mirror of
https://github.com/labstack/echo.git
synced 2024-12-26 20:54:00 +02:00
6d9e043284
This reintroduces support for Go modules, as v4. CloseNotifier() is removed as it has been obsoleted, see https://golang.org/doc/go1.11#net/http It was already NOT working (not sending signals) as of 1.11 the functionality was gone, we merely deleted the functions that exposed it. If anyone still relies on it they should migrate to using `c.Request().Context().Done()` instead. Closes #1268, #1255
72 lines
2.0 KiB
Go
72 lines
2.0 KiB
Go
package middleware
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestBasicAuth(t *testing.T) {
|
|
e := echo.New()
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
res := httptest.NewRecorder()
|
|
c := e.NewContext(req, res)
|
|
f := func(u, p string, c echo.Context) (bool, error) {
|
|
if u == "joe" && p == "secret" {
|
|
return true, nil
|
|
}
|
|
return false, nil
|
|
}
|
|
h := BasicAuth(f)(func(c echo.Context) error {
|
|
return c.String(http.StatusOK, "test")
|
|
})
|
|
|
|
assert := assert.New(t)
|
|
|
|
// Valid credentials
|
|
auth := basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
assert.NoError(h(c))
|
|
|
|
h = BasicAuthWithConfig(BasicAuthConfig{
|
|
Skipper: nil,
|
|
Validator: f,
|
|
Realm: "someRealm",
|
|
})(func(c echo.Context) error {
|
|
return c.String(http.StatusOK, "test")
|
|
})
|
|
|
|
// Valid credentials
|
|
auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
assert.NoError(h(c))
|
|
|
|
// Case-insensitive header scheme
|
|
auth = strings.ToUpper(basic) + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
assert.NoError(h(c))
|
|
|
|
// Invalid credentials
|
|
auth = basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:invalid-password"))
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
he := h(c).(*echo.HTTPError)
|
|
assert.Equal(http.StatusUnauthorized, he.Code)
|
|
assert.Equal(basic+` realm="someRealm"`, res.Header().Get(echo.HeaderWWWAuthenticate))
|
|
|
|
// Missing Authorization header
|
|
req.Header.Del(echo.HeaderAuthorization)
|
|
he = h(c).(*echo.HTTPError)
|
|
assert.Equal(http.StatusUnauthorized, he.Code)
|
|
|
|
// Invalid Authorization header
|
|
auth = base64.StdEncoding.EncodeToString([]byte("invalid"))
|
|
req.Header.Set(echo.HeaderAuthorization, auth)
|
|
he = h(c).(*echo.HTTPError)
|
|
assert.Equal(http.StatusUnauthorized, he.Code)
|
|
}
|