a4e2bb33b9
Signed-off-by: Michael Mayer <michael@photoprism.app>
195 lines
5.2 KiB
Go
195 lines
5.2 KiB
Go
package header
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/photoprism/photoprism/pkg/rnd"
|
|
)
|
|
|
|
func TestAuthToken(t *testing.T) {
|
|
t.Run("None", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// No headers have been set, so no token should be returned.
|
|
token := AuthToken(c)
|
|
assert.Equal(t, "", token)
|
|
})
|
|
t.Run("BearerToken", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Set Bearer Authorization header to a random value generated by rnd.AuthToken().
|
|
expected := rnd.AuthToken()
|
|
SetAuthorization(c.Request, expected)
|
|
|
|
// Check header for expected token.
|
|
authToken := AuthToken(c)
|
|
assert.Equal(t, expected, authToken)
|
|
bearerToken := BearerToken(c)
|
|
assert.Equal(t, authToken, bearerToken)
|
|
})
|
|
t.Run("XAuthToken", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Set X-Auth-Token header to a random value generated by rnd.AuthToken().
|
|
expected := rnd.AuthToken()
|
|
c.Request.Header.Add(XAuthToken, expected)
|
|
|
|
// Check header for expected token.
|
|
authToken := AuthToken(c)
|
|
assert.Equal(t, expected, authToken)
|
|
bearerToken := BearerToken(c)
|
|
assert.Equal(t, "", bearerToken)
|
|
})
|
|
t.Run("XSessionID", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Set X-Session-ID header to a random value generated by rnd.AuthToken().
|
|
expected := rnd.AuthToken()
|
|
c.Request.Header.Add(XSessionID, expected)
|
|
|
|
// Check header for expected token.
|
|
authToken := AuthToken(c)
|
|
assert.Equal(t, expected, authToken)
|
|
bearerToken := BearerToken(c)
|
|
assert.Equal(t, "", bearerToken)
|
|
})
|
|
t.Run("AppPassword", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Set X-Auth-Token header to a random value generated by rnd.AppPassword().
|
|
expected := rnd.AppPassword()
|
|
c.Request.Header.Add(XAuthToken, expected)
|
|
|
|
// Check header for expected token.
|
|
authToken := AuthToken(c)
|
|
assert.Equal(t, expected, authToken)
|
|
bearerToken := BearerToken(c)
|
|
assert.Equal(t, "", bearerToken)
|
|
})
|
|
}
|
|
|
|
func TestBearerToken(t *testing.T) {
|
|
t.Run("None", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// No headers have been set, so no token should be returned.
|
|
token := BearerToken(c)
|
|
assert.Equal(t, "", token)
|
|
})
|
|
t.Run("Found", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Add authorization header.
|
|
SetAuthorization(c.Request, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0")
|
|
|
|
// Check result.
|
|
token := BearerToken(c)
|
|
assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", token)
|
|
})
|
|
}
|
|
|
|
func TestAuthorization(t *testing.T) {
|
|
t.Run("None", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// No headers have been set, so no token should be returned.
|
|
authType, authToken := Authorization(c)
|
|
assert.Equal(t, "", authType)
|
|
assert.Equal(t, "", authToken)
|
|
})
|
|
t.Run("BearerToken", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Add authorization header.
|
|
c.Request.Header.Add(Auth, "Bearer 69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0")
|
|
|
|
// Check result.
|
|
authType, authToken := Authorization(c)
|
|
assert.Equal(t, AuthBearer, authType)
|
|
assert.Equal(t, "69be27ac5ca305b394046a83f6fda18167ca3d3f2dbe7ac0", authToken)
|
|
})
|
|
}
|
|
|
|
func TestBasicAuth(t *testing.T) {
|
|
t.Run("None", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// No headers have been set, so no token should be returned.
|
|
user, pass, key := BasicAuth(c)
|
|
assert.Equal(t, "", user)
|
|
assert.Equal(t, "", pass)
|
|
assert.Equal(t, "", key)
|
|
})
|
|
t.Run("Found", func(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
w := httptest.NewRecorder()
|
|
c, _ := gin.CreateTestContext(w)
|
|
c.Request = &http.Request{
|
|
Header: make(http.Header),
|
|
}
|
|
|
|
// Add authorization header.
|
|
c.Request.Header.Add(Auth, AuthBasic+" QWxhZGRpbjpvcGVuIHNlc2FtZQ==")
|
|
|
|
// Check result.
|
|
user, pass, key := BasicAuth(c)
|
|
assert.Equal(t, "Aladdin", user)
|
|
assert.Equal(t, "open sesame", pass)
|
|
assert.Equal(t, "0cdb723383eb144043424a4a254461658d887396", key)
|
|
})
|
|
}
|