echo/middleware/auth_test.go

package middleware

import (
	"encoding/base64"
	"net/http"
	"testing"

	"github.com/labstack/echo"
)

func TestBasicAuth(t *testing.T) {
	req, _ := http.NewRequest(echo.POST, "/", nil)
	res := &echo.Response{}
	c := echo.NewContext(req, res, echo.New())
	fn := func(u, p string) bool {
		if u == "joe" && p == "secret" {
			return true
		}
		return false
	}
	ba := BasicAuth(fn)

	//-------------------
	// Valid credentials
	//-------------------

	auth := Basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
	req.Header.Set(echo.Authorization, auth)
	if ba(c) != nil {
		t.Error("expected `pass`")
	}

	// Case insensitive
	auth = "basic " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
	req.Header.Set(echo.Authorization, auth)
	if ba(c) != nil {
		t.Error("expected `pass`, with case insensitive header.")
	}

	//---------------------
	// Invalid credentials
	//---------------------

	// Incorrect password
	auth = Basic + "  " + base64.StdEncoding.EncodeToString([]byte("joe:password"))
	req.Header.Set(echo.Authorization, auth)
	ba = BasicAuth(fn)
	he := ba(c).(*echo.HTTPError)
	if ba(c) == nil {
		t.Error("expected `fail`, with incorrect password.")
	} else if he.Code() != http.StatusUnauthorized {
		t.Errorf("expected status `401`, got %d", he.Code())
	}

	// Empty Authorization header
	req.Header.Set(echo.Authorization, "")
	ba = BasicAuth(fn)
	he = ba(c).(*echo.HTTPError)
	if he == nil {
		t.Error("expected `fail`, with empty Authorization header.")
	} else if he.Code() != http.StatusBadRequest {
		t.Errorf("expected status `400`, got %d", he.Code())
	}

	// Invalid Authorization header
	auth = base64.StdEncoding.EncodeToString([]byte(" :secret"))
	req.Header.Set(echo.Authorization, auth)
	ba = BasicAuth(fn)
	he = ba(c).(*echo.HTTPError)
	if he == nil {
		t.Error("expected `fail`, with invalid Authorization header.")
	} else if he.Code() != http.StatusBadRequest {
		t.Errorf("expected status `400`, got %d", he.Code())
	}

	// Invalid scheme
	auth = "Ace " + base64.StdEncoding.EncodeToString([]byte(" :secret"))
	req.Header.Set(echo.Authorization, auth)
	ba = BasicAuth(fn)
	he = ba(c).(*echo.HTTPError)
	if he == nil {
		t.Error("expected `fail`, with invalid scheme.")
	} else if he.Code() != http.StatusBadRequest {
		t.Errorf("expected status `400`, got %d", he.Code())
	}
}
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`package middleware`

			`import (`
			`"encoding/base64"`
			`"net/http"`
			`"testing"`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00
			`"github.com/labstack/echo"`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`)`

			`func TestBasicAuth(t *testing.T) {`
			`req, _ := http.NewRequest(echo.POST, "/", nil)`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			`res := &echo.Response{}`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`c := echo.NewContext(req, res, echo.New())`
			`fn := func(u, p string) bool {`
			`if u == "joe" && p == "secret" {`
			`return true`
			`}`
			`return false`
			`}`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`ba := BasicAuth(fn)`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00
			`//-------------------`
			`// Valid credentials`
			`//-------------------`

			`auth := Basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))`
			`req.Header.Set(echo.Authorization, auth)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`if ba(c) != nil {`
Refactored tests Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-16 21:49:01 +02:00			t.Error("expected `pass`")
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`

			`// Case insensitive`
			`auth = "basic " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))`
			`req.Header.Set(echo.Authorization, auth)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`if ba(c) != nil {`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			t.Error("expected `pass`, with case insensitive header.")
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`

			`//---------------------`
			`// Invalid credentials`
			`//---------------------`

Refactored tests Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-16 21:49:01 +02:00			`// Incorrect password`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`auth = Basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:password"))`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`req.Header.Set(echo.Authorization, auth)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`ba = BasicAuth(fn)`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`he := ba(c).(*echo.HTTPError)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`if ba(c) == nil {`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			t.Error("expected `fail`, with incorrect password.")
Encapsulated fields and exposed public functions. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-22 13:40:01 +02:00			`} else if he.Code() != http.StatusUnauthorized {`
			t.Errorf("expected status `401`, got %d", he.Code())
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			`}`

			`// Empty Authorization header`
			`req.Header.Set(echo.Authorization, "")`
			`ba = BasicAuth(fn)`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`he = ba(c).(*echo.HTTPError)`
			`if he == nil {`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			t.Error("expected `fail`, with empty Authorization header.")
Encapsulated fields and exposed public functions. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-22 13:40:01 +02:00			`} else if he.Code() != http.StatusBadRequest {`
			t.Errorf("expected status `400`, got %d", he.Code())
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`

Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			`// Invalid Authorization header`
Invalid auth test case Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 15:28:25 +02:00			`auth = base64.StdEncoding.EncodeToString([]byte(" :secret"))`
			`req.Header.Set(echo.Authorization, auth)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`ba = BasicAuth(fn)`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`he = ba(c).(*echo.HTTPError)`
			`if he == nil {`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			t.Error("expected `fail`, with invalid Authorization header.")
Encapsulated fields and exposed public functions. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-22 13:40:01 +02:00			`} else if he.Code() != http.StatusBadRequest {`
			t.Errorf("expected status `400`, got %d", he.Code())
Invalid auth test case Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 15:28:25 +02:00			`}`

Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`// Invalid scheme`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`auth = "Ace " + base64.StdEncoding.EncodeToString([]byte(" :secret"))`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`req.Header.Set(echo.Authorization, auth)`
Added slash middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-14 08:07:03 +02:00			`ba = BasicAuth(fn)`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`he = ba(c).(*echo.HTTPError)`
			`if he == nil {`
Added panic recover middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-18 07:54:29 +02:00			t.Error("expected `fail`, with invalid scheme.")
Encapsulated fields and exposed public functions. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-22 13:40:01 +02:00			`} else if he.Code() != http.StatusBadRequest {`
			t.Errorf("expected status `400`, got %d", he.Code())
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`}`