2022-05-28 05:42:28 +03:00
|
|
|
// Copyright 2014 Manu Martinez-Almeida. All rights reserved.
|
2014-08-29 21:49:50 +04:00
|
|
|
// Use of this source code is governed by a MIT style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2014-08-12 13:32:06 +04:00
|
|
|
package gin
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
2015-04-08 16:17:41 +03:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2014-08-12 13:32:06 +04:00
|
|
|
)
|
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
func TestBasicAuth(t *testing.T) {
|
2015-05-19 23:19:25 +03:00
|
|
|
pairs := processAccounts(Accounts{
|
2015-04-08 16:17:41 +03:00
|
|
|
"admin": "password",
|
|
|
|
"foo": "bar",
|
|
|
|
"bar": "foo",
|
2015-05-19 23:19:25 +03:00
|
|
|
})
|
|
|
|
|
|
|
|
assert.Len(t, pairs, 3)
|
|
|
|
assert.Contains(t, pairs, authPair{
|
2017-12-17 08:02:33 +03:00
|
|
|
user: "bar",
|
|
|
|
value: "Basic YmFyOmZvbw==",
|
2015-05-19 23:19:25 +03:00
|
|
|
})
|
|
|
|
assert.Contains(t, pairs, authPair{
|
2017-12-17 08:02:33 +03:00
|
|
|
user: "foo",
|
|
|
|
value: "Basic Zm9vOmJhcg==",
|
2015-05-19 23:19:25 +03:00
|
|
|
})
|
|
|
|
assert.Contains(t, pairs, authPair{
|
2017-12-17 08:02:33 +03:00
|
|
|
user: "admin",
|
|
|
|
value: "Basic YWRtaW46cGFzc3dvcmQ=",
|
2015-05-19 23:19:25 +03:00
|
|
|
})
|
2015-04-08 16:17:41 +03:00
|
|
|
}
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
func TestBasicAuthFails(t *testing.T) {
|
|
|
|
assert.Panics(t, func() { processAccounts(nil) })
|
|
|
|
assert.Panics(t, func() {
|
|
|
|
processAccounts(Accounts{
|
|
|
|
"": "password",
|
|
|
|
"foo": "bar",
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
func TestBasicAuthSearchCredential(t *testing.T) {
|
|
|
|
pairs := processAccounts(Accounts{
|
|
|
|
"admin": "password",
|
|
|
|
"foo": "bar",
|
|
|
|
"bar": "foo",
|
2014-08-12 13:32:06 +04:00
|
|
|
})
|
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
user, found := pairs.searchCredential(authorizationHeader("admin", "password"))
|
2017-08-04 08:45:59 +03:00
|
|
|
assert.Equal(t, "admin", user)
|
2015-04-08 16:17:41 +03:00
|
|
|
assert.True(t, found)
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
user, found = pairs.searchCredential(authorizationHeader("foo", "bar"))
|
2017-08-04 08:45:59 +03:00
|
|
|
assert.Equal(t, "foo", user)
|
2015-04-08 16:17:41 +03:00
|
|
|
assert.True(t, found)
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
user, found = pairs.searchCredential(authorizationHeader("bar", "foo"))
|
2017-08-04 08:45:59 +03:00
|
|
|
assert.Equal(t, "bar", user)
|
2015-04-08 16:17:41 +03:00
|
|
|
assert.True(t, found)
|
|
|
|
|
|
|
|
user, found = pairs.searchCredential(authorizationHeader("admins", "password"))
|
|
|
|
assert.Empty(t, user)
|
|
|
|
assert.False(t, found)
|
|
|
|
|
|
|
|
user, found = pairs.searchCredential(authorizationHeader("foo", "bar "))
|
|
|
|
assert.Empty(t, user)
|
|
|
|
assert.False(t, found)
|
2015-04-09 13:15:02 +03:00
|
|
|
|
|
|
|
user, found = pairs.searchCredential("")
|
|
|
|
assert.Empty(t, user)
|
|
|
|
assert.False(t, found)
|
2014-08-12 13:32:06 +04:00
|
|
|
}
|
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
func TestBasicAuthAuthorizationHeader(t *testing.T) {
|
2017-08-04 08:45:59 +03:00
|
|
|
assert.Equal(t, "Basic YWRtaW46cGFzc3dvcmQ=", authorizationHeader("admin", "password"))
|
2015-04-08 16:17:41 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestBasicAuthSucceed(t *testing.T) {
|
|
|
|
accounts := Accounts{"admin": "password"}
|
|
|
|
router := New()
|
|
|
|
router.Use(BasicAuth(accounts))
|
|
|
|
router.GET("/login", func(c *Context) {
|
2018-08-14 04:51:56 +03:00
|
|
|
c.String(http.StatusOK, c.MustGet(AuthUserKey).(string))
|
2015-04-08 16:17:41 +03:00
|
|
|
})
|
|
|
|
|
2014-08-12 13:32:06 +04:00
|
|
|
w := httptest.NewRecorder()
|
2024-11-15 18:52:16 +03:00
|
|
|
req, _ := http.NewRequest(http.MethodGet, "/login", nil)
|
2015-04-08 16:17:41 +03:00
|
|
|
req.Header.Set("Authorization", authorizationHeader("admin", "password"))
|
|
|
|
router.ServeHTTP(w, req)
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2018-08-14 04:51:56 +03:00
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
2017-08-04 08:45:59 +03:00
|
|
|
assert.Equal(t, "admin", w.Body.String())
|
2015-04-08 16:17:41 +03:00
|
|
|
}
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
func TestBasicAuth401(t *testing.T) {
|
|
|
|
called := false
|
|
|
|
accounts := Accounts{"foo": "bar"}
|
|
|
|
router := New()
|
|
|
|
router.Use(BasicAuth(accounts))
|
|
|
|
router.GET("/login", func(c *Context) {
|
|
|
|
called = true
|
2018-08-14 04:51:56 +03:00
|
|
|
c.String(http.StatusOK, c.MustGet(AuthUserKey).(string))
|
2014-08-12 13:32:06 +04:00
|
|
|
})
|
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
w := httptest.NewRecorder()
|
2024-11-15 18:52:16 +03:00
|
|
|
req, _ := http.NewRequest(http.MethodGet, "/login", nil)
|
2014-08-12 13:32:06 +04:00
|
|
|
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
2015-04-08 16:17:41 +03:00
|
|
|
router.ServeHTTP(w, req)
|
2014-08-12 13:32:06 +04:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
assert.False(t, called)
|
2018-08-14 04:51:56 +03:00
|
|
|
assert.Equal(t, http.StatusUnauthorized, w.Code)
|
2018-10-12 02:31:31 +03:00
|
|
|
assert.Equal(t, "Basic realm=\"Authorization Required\"", w.Header().Get("WWW-Authenticate"))
|
2014-08-12 13:32:06 +04:00
|
|
|
}
|
2015-03-05 01:38:17 +03:00
|
|
|
|
|
|
|
func TestBasicAuth401WithCustomRealm(t *testing.T) {
|
2015-04-08 16:17:41 +03:00
|
|
|
called := false
|
2015-03-05 01:38:17 +03:00
|
|
|
accounts := Accounts{"foo": "bar"}
|
2015-04-08 16:17:41 +03:00
|
|
|
router := New()
|
2015-05-19 21:15:28 +03:00
|
|
|
router.Use(BasicAuthForRealm(accounts, "My Custom \"Realm\""))
|
2015-04-08 16:17:41 +03:00
|
|
|
router.GET("/login", func(c *Context) {
|
|
|
|
called = true
|
2018-08-14 04:51:56 +03:00
|
|
|
c.String(http.StatusOK, c.MustGet(AuthUserKey).(string))
|
2015-03-05 01:38:17 +03:00
|
|
|
})
|
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
w := httptest.NewRecorder()
|
2024-11-15 18:52:16 +03:00
|
|
|
req, _ := http.NewRequest(http.MethodGet, "/login", nil)
|
2015-03-05 01:38:17 +03:00
|
|
|
req.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
2015-04-08 16:17:41 +03:00
|
|
|
router.ServeHTTP(w, req)
|
2015-03-05 01:38:17 +03:00
|
|
|
|
2015-04-08 16:17:41 +03:00
|
|
|
assert.False(t, called)
|
2018-08-14 04:51:56 +03:00
|
|
|
assert.Equal(t, http.StatusUnauthorized, w.Code)
|
2018-10-12 02:31:31 +03:00
|
|
|
assert.Equal(t, "Basic realm=\"My Custom \\\"Realm\\\"\"", w.Header().Get("WWW-Authenticate"))
|
2015-03-05 01:38:17 +03:00
|
|
|
}
|
2024-03-11 17:22:58 +03:00
|
|
|
|
|
|
|
func TestBasicAuthForProxySucceed(t *testing.T) {
|
|
|
|
accounts := Accounts{"admin": "password"}
|
|
|
|
router := New()
|
|
|
|
router.Use(BasicAuthForProxy(accounts, ""))
|
|
|
|
router.Any("/*proxyPath", func(c *Context) {
|
|
|
|
c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
|
|
|
|
})
|
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
2024-11-15 18:52:16 +03:00
|
|
|
req, _ := http.NewRequest(http.MethodGet, "/test", nil)
|
2024-03-11 17:22:58 +03:00
|
|
|
req.Header.Set("Proxy-Authorization", authorizationHeader("admin", "password"))
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, w.Code)
|
|
|
|
assert.Equal(t, "admin", w.Body.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestBasicAuthForProxy407(t *testing.T) {
|
|
|
|
called := false
|
|
|
|
accounts := Accounts{"foo": "bar"}
|
|
|
|
router := New()
|
|
|
|
router.Use(BasicAuthForProxy(accounts, ""))
|
|
|
|
router.Any("/*proxyPath", func(c *Context) {
|
|
|
|
called = true
|
|
|
|
c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
|
|
|
|
})
|
|
|
|
|
|
|
|
w := httptest.NewRecorder()
|
2024-11-15 18:52:16 +03:00
|
|
|
req, _ := http.NewRequest(http.MethodGet, "/test", nil)
|
2024-03-11 17:22:58 +03:00
|
|
|
req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
|
|
|
|
router.ServeHTTP(w, req)
|
|
|
|
|
|
|
|
assert.False(t, called)
|
|
|
|
assert.Equal(t, http.StatusProxyAuthRequired, w.Code)
|
|
|
|
assert.Equal(t, "Basic realm=\"Proxy Authorization Required\"", w.Header().Get("Proxy-Authenticate"))
|
|
|
|
}
|