echo/middleware/basic_auth_test.go

package middleware

import (
	"encoding/base64"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/labstack/echo"
	"github.com/stretchr/testify/assert"
)

func TestBasicAuth(t *testing.T) {
	e := echo.New()
	req, _ := http.NewRequest(echo.GET, "/", nil)
	res := httptest.NewRecorder()
	c := e.NewContext(req, res)
	f := func(u, p string) bool {
		if u == "joe" && p == "secret" {
			return true
		}
		return false
	}
	h := BasicAuth(f)(func(c echo.Context) error {
		return c.String(http.StatusOK, "test")
	})

	// Valid credentials
	auth := basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
	req.Header.Set(echo.HeaderAuthorization, auth)
	assert.NoError(t, h(c))

	// Incorrect password
	auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:password"))
	req.Header.Set(echo.HeaderAuthorization, auth)
	he := h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)
	assert.Equal(t, basic+" realm=Restricted", res.Header().Get(echo.HeaderWWWAuthenticate))

	// Empty Authorization header
	req.Header.Set(echo.HeaderAuthorization, "")
	he = h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)

	// Invalid Authorization header
	auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
	req.Header.Set(echo.HeaderAuthorization, auth)
	he = h(c).(*echo.HTTPError)
	assert.Equal(t, http.StatusUnauthorized, he.Code)
}
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`package middleware`

			`import (`
			`"encoding/base64"`
			`"net/http"`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`"net/http/httptest"`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`"testing"`

			`"github.com/labstack/echo"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestBasicAuth(t *testing.T) {`
			`e := echo.New()`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`req, _ := http.NewRequest(echo.GET, "/", nil)`
			`res := httptest.NewRecorder()`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`c := e.NewContext(req, res)`
			`f := func(u, p string) bool {`
			`if u == "joe" && p == "secret" {`
			`return true`
			`}`
			`return false`
			`}`
			`h := BasicAuth(f)(func(c echo.Context) error {`
			`return c.String(http.StatusOK, "test")`
			`})`

			`// Valid credentials`
			`auth := basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`req.Header.Set(echo.HeaderAuthorization, auth)`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`assert.NoError(t, h(c))`

			`// Incorrect password`
			`auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:password"))`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`req.Header.Set(echo.HeaderAuthorization, auth)`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`he := h(c).(*echo.HTTPError)`
			`assert.Equal(t, http.StatusUnauthorized, he.Code)`
			`assert.Equal(t, basic+" realm=Restricted", res.Header().Get(echo.HeaderWWWAuthenticate))`

			`// Empty Authorization header`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`req.Header.Set(echo.HeaderAuthorization, "")`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`he = h(c).(*echo.HTTPError)`
Fixed basic auth to return 401 for error cases Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-28 07:09:33 -07:00			`assert.Equal(t, http.StatusUnauthorized, he.Code)`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00
			`// Invalid Authorization header`
			`auth = base64.StdEncoding.EncodeToString([]byte("invalid"))`
First commit to v3, #665 Signed-off-by: Vishal Rana <vr@labstack.com> 2016-09-22 22:53:44 -07:00			`req.Header.Set(echo.HeaderAuthorization, auth)`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`he = h(c).(*echo.HTTPError)`
Fixed basic auth to return 401 for error cases Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-28 07:09:33 -07:00			`assert.Equal(t, http.StatusUnauthorized, he.Code)`
Added method override middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2016-04-27 21:08:06 -07:00			`}`