137 lines
3.5 KiB
Go
137 lines
3.5 KiB
Go
package osin
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
"testing"
|
|
)
|
|
|
|
const (
|
|
badAuthValue = "Digest XHHHHHHH"
|
|
goodAuthValue = "Basic dGVzdDp0ZXN0"
|
|
goodBearerAuthValue = "Bearer BGFVTDUJDp0ZXN0"
|
|
)
|
|
|
|
func TestBasicAuth(t *testing.T) {
|
|
r := &http.Request{Header: make(http.Header)}
|
|
|
|
// Without any header
|
|
if b, err := CheckBasicAuth(r); b != nil || err != nil {
|
|
t.Errorf("Validated basic auth without header")
|
|
}
|
|
|
|
// with invalid header
|
|
r.Header.Set("Authorization", badAuthValue)
|
|
b, err := CheckBasicAuth(r)
|
|
if b != nil || err == nil {
|
|
t.Errorf("Validated invalid auth")
|
|
return
|
|
}
|
|
|
|
// with valid header
|
|
r.Header.Set("Authorization", goodAuthValue)
|
|
b, err = CheckBasicAuth(r)
|
|
if b == nil || err != nil {
|
|
t.Errorf("Could not extract basic auth")
|
|
return
|
|
}
|
|
|
|
// check extracted auth data
|
|
if b.Username != "test" || b.Password != "test" {
|
|
t.Errorf("Error decoding basic auth")
|
|
}
|
|
}
|
|
|
|
func TestGetClientAuth(t *testing.T) {
|
|
|
|
urlWithSecret, _ := url.Parse("http://host.tld/path?client_id=xxx&client_secret=yyy")
|
|
urlWithEmptySecret, _ := url.Parse("http://host.tld/path?client_id=xxx&client_secret=")
|
|
urlNoSecret, _ := url.Parse("http://host.tld/path?client_id=xxx")
|
|
|
|
headerNoAuth := make(http.Header)
|
|
headerBadAuth := make(http.Header)
|
|
headerBadAuth.Set("Authorization", badAuthValue)
|
|
headerOKAuth := make(http.Header)
|
|
headerOKAuth.Set("Authorization", goodAuthValue)
|
|
|
|
var tests = []struct {
|
|
header http.Header
|
|
url *url.URL
|
|
allowQueryParams bool
|
|
expectAuth bool
|
|
}{
|
|
{headerNoAuth, urlWithSecret, true, true},
|
|
{headerNoAuth, urlWithSecret, false, false},
|
|
{headerNoAuth, urlWithEmptySecret, true, true},
|
|
{headerNoAuth, urlWithEmptySecret, false, false},
|
|
{headerNoAuth, urlNoSecret, true, false},
|
|
{headerNoAuth, urlNoSecret, false, false},
|
|
|
|
{headerBadAuth, urlWithSecret, true, true},
|
|
{headerBadAuth, urlWithSecret, false, false},
|
|
{headerBadAuth, urlWithEmptySecret, true, true},
|
|
{headerBadAuth, urlWithEmptySecret, false, false},
|
|
{headerBadAuth, urlNoSecret, true, false},
|
|
{headerBadAuth, urlNoSecret, false, false},
|
|
|
|
{headerOKAuth, urlWithSecret, true, true},
|
|
{headerOKAuth, urlWithSecret, false, true},
|
|
{headerOKAuth, urlWithEmptySecret, true, true},
|
|
{headerOKAuth, urlWithEmptySecret, false, true},
|
|
{headerOKAuth, urlNoSecret, true, true},
|
|
{headerOKAuth, urlNoSecret, false, true},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
w := new(Response)
|
|
r := &http.Request{Header: tt.header, URL: tt.url}
|
|
r.ParseForm()
|
|
auth := getClientAuth(w, r, tt.allowQueryParams)
|
|
if tt.expectAuth && auth == nil {
|
|
t.Errorf("Auth should not be nil for %v", tt)
|
|
} else if !tt.expectAuth && auth != nil {
|
|
t.Errorf("Auth should be nil for %v", tt)
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
func TestBearerAuth(t *testing.T) {
|
|
r := &http.Request{Header: make(http.Header)}
|
|
|
|
// Without any header
|
|
if b := CheckBearerAuth(r); b != nil {
|
|
t.Errorf("Validated bearer auth without header")
|
|
}
|
|
|
|
// with invalid header
|
|
r.Header.Set("Authorization", badAuthValue)
|
|
b := CheckBearerAuth(r)
|
|
if b != nil {
|
|
t.Errorf("Validated invalid auth")
|
|
return
|
|
}
|
|
|
|
// with valid header
|
|
r.Header.Set("Authorization", goodBearerAuthValue)
|
|
b = CheckBearerAuth(r)
|
|
if b == nil {
|
|
t.Errorf("Could not extract bearer auth")
|
|
return
|
|
}
|
|
|
|
// check extracted auth data
|
|
if b.Code != "BGFVTDUJDp0ZXN0" {
|
|
t.Errorf("Error decoding bearer auth")
|
|
}
|
|
|
|
// extracts bearer auth from query string
|
|
url, _ := url.Parse("http://host.tld/path?code=XYZ")
|
|
r = &http.Request{URL: url}
|
|
r.ParseForm()
|
|
b = CheckBearerAuth(r)
|
|
if b.Code != "XYZ" {
|
|
t.Errorf("Error decoding bearer auth")
|
|
}
|
|
}
|