2017-01-03 06:12:06 +02:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2017-12-28 20:41:13 +02:00
|
|
|
"net/url"
|
|
|
|
"strings"
|
2017-01-03 06:12:06 +02:00
|
|
|
"testing"
|
|
|
|
|
2019-01-30 12:56:56 +02:00
|
|
|
"github.com/labstack/echo/v4"
|
2017-01-03 06:12:06 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestKeyAuth(t *testing.T) {
|
|
|
|
e := echo.New()
|
2018-10-14 17:16:58 +02:00
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
2017-12-28 20:41:13 +02:00
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
2017-01-03 06:12:06 +02:00
|
|
|
config := KeyAuthConfig{
|
2017-05-27 12:10:51 +02:00
|
|
|
Validator: func(key string, c echo.Context) (bool, error) {
|
|
|
|
return key == "valid-key", nil
|
2017-01-03 06:12:06 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
h := KeyAuthWithConfig(config)(func(c echo.Context) error {
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
})
|
|
|
|
|
2018-10-14 09:18:44 +02:00
|
|
|
assert := assert.New(t)
|
|
|
|
|
2017-01-03 06:12:06 +02:00
|
|
|
// Valid key
|
|
|
|
auth := DefaultKeyAuthConfig.AuthScheme + " " + "valid-key"
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.NoError(h(c))
|
2017-01-03 06:12:06 +02:00
|
|
|
|
|
|
|
// Invalid key
|
|
|
|
auth = DefaultKeyAuthConfig.AuthScheme + " " + "invalid-key"
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
|
|
he := h(c).(*echo.HTTPError)
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.Equal(http.StatusUnauthorized, he.Code)
|
2017-01-03 06:12:06 +02:00
|
|
|
|
|
|
|
// Missing Authorization header
|
|
|
|
req.Header.Del(echo.HeaderAuthorization)
|
|
|
|
he = h(c).(*echo.HTTPError)
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.Equal(http.StatusBadRequest, he.Code)
|
2017-01-03 06:12:06 +02:00
|
|
|
|
|
|
|
// Key from custom header
|
|
|
|
config.KeyLookup = "header:API-Key"
|
|
|
|
h = KeyAuthWithConfig(config)(func(c echo.Context) error {
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
})
|
|
|
|
req.Header.Set("API-Key", "valid-key")
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.NoError(h(c))
|
2017-01-03 06:12:06 +02:00
|
|
|
|
|
|
|
// Key from query string
|
|
|
|
config.KeyLookup = "query:key"
|
|
|
|
h = KeyAuthWithConfig(config)(func(c echo.Context) error {
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
})
|
|
|
|
q := req.URL.Query()
|
|
|
|
q.Add("key", "valid-key")
|
|
|
|
req.URL.RawQuery = q.Encode()
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.NoError(h(c))
|
2017-12-28 20:41:13 +02:00
|
|
|
|
|
|
|
// Key from form
|
|
|
|
config.KeyLookup = "form:key"
|
|
|
|
h = KeyAuthWithConfig(config)(func(c echo.Context) error {
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
})
|
|
|
|
f := make(url.Values)
|
|
|
|
f.Set("key", "valid-key")
|
2018-10-14 17:16:58 +02:00
|
|
|
req = httptest.NewRequest(http.MethodPost, "/", strings.NewReader(f.Encode()))
|
2017-12-28 20:41:13 +02:00
|
|
|
req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationForm)
|
|
|
|
c = e.NewContext(req, rec)
|
2018-10-14 09:18:44 +02:00
|
|
|
assert.NoError(h(c))
|
2017-01-03 06:12:06 +02:00
|
|
|
}
|