basic_test.go 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
  1. package auth
  2. import (
  3. "encoding/base64"
  4. "fmt"
  5. "net/http"
  6. "strings"
  7. "testing"
  8. "time"
  9. "devt.de/krotik/common/httputil/user"
  10. )
  11. func TestBasicAuth(t *testing.T) {
  12. // Set a very fast session expiry
  13. user.UserSessionManager.Provider.(*user.MemorySessionProvider).SetExpiry(1)
  14. // Create a wrapper for basic auth
  15. ba := NewBashicAuthHandleFuncWrapper(func(pattern string,
  16. handler func(http.ResponseWriter, *http.Request)) {
  17. // Ignore the pattern and just replace the wrappedHandleFunction
  18. wrappedHandleFunction = handler
  19. })
  20. // Wrap the originalHandleFunction and let the previous code set it
  21. // as wrappedHandleFunction
  22. ba.HandleFunc("/", originalHandleFunction)
  23. // Test that basic authentication is active
  24. res, _ := sendTestRequest(TESTQUERYURL, "GET", nil, nil, nil)
  25. if res != "Unauthorized" {
  26. t.Error("Unexpected result:", res)
  27. return
  28. }
  29. // Register credentials and try to authenticate
  30. ba.SetAuthFunc(func(user, pass string) bool {
  31. return user == "yams" && pass == "yams"
  32. })
  33. passStr := base64.StdEncoding.EncodeToString([]byte("yams:yams"))
  34. res, resp := sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  35. "Authorization": "Basic " + passStr,
  36. }, nil, nil)
  37. if res != "Content - User session: yams" {
  38. t.Error("Unexpected result:", res)
  39. return
  40. }
  41. // Check we have a valid session
  42. cookies := resp.Cookies()
  43. sessions, _ := user.UserSessionManager.Provider.GetAll()
  44. if len(sessions) != 1 {
  45. t.Error("Unexpected number of active sessions:", sessions)
  46. return
  47. }
  48. var theSession user.Session
  49. for _, v := range sessions {
  50. theSession = v.(user.Session)
  51. break
  52. }
  53. if len(cookies) != 1 ||
  54. cookies[0].Raw != fmt.Sprintf("~sid=%v; Path=/; Max-Age=%v; HttpOnly",
  55. theSession.ID(), CookieMaxLifetime) {
  56. t.Error("Unexpected cookie:", cookies)
  57. return
  58. }
  59. // The next request will have access to a session
  60. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  61. "Authorization": "Basic " + passStr,
  62. }, cookies, nil)
  63. if res != "Content - User session: yams" {
  64. t.Error("Unexpected result:", res)
  65. return
  66. }
  67. // Test expiry
  68. time.Sleep(2 * time.Second)
  69. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  70. "Authorization": "Basic " + passStr,
  71. }, cookies, nil)
  72. if res != "Session expired" {
  73. t.Error("Unexpected result:", res)
  74. return
  75. }
  76. // Test destroying session
  77. res, resp = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  78. "Authorization": "Basic " + passStr,
  79. }, nil, nil)
  80. if res != "Content - User session: yams" {
  81. t.Error("Unexpected result:", res)
  82. return
  83. }
  84. cookies = resp.Cookies()
  85. sessions, _ = user.UserSessionManager.Provider.GetAll()
  86. if len(sessions) != 1 {
  87. t.Error("Unexpected number of active sessions:", sessions)
  88. return
  89. }
  90. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  91. "Authorization": "Basic " + passStr,
  92. }, cookies, nil)
  93. if res != "Content - User session: yams" {
  94. t.Error("Unexpected result:", res)
  95. return
  96. }
  97. // Test access denied
  98. ba.SetAccessFunc(func(w http.ResponseWriter, r *http.Request, user string) bool {
  99. if strings.HasPrefix(r.URL.Path, "/foo/bar") {
  100. http.Error(w, "Page is restricted", http.StatusForbidden)
  101. return false
  102. }
  103. return true
  104. })
  105. res, resp = sendTestRequest(TESTQUERYURL+"/bar", "GET", map[string]string{
  106. "Authorization": "Basic " + passStr,
  107. }, cookies, nil)
  108. if res != "Page is restricted" {
  109. t.Error("Unexpected result:", res)
  110. return
  111. }
  112. for _, k := range sessions {
  113. user.UserSessionManager.Provider.Destroy(k.ID())
  114. }
  115. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  116. "Authorization": "Basic " + passStr,
  117. }, cookies, nil)
  118. if res != "Session expired" {
  119. t.Error("Unexpected result:", res)
  120. return
  121. }
  122. // Test error cases
  123. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  124. "Authorization": "Basic " + passStr + "wrong",
  125. }, cookies, nil)
  126. if res != "Unauthorized" {
  127. t.Error("Unexpected result:", res)
  128. return
  129. }
  130. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  131. "Authorization": "Basic" + passStr,
  132. }, cookies, nil)
  133. if res != "Unauthorized" {
  134. t.Error("Unexpected result:", res)
  135. return
  136. }
  137. passStrWrong := base64.StdEncoding.EncodeToString([]byte("yams:yams1"))
  138. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  139. "Authorization": "Basic " + passStrWrong,
  140. }, cookies, nil)
  141. if res != "Unauthorized" {
  142. t.Error("Unexpected result:", res)
  143. return
  144. }
  145. passStrWrong = base64.StdEncoding.EncodeToString([]byte("yamsyams"))
  146. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  147. "Authorization": "Basic " + passStrWrong,
  148. }, cookies, nil)
  149. if res != "Unauthorized" {
  150. t.Error("Unexpected result:", res)
  151. return
  152. }
  153. passStrWrong = base64.StdEncoding.EncodeToString([]byte("yams1:yams"))
  154. res, _ = sendTestRequest(TESTQUERYURL, "GET", map[string]string{
  155. "Authorization": "Basic " + passStrWrong,
  156. }, cookies, nil)
  157. if res != "Unauthorized" {
  158. t.Error("Unexpected result:", res)
  159. return
  160. }
  161. }