File: basic_auth_test.go

package info (click to toggle)
golang-github-goji-httpauth 0.0~git20160601.2da839a-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, sid, trixie
  • size: 72 kB
  • sloc: makefile: 2
file content (116 lines) | stat: -rw-r--r-- 2,981 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
package httpauth

import (
	"encoding/base64"
	"net/http"
	"testing"
)

func TestBasicAuthAuthenticateWithFunc(t *testing.T) {
	requiredUser := "jqpublic"
	requiredPass := "secret.sauce"

	r := &http.Request{Method: "GET"}

	// Dumb test function
	fn := func(u, p string, req *http.Request) bool {
		return u == requiredUser && p == requiredPass && req == r
	}

	// Provide a minimal test implementation.
	authOpts := AuthOptions{
		Realm:    "Restricted",
		AuthFunc: fn,
	}

	b := &basicAuth{opts: authOpts}

	if b.authenticate(nil) {
		t.Fatal("Should not succeed when http.Request is nil")
	}

	// Provide auth data, but no Authorization header
	if b.authenticate(r) != false {
		t.Fatal("No Authorization header supplied.")
	}

	// Initialise the map for HTTP headers
	r.Header = http.Header(make(map[string][]string))

	// Set a malformed/bad header
	r.Header.Set("Authorization", "    Basic")
	if b.authenticate(r) != false {
		t.Fatal("Malformed Authorization header supplied.")
	}

	// Test correct credentials
	auth := base64.StdEncoding.EncodeToString([]byte("jqpublic:secret.sauce"))
	r.Header.Set("Authorization", "Basic "+auth)
	if b.authenticate(r) != true {
		t.Fatal("Failed on correct credentials")
	}

	// Test incorrect credentials
	auth = base64.StdEncoding.EncodeToString([]byte("jqpublic:hackydoo"))
	r.Header.Set("Authorization", "Basic "+auth)
	if b.authenticate(r) == true {
		t.Fatal("Success when expecting failure")
	}
}

func TestBasicAuthAuthenticate(t *testing.T) {
	// Provide a minimal test implementation.
	authOpts := AuthOptions{
		Realm:    "Restricted",
		User:     "test-user",
		Password: "plain-text-password",
	}

	b := &basicAuth{
		opts: authOpts,
	}

	r := &http.Request{Method: "GET"}

	// Provide auth data, but no Authorization header
	if b.authenticate(r) != false {
		t.Fatal("No Authorization header supplied.")
	}

	// Initialise the map for HTTP headers
	r.Header = http.Header(make(map[string][]string))

	// Set a malformed/bad header
	r.Header.Set("Authorization", "    Basic")
	if b.authenticate(r) != false {
		t.Fatal("Malformed Authorization header supplied.")
	}

	// Test correct credentials
	auth := base64.StdEncoding.EncodeToString([]byte(b.opts.User + ":" + b.opts.Password))
	r.Header.Set("Authorization", "Basic "+auth)
	if b.authenticate(r) != true {
		t.Fatal("Failed on correct credentials")
	}
}

func TestBasicAuthAuthenticateWithoutUserAndPass(t *testing.T) {
	b := basicAuth{opts: AuthOptions{}}

	r := &http.Request{Method: "GET"}

	// Provide auth data, but no Authorization header
	if b.authenticate(r) != false {
		t.Fatal("No Authorization header supplied.")
	}

	// Initialise the map for HTTP headers
	r.Header = http.Header(make(map[string][]string))

	// Test correct credentials
	auth := base64.StdEncoding.EncodeToString([]byte(b.opts.User + ":" + b.opts.Password))
	r.Header.Set("Authorization", "Basic "+auth)
	if b.authenticate(r) != false {
		t.Fatal("Success when expecting failure")
	}
}