mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-23 22:27:38 -05:00
e3e62a952d
* Support realms with basic authentication * Add test for default basicauth directive in which realm is not specified * Correct typo: missing space * Remove 'path' subdirective
164 lines
4.4 KiB
Go
164 lines
4.4 KiB
Go
package basicauth
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/mholt/caddy"
|
|
"github.com/mholt/caddy/caddyhttp/httpserver"
|
|
)
|
|
|
|
func TestSetup(t *testing.T) {
|
|
c := caddy.NewTestController("http", `basicauth user pwd`)
|
|
err := setup(c)
|
|
if err != nil {
|
|
t.Errorf("Expected no errors, but got: %v", err)
|
|
}
|
|
mids := httpserver.GetConfig(c).Middleware()
|
|
if len(mids) == 0 {
|
|
t.Fatal("Expected middleware, got 0 instead")
|
|
}
|
|
|
|
handler := mids[0](httpserver.EmptyNext)
|
|
myHandler, ok := handler.(BasicAuth)
|
|
if !ok {
|
|
t.Fatalf("Expected handler to be type BasicAuth, got: %#v", handler)
|
|
}
|
|
|
|
if !httpserver.SameNext(myHandler.Next, httpserver.EmptyNext) {
|
|
t.Error("'Next' field of handler was not set properly")
|
|
}
|
|
}
|
|
|
|
func TestBasicAuthParse(t *testing.T) {
|
|
htpasswdPasswd := "IedFOuGmTpT8"
|
|
htpasswdFile := `sha1:{SHA}dcAUljwz99qFjYR0YLTXx0RqLww=
|
|
md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
|
|
|
|
var skipHtpassword bool
|
|
htfh, err := ioutil.TempFile(".", "basicauth-")
|
|
if err != nil {
|
|
t.Logf("Error creating temp file (%v), will skip htpassword test", err)
|
|
skipHtpassword = true
|
|
} else {
|
|
if _, err = htfh.Write([]byte(htpasswdFile)); err != nil {
|
|
t.Fatalf("write htpasswd file %q: %v", htfh.Name(), err)
|
|
}
|
|
htfh.Close()
|
|
defer os.Remove(htfh.Name())
|
|
}
|
|
|
|
tests := []struct {
|
|
input string
|
|
shouldErr bool
|
|
password string
|
|
expected []Rule
|
|
}{
|
|
{`basicauth user pwd`, false, "pwd", []Rule{
|
|
{Username: "user"},
|
|
}},
|
|
{`basicauth user pwd {
|
|
}`, false, "pwd", []Rule{
|
|
{Username: "user"},
|
|
}},
|
|
{`basicauth /resource1 user pwd {
|
|
}`, false, "pwd", []Rule{
|
|
{Username: "user", Resources: []string{"/resource1"}},
|
|
}},
|
|
{`basicauth /resource1 user pwd {
|
|
realm Resources
|
|
}`, false, "pwd", []Rule{
|
|
{Username: "user", Resources: []string{"/resource1"}, Realm: "Resources"},
|
|
}},
|
|
{`basicauth user pwd {
|
|
/resource1
|
|
/resource2
|
|
}`, false, "pwd", []Rule{
|
|
{Username: "user", Resources: []string{"/resource1", "/resource2"}},
|
|
}},
|
|
{`basicauth user pwd {
|
|
/resource1
|
|
/resource2
|
|
realm "Secure resources"
|
|
}`, false, "pwd", []Rule{
|
|
{Username: "user", Resources: []string{"/resource1", "/resource2"}, Realm: "Secure resources"},
|
|
}},
|
|
{`basicauth user pwd {
|
|
/resource1
|
|
realm "Secure resources"
|
|
realm Extra
|
|
/resource2
|
|
}`, true, "pwd", []Rule{}},
|
|
{`basicauth user pwd {
|
|
/resource1
|
|
foo "Resources"
|
|
/resource2
|
|
}`, true, "pwd", []Rule{}},
|
|
{`basicauth /resource user pwd`, false, "pwd", []Rule{
|
|
{Username: "user", Resources: []string{"/resource"}},
|
|
}},
|
|
{`basicauth /res1 user1 pwd1
|
|
basicauth /res2 user2 pwd2`, false, "pwd", []Rule{
|
|
{Username: "user1", Resources: []string{"/res1"}},
|
|
{Username: "user2", Resources: []string{"/res2"}},
|
|
}},
|
|
{`basicauth user`, true, "", []Rule{}},
|
|
{`basicauth`, true, "", []Rule{}},
|
|
{`basicauth /resource user pwd asdf`, true, "", []Rule{}},
|
|
|
|
{`basicauth sha1 htpasswd=` + htfh.Name(), false, htpasswdPasswd, []Rule{
|
|
{Username: "sha1"},
|
|
}},
|
|
}
|
|
|
|
for i, test := range tests {
|
|
actual, err := basicAuthParse(caddy.NewTestController("http", test.input))
|
|
|
|
if err == nil && test.shouldErr {
|
|
t.Errorf("Test %d didn't error, but it should have", i)
|
|
} else if err != nil && !test.shouldErr {
|
|
t.Errorf("Test %d errored, but it shouldn't have; got '%v'", i, err)
|
|
}
|
|
|
|
if len(actual) != len(test.expected) {
|
|
t.Fatalf("Test %d expected %d rules, but got %d",
|
|
i, len(test.expected), len(actual))
|
|
}
|
|
|
|
for j, expectedRule := range test.expected {
|
|
actualRule := actual[j]
|
|
|
|
if actualRule.Username != expectedRule.Username {
|
|
t.Errorf("Test %d, rule %d: Expected username '%s', got '%s'",
|
|
i, j, expectedRule.Username, actualRule.Username)
|
|
}
|
|
|
|
if actualRule.Realm != expectedRule.Realm {
|
|
t.Errorf("Test %d, rule %d: Expected realm '%s', got '%s'",
|
|
i, j, expectedRule.Realm, actualRule.Realm)
|
|
}
|
|
|
|
if strings.Contains(test.input, "htpasswd=") && skipHtpassword {
|
|
continue
|
|
}
|
|
pwd := test.password
|
|
if len(actual) > 1 {
|
|
pwd = fmt.Sprintf("%s%d", pwd, j+1)
|
|
}
|
|
if !actualRule.Password(pwd) || actualRule.Password(test.password+"!") {
|
|
t.Errorf("Test %d, rule %d: Expected password '%v', got '%v'",
|
|
i, j, test.password, actualRule.Password(""))
|
|
}
|
|
|
|
expectedRes := fmt.Sprintf("%v", expectedRule.Resources)
|
|
actualRes := fmt.Sprintf("%v", actualRule.Resources)
|
|
if actualRes != expectedRes {
|
|
t.Errorf("Test %d, rule %d: Expected resource list %s, but got %s",
|
|
i, j, expectedRes, actualRes)
|
|
}
|
|
}
|
|
}
|
|
}
|