package header import ( "net/http" "net/http/httptest" "testing" "github.com/gin-gonic/gin" "github.com/stretchr/testify/assert" "github.com/photoprism/photoprism/pkg/rnd" ) func TestAuthToken(t *testing.T) { t.Run("None", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // No headers have been set, so no token should be returned. token := AuthToken(c) assert.Equal(t, "", token) }) t.Run("BearerToken", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Set Bearer Authorization header to a random value generated by rnd.AuthToken(). expected := rnd.AuthToken() SetAuthorization(c.Request, expected) // Check header for expected token. authToken := AuthToken(c) assert.Equal(t, expected, authToken) bearerToken := BearerToken(c) assert.Equal(t, authToken, bearerToken) }) t.Run("XAuthToken", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Set X-Auth-Token header to a random value generated by rnd.AuthToken(). expected := rnd.AuthToken() c.Request.Header.Add(XAuthToken, expected) // Check header for expected token. authToken := AuthToken(c) assert.Equal(t, expected, authToken) bearerToken := BearerToken(c) assert.Equal(t, "", bearerToken) }) t.Run("XSessionID", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Set X-Session-ID header to a random value generated by rnd.AuthToken(). expected := rnd.AuthToken() c.Request.Header.Add(XSessionID, expected) // Check header for expected token. authToken := AuthToken(c) assert.Equal(t, expected, authToken) bearerToken := BearerToken(c) assert.Equal(t, "", bearerToken) }) t.Run("AppPassword", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Set X-Auth-Token header to a random value generated by rnd.AppPassword(). expected := rnd.AppPassword() c.Request.Header.Add(XAuthToken, expected) // Check header for expected token. authToken := AuthToken(c) assert.Equal(t, expected, authToken) bearerToken := BearerToken(c) assert.Equal(t, "", bearerToken) }) } func TestBearerToken(t *testing.T) { t.Run("None", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // No headers have been set, so no token should be returned. token := BearerToken(c) assert.Equal(t, "", token) }) t.Run("Found", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Add authorization header. SetAuthorization(c.Request, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0") // Check result. token := BearerToken(c) assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", token) }) } func TestAuthorization(t *testing.T) { t.Run("None", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // No headers have been set, so no token should be returned. authType, authToken := Authorization(c) assert.Equal(t, "", authType) assert.Equal(t, "", authToken) }) t.Run("BearerToken", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Add authorization header. c.Request.Header.Add(Auth, "Bearer 69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0") // Check result. authType, authToken := Authorization(c) assert.Equal(t, AuthBearer, authType) assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", authToken) }) } func TestBasicAuth(t *testing.T) { t.Run("None", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // No headers have been set, so no token should be returned. user, pass, key := BasicAuth(c) assert.Equal(t, "", user) assert.Equal(t, "", pass) assert.Equal(t, "", key) }) t.Run("Found", func(t *testing.T) { gin.SetMode(gin.TestMode) w := httptest.NewRecorder() c, _ := gin.CreateTestContext(w) c.Request = &http.Request{ Header: make(http.Header), } // Add authorization header. c.Request.Header.Add(Auth, AuthBasic+" QWxhZGRpbjpvcGVuIHNlc2FtZQ==") // Check result. user, pass, key := BasicAuth(c) assert.Equal(t, "Aladdin", user) assert.Equal(t, "open sesame", pass) assert.Equal(t, "0cdb723383eb144043424a4a254461658d887396", key) }) }