2017-01-03 06:12:06 +02:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
2021-05-08 21:25:11 +02:00
|
|
|
"errors"
|
2017-01-03 06:12:06 +02:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2017-12-28 20:41:13 +02:00
|
|
|
"strings"
|
2017-01-03 06:12:06 +02:00
|
|
|
"testing"
|
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
"github.com/labstack/echo/v5"
|
2017-01-03 06:12:06 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
2022-05-21 21:34:29 +02:00
|
|
|
func testKeyValidator(c echo.Context, key string, source ExtractorSource) (bool, error) {
|
2021-05-08 21:25:11 +02:00
|
|
|
switch key {
|
|
|
|
case "valid-key":
|
|
|
|
return true, nil
|
|
|
|
case "error-key":
|
|
|
|
return false, errors.New("some user defined error")
|
|
|
|
default:
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-01-03 06:12:06 +02:00
|
|
|
func TestKeyAuth(t *testing.T) {
|
2021-05-08 21:25:11 +02:00
|
|
|
handlerCalled := false
|
|
|
|
handler := func(c echo.Context) error {
|
|
|
|
handlerCalled = true
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
}
|
|
|
|
middlewareChain := KeyAuth(testKeyValidator)(handler)
|
|
|
|
|
2017-01-03 06:12:06 +02:00
|
|
|
e := echo.New()
|
2018-10-14 17:16:58 +02:00
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
2021-05-08 21:25:11 +02:00
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer valid-key")
|
2017-12-28 20:41:13 +02:00
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
2017-01-03 06:12:06 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
err := middlewareChain(c)
|
2018-10-14 09:18:44 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, handlerCalled)
|
|
|
|
}
|
2017-01-03 06:12:06 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
func TestKeyAuthWithConfig(t *testing.T) {
|
|
|
|
var testCases = []struct {
|
|
|
|
name string
|
|
|
|
givenRequestFunc func() *http.Request
|
|
|
|
givenRequest func(req *http.Request)
|
|
|
|
whenConfig func(conf *KeyAuthConfig)
|
|
|
|
expectHandlerCalled bool
|
|
|
|
expectError string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "ok, defaults, key from header",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer valid-key")
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ok, custom skipper",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer error-key")
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.Skipper = func(context echo.Context) bool {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, defaults, invalid key from header, Authorization: Bearer",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer invalid-key")
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=Unauthorized, internal=code=401, message=invalid key",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, defaults, invalid scheme in header",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bear valid-key")
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=invalid value in request header",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, defaults, missing header",
|
|
|
|
givenRequest: func(req *http.Request) {},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=missing value in request header",
|
2022-01-24 22:03:45 +02:00
|
|
|
},
|
2021-05-08 21:25:11 +02:00
|
|
|
{
|
|
|
|
name: "ok, custom key lookup, header",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set("API-Key", "valid-key")
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "header:API-Key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, custom key lookup, missing header",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "header:API-Key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=missing value in request header",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ok, custom key lookup, query",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
q := req.URL.Query()
|
|
|
|
q.Add("key", "valid-key")
|
|
|
|
req.URL.RawQuery = q.Encode()
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "query:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, custom key lookup, missing query param",
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "query:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=missing value in the query string",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ok, custom key lookup, form",
|
|
|
|
givenRequestFunc: func() *http.Request {
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", strings.NewReader("key=valid-key"))
|
|
|
|
req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationForm)
|
|
|
|
return req
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "form:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, custom key lookup, missing key in form",
|
|
|
|
givenRequestFunc: func() *http.Request {
|
|
|
|
req := httptest.NewRequest(http.MethodPost, "/", strings.NewReader("xxx=valid-key"))
|
|
|
|
req.Header.Set(echo.HeaderContentType, echo.MIMEApplicationForm)
|
|
|
|
return req
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "form:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=missing value in the form",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
2021-07-20 07:06:23 +02:00
|
|
|
{
|
|
|
|
name: "ok, custom key lookup, cookie",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.AddCookie(&http.Cookie{
|
|
|
|
Name: "key",
|
|
|
|
Value: "valid-key",
|
|
|
|
})
|
|
|
|
q := req.URL.Query()
|
|
|
|
q.Add("key", "valid-key")
|
|
|
|
req.URL.RawQuery = q.Encode()
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "cookie:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, custom key lookup, missing cookie param",
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "cookie:key"
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=401, message=missing key, internal=missing value in cookies",
|
2021-07-20 07:06:23 +02:00
|
|
|
},
|
2021-05-08 21:25:11 +02:00
|
|
|
{
|
|
|
|
name: "nok, custom errorHandler, error from extractor",
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "header:token"
|
2021-07-15 22:34:01 +02:00
|
|
|
conf.ErrorHandler = func(c echo.Context, err error) error {
|
2021-05-08 21:25:11 +02:00
|
|
|
httpError := echo.NewHTTPError(http.StatusTeapot, "custom")
|
|
|
|
httpError.Internal = err
|
|
|
|
return httpError
|
|
|
|
}
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
2021-07-15 22:34:01 +02:00
|
|
|
expectError: "code=418, message=custom, internal=missing value in request header",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, custom errorHandler, error from validator",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer error-key")
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
2021-07-15 22:34:01 +02:00
|
|
|
conf.ErrorHandler = func(c echo.Context, err error) error {
|
2021-05-08 21:25:11 +02:00
|
|
|
httpError := echo.NewHTTPError(http.StatusTeapot, "custom")
|
|
|
|
httpError.Internal = err
|
|
|
|
return httpError
|
|
|
|
}
|
|
|
|
},
|
|
|
|
expectHandlerCalled: false,
|
|
|
|
expectError: "code=418, message=custom, internal=some user defined error",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "nok, defaults, error from validator",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
req.Header.Set(echo.HeaderAuthorization, "Bearer error-key")
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {},
|
|
|
|
expectHandlerCalled: false,
|
2022-01-24 22:03:45 +02:00
|
|
|
expectError: "code=401, message=Unauthorized, internal=some user defined error",
|
2021-05-08 21:25:11 +02:00
|
|
|
},
|
2022-05-21 21:34:29 +02:00
|
|
|
{
|
|
|
|
name: "ok, custom validator checks source",
|
|
|
|
givenRequest: func(req *http.Request) {
|
|
|
|
q := req.URL.Query()
|
|
|
|
q.Add("key", "valid-key")
|
|
|
|
req.URL.RawQuery = q.Encode()
|
|
|
|
},
|
|
|
|
whenConfig: func(conf *KeyAuthConfig) {
|
|
|
|
conf.KeyLookup = "query:key"
|
|
|
|
conf.Validator = func(c echo.Context, key string, source ExtractorSource) (bool, error) {
|
|
|
|
if source == ExtractorSourceQuery {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
return false, errors.New("invalid source")
|
|
|
|
}
|
|
|
|
|
|
|
|
},
|
|
|
|
expectHandlerCalled: true,
|
|
|
|
},
|
2021-05-08 21:25:11 +02:00
|
|
|
}
|
2017-01-03 06:12:06 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
handlerCalled := false
|
|
|
|
handler := func(c echo.Context) error {
|
|
|
|
handlerCalled = true
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
}
|
|
|
|
config := KeyAuthConfig{
|
|
|
|
Validator: testKeyValidator,
|
|
|
|
}
|
|
|
|
if tc.whenConfig != nil {
|
|
|
|
tc.whenConfig(&config)
|
|
|
|
}
|
|
|
|
middlewareChain := KeyAuthWithConfig(config)(handler)
|
2017-01-03 06:12:06 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
e := echo.New()
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
|
|
if tc.givenRequestFunc != nil {
|
|
|
|
req = tc.givenRequestFunc()
|
|
|
|
}
|
|
|
|
if tc.givenRequest != nil {
|
|
|
|
tc.givenRequest(req)
|
|
|
|
}
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
2017-01-03 06:12:06 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
err := middlewareChain(c)
|
2017-12-28 20:41:13 +02:00
|
|
|
|
2021-05-08 21:25:11 +02:00
|
|
|
assert.Equal(t, tc.expectHandlerCalled, handlerCalled)
|
|
|
|
if tc.expectError != "" {
|
|
|
|
assert.EqualError(t, err, tc.expectError)
|
|
|
|
} else {
|
|
|
|
assert.NoError(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
2017-01-03 06:12:06 +02:00
|
|
|
}
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
func TestKeyAuthWithConfig_errors(t *testing.T) {
|
2022-01-24 22:03:45 +02:00
|
|
|
var testCases = []struct {
|
2021-07-15 22:34:01 +02:00
|
|
|
name string
|
|
|
|
whenConfig KeyAuthConfig
|
|
|
|
expectError string
|
2022-01-24 22:03:45 +02:00
|
|
|
}{
|
|
|
|
{
|
2021-07-15 22:34:01 +02:00
|
|
|
name: "ok, no error",
|
|
|
|
whenConfig: KeyAuthConfig{
|
2022-05-21 21:34:29 +02:00
|
|
|
Validator: func(c echo.Context, key string, source ExtractorSource) (bool, error) {
|
2021-07-15 22:34:01 +02:00
|
|
|
return false, nil
|
|
|
|
},
|
|
|
|
},
|
2022-01-24 22:03:45 +02:00
|
|
|
},
|
|
|
|
{
|
2021-07-15 22:34:01 +02:00
|
|
|
name: "ok, missing validator func",
|
|
|
|
whenConfig: KeyAuthConfig{
|
|
|
|
Validator: nil,
|
|
|
|
},
|
|
|
|
expectError: "echo key-auth middleware requires a validator function",
|
2022-01-24 22:03:45 +02:00
|
|
|
},
|
|
|
|
{
|
2021-07-15 22:34:01 +02:00
|
|
|
name: "ok, extractor source can not be split",
|
|
|
|
whenConfig: KeyAuthConfig{
|
|
|
|
KeyLookup: "nope",
|
2022-05-21 21:34:29 +02:00
|
|
|
Validator: func(c echo.Context, key string, source ExtractorSource) (bool, error) {
|
2021-07-15 22:34:01 +02:00
|
|
|
return false, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectError: "echo key-auth middleware could not create key extractor: extractor source for lookup could not be split into needed parts: nope",
|
2022-01-24 22:03:45 +02:00
|
|
|
},
|
|
|
|
{
|
2021-07-15 22:34:01 +02:00
|
|
|
name: "ok, no extractors",
|
|
|
|
whenConfig: KeyAuthConfig{
|
|
|
|
KeyLookup: "nope:nope",
|
2022-05-21 21:34:29 +02:00
|
|
|
Validator: func(c echo.Context, key string, source ExtractorSource) (bool, error) {
|
2021-07-15 22:34:01 +02:00
|
|
|
return false, nil
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expectError: "echo key-auth middleware could not create extractors from KeyLookup string",
|
2022-01-24 22:03:45 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2021-07-15 22:34:01 +02:00
|
|
|
mw, err := tc.whenConfig.ToMiddleware()
|
|
|
|
if tc.expectError != "" {
|
|
|
|
assert.Nil(t, mw)
|
|
|
|
assert.EqualError(t, err, tc.expectError)
|
|
|
|
} else {
|
|
|
|
assert.NotNil(t, mw)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
func TestMustKeyAuthWithConfig_panic(t *testing.T) {
|
|
|
|
assert.Panics(t, func() {
|
|
|
|
KeyAuthWithConfig(KeyAuthConfig{})
|
|
|
|
})
|
|
|
|
}
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
func TestKeyAuth_errorHandlerSwallowsError(t *testing.T) {
|
|
|
|
handlerCalled := false
|
|
|
|
var authValue string
|
|
|
|
handler := func(c echo.Context) error {
|
|
|
|
handlerCalled = true
|
|
|
|
authValue = c.Get("auth").(string)
|
|
|
|
return c.String(http.StatusOK, "test")
|
|
|
|
}
|
|
|
|
middlewareChain := KeyAuthWithConfig(KeyAuthConfig{
|
|
|
|
Validator: testKeyValidator,
|
|
|
|
ErrorHandler: func(c echo.Context, err error) error {
|
|
|
|
// could check error to decide if we can swallow the error
|
|
|
|
c.Set("auth", "public")
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
ContinueOnIgnoredError: true,
|
|
|
|
})(handler)
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
e := echo.New()
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
|
|
// no auth header this time
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
c := e.NewContext(req, rec)
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
err := middlewareChain(c)
|
2022-01-24 22:03:45 +02:00
|
|
|
|
2021-07-15 22:34:01 +02:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.True(t, handlerCalled)
|
|
|
|
assert.Equal(t, "public", authValue)
|
2022-01-24 22:03:45 +02:00
|
|
|
}
|