|
|
|
req, _ := http.NewRequest("GET", "/login", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
2014-08-18 21:48:48 +04:00
|
|
|
r := New()
|
2014-08-12 13:32:06 +04:00
|
|
|
accounts := Accounts{"foo": "bar"}
|
|
|
|
r.Use(BasicAuth(accounts))
|
|
|
|
|
|
|
|
r.GET("/login", func(c *Context) {
|
|
|
|
c.String(200, "autorized")
|
|
|
|
})
|
|
|
|
|
|
|
|
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
|
|
|
r.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
if w.Code != 401 {
|
2015-03-23 06:38:32 +03:00
|
|
|
t.Errorf("Response code should be Not autorized, was: %d", w.Code)
|
2014-08-12 13:32:06 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if w.HeaderMap.Get("WWW-Authenticate") != "Basic realm=\"Authorization Required\"" {
|
|
|
|
t.Errorf("WWW-Authenticate header is incorrect: %s", w.HeaderMap.Get("Content-Type"))
|
|
|
|
}
|
|
|
|
}
|
2015-03-05 01:38:17 +03:00
|
|
|
|
|
|
|
func TestBasicAuth401WithCustomRealm(t *testing.T) {
|
|
|
|
req, _ := http.NewRequest("GET", "/login", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
|
|
|
|
r := New()
|
|
|
|
accounts := Accounts{"foo": "bar"}
|
|
|
|
r.Use(BasicAuthForRealm(accounts, "My Custom Realm"))
|
|
|
|
|
|
|
|
r.GET("/login", func(c *Context) {
|
|
|
|
c.String(200, "autorized")
|
|
|
|
})
|
|
|
|
|
|
|
|
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
|
|
|
r.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
if w.Code != 401 {
|
|
|
|
t.Errorf("Response code should be Not autorized, was: %s", w.Code)
|
|
|
|
}
|
|
|
|
|
|
|
|
if w.HeaderMap.Get("WWW-Authenticate") != "Basic realm=\"My Custom Realm\"" {
|
|
|
|
t.Errorf("WWW-Authenticate header is incorrect: %s", w.HeaderMap.Get("Content-Type"))
|
|
|
|
}
|
|
|
|
}
|