oauth2-proxy/pkg/authentication/basic/htpasswd_test.go

package basic

import (
	"os"

	. "github.com/onsi/ginkgo/v2"
	. "github.com/onsi/gomega"
	"github.com/onsi/gomega/types"
)

const (
	adminUser     = "admin"
	adminPassword = "Adm1n1str$t0r"
	user1         = "user1"
	user1Password = "UsErOn3P455"
	user2         = "user2"
	user2Password = "us3r2P455W0Rd!"
)

var (
	fileNames []string
)

var _ = AfterSuite(func() {
	for _, v := range fileNames {
		err := os.Remove(v)
		Expect(err).ToNot(HaveOccurred())
	}
})

var _ = Describe("HTPasswd Suite", func() {
	Context("with an HTPassword Validator", func() {
		assertHtpasswdMapFromFile := func(filePath string) {
			var htpasswd *htpasswdMap
			var err error

			BeforeEach(func() {
				var validator Validator
				validator, err = NewHTPasswdValidator(filePath)

				var ok bool
				htpasswd, ok = validator.(*htpasswdMap)
				Expect(ok).To(BeTrue())
			})

			It("does not return an error", func() {
				Expect(err).ToNot(HaveOccurred())
			})

			It("has the correct number of users", func() {
				Expect(htpasswd.users).To(HaveLen(3))
			})

			It("accepts the correct passwords", func() {
				Expect(htpasswd.Validate(adminUser, adminPassword)).To(BeTrue())
				Expect(htpasswd.Validate(user1, user1Password)).To(BeTrue())
				Expect(htpasswd.Validate(user2, user2Password)).To(BeTrue())
			})

			It("rejects incorrect passwords", func() {
				Expect(htpasswd.Validate(adminUser, "asvdfda")).To(BeFalse())
				Expect(htpasswd.Validate(user1, "BHEdgbtr")).To(BeFalse())
				Expect(htpasswd.Validate(user2, "12345")).To(BeFalse())
			})

			It("rejects a non existent user", func() {
				// Users are case sensitive
				Expect(htpasswd.Validate("ADMIN", adminPassword)).To(BeFalse())
			})
		}

		Context("load from file", func() {
			Context("with sha1 entries", func() {
				const filePath = "./test/htpasswd-sha1.txt"

				assertHtpasswdMapFromFile(filePath)
			})

			Context("with bcrypt entries", func() {
				const filePath = "./test/htpasswd-bcrypt.txt"

				assertHtpasswdMapFromFile(filePath)
			})

			Context("with mixed entries", func() {
				const filePath = "./test/htpasswd-mixed.txt"

				assertHtpasswdMapFromFile(filePath)
			})

			Context("with a non existent file", func() {
				const filePath = "./test/htpasswd-doesnt-exist.txt"
				var validator Validator
				var err error

				BeforeEach(func() {
					validator, err = NewHTPasswdValidator(filePath)
				})

				It("returns an error", func() {
					Expect(err).To(MatchError("could not load htpasswd file: could not open htpasswd file: open ./test/htpasswd-doesnt-exist.txt: no such file or directory"))
				})

				It("returns a nil validator", func() {
					Expect(validator).To(BeNil())
				})
			})

			Context("htpasswd file is updated", func() {
				const filePathPrefix = "htpasswd-file-updated-"
				const adminUserHtpasswdEntry = "admin:$2y$05$SXWrNM7ldtbRzBvUC3VXyOvUeiUcP45XPwM93P5eeGOEPIiAZmJjC"
				const user1HtpasswdEntry = "user1:$2y$05$/sZYJOk8.3Etg4V6fV7puuXfCJLmV5Q7u3xvKpjBSJUka.t2YtmmG"

				type htpasswdUpdate struct {
					testText              string
					remove                bool
					expectedLen           int
					expectedGomegaMatcher types.GomegaMatcher
				}

				assertHtpasswdMapUpdate := func(hu htpasswdUpdate) {
					var validator Validator
					var file *os.File
					var err error

					// Create a temporary file with at least one entry
					file, err = os.CreateTemp("", filePathPrefix)
					Expect(err).ToNot(HaveOccurred())
					_, err = file.WriteString(adminUserHtpasswdEntry + "\n")
					Expect(err).ToNot(HaveOccurred())

					validator, err = NewHTPasswdValidator(file.Name())
					Expect(err).ToNot(HaveOccurred())

					htpasswd, ok := validator.(*htpasswdMap)
					Expect(ok).To(BeTrue())

					if hu.remove {
						// Overwrite the original file with another entry
						err = os.WriteFile(file.Name(), []byte(user1HtpasswdEntry+"\n"), 0644)
						Expect(err).ToNot(HaveOccurred())
					} else {
						// Add another entry to the original file in append mode
						_, err = file.WriteString(user1HtpasswdEntry + "\n")
						Expect(err).ToNot(HaveOccurred())
					}

					err = file.Close()
					Expect(err).ToNot(HaveOccurred())

					fileNames = append(fileNames, file.Name())

					It("has the correct number of users", func() {
						Expect(len(htpasswd.GetUsers())).To(Equal(hu.expectedLen))
					})

					It(hu.testText, func() {
						Expect(htpasswd.Validate(adminUser, adminPassword)).To(hu.expectedGomegaMatcher)
					})

					It("new entry is present", func() {
						Expect(htpasswd.Validate(user1, user1Password)).To(BeTrue())
					})
				}

				Context("htpasswd entry is added", func() {
					assertHtpasswdMapUpdate(htpasswdUpdate{"initial entry is present", false, 2, BeTrue()})
				})

				Context("htpasswd entry is removed", func() {
					assertHtpasswdMapUpdate(htpasswdUpdate{"initial entry is removed", true, 1, BeFalse()})
				})

			})
		})
	})
})
Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`package basic`

			`import (`
Watch the `htpasswd` file for changes and update the `htpasswdMap` (#1701) * dynamically update the htpasswdMap based on the changes made to the htpasswd file * added tests to validate that htpasswdMap is updated after the htpasswd file is changed * refactored `htpasswd` and `watcher` to lower cognitive complexity * returned errors and refactored tests * added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Fix lint issue from code suggestion * Wrap htpasswd load and watch errors with context * add the htpasswd wrapped error context to the test Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-09-01 21:46:00 +03:00			`"os"`

chore(deps): Updated to ginkgo v2 (#2459) * chore(deps): Updated to ginkgo v2 * fix basic auth test suite cleanup * fix redis store tests * add changelog entry --------- Co-authored-by: Jan Larwig <jan@larwig.com> 2024-07-18 22:41:02 +02:00			`. "github.com/onsi/ginkgo/v2"`
Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`. "github.com/onsi/gomega"`
Update go-redis/redis to v9. (#1847) * Update go-redis/redis to v9. - And updated redislock, testify, ginko and gomega have also been updated. - Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of https://github.com/go-redis/redis/blob/517938a6b083b8d4ffbc9d46c0bd9df19f10ffaf/CHANGELOG.md * Update CHANGELOG.md * Dropping dot import of the types since they created aliases now * fixing some error messages to make tests happy * updating more error messages that were changed to make tests happy * reverting error messages Co-authored-by: Muhammad Arham <marham@i2cinc.com> 2022-10-24 20:41:06 +05:00			`"github.com/onsi/gomega/types"`
Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`)`

			`const (`
			`adminUser = "admin"`
			`adminPassword = "Adm1n1str$t0r"`
			`user1 = "user1"`
			`user1Password = "UsErOn3P455"`
			`user2 = "user2"`
			`user2Password = "us3r2P455W0Rd!"`
			`)`

chore(deps): Updated to ginkgo v2 (#2459) * chore(deps): Updated to ginkgo v2 * fix basic auth test suite cleanup * fix redis store tests * add changelog entry --------- Co-authored-by: Jan Larwig <jan@larwig.com> 2024-07-18 22:41:02 +02:00			`var (`
			`fileNames []string`
			`)`

			`var _ = AfterSuite(func() {`
			`for _, v := range fileNames {`
			`err := os.Remove(v)`
			`Expect(err).ToNot(HaveOccurred())`
			`}`
			`})`

Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`var _ = Describe("HTPasswd Suite", func() {`
			`Context("with an HTPassword Validator", func() {`
			`assertHtpasswdMapFromFile := func(filePath string) {`
			`var htpasswd *htpasswdMap`
			`var err error`

			`BeforeEach(func() {`
			`var validator Validator`
			`validator, err = NewHTPasswdValidator(filePath)`

			`var ok bool`
			`htpasswd, ok = validator.(*htpasswdMap)`
			`Expect(ok).To(BeTrue())`
			`})`

			`It("does not return an error", func() {`
			`Expect(err).ToNot(HaveOccurred())`
			`})`

			`It("has the correct number of users", func() {`
			`Expect(htpasswd.users).To(HaveLen(3))`
			`})`

			`It("accepts the correct passwords", func() {`
			`Expect(htpasswd.Validate(adminUser, adminPassword)).To(BeTrue())`
			`Expect(htpasswd.Validate(user1, user1Password)).To(BeTrue())`
			`Expect(htpasswd.Validate(user2, user2Password)).To(BeTrue())`
			`})`

			`It("rejects incorrect passwords", func() {`
			`Expect(htpasswd.Validate(adminUser, "asvdfda")).To(BeFalse())`
			`Expect(htpasswd.Validate(user1, "BHEdgbtr")).To(BeFalse())`
			`Expect(htpasswd.Validate(user2, "12345")).To(BeFalse())`
			`})`

			`It("rejects a non existent user", func() {`
			`// Users are case sensitive`
			`Expect(htpasswd.Validate("ADMIN", adminPassword)).To(BeFalse())`
			`})`
			`}`

			`Context("load from file", func() {`
			`Context("with sha1 entries", func() {`
			`const filePath = "./test/htpasswd-sha1.txt"`

			`assertHtpasswdMapFromFile(filePath)`
			`})`

			`Context("with bcrypt entries", func() {`
			`const filePath = "./test/htpasswd-bcrypt.txt"`

			`assertHtpasswdMapFromFile(filePath)`
			`})`

			`Context("with mixed entries", func() {`
			`const filePath = "./test/htpasswd-mixed.txt"`

			`assertHtpasswdMapFromFile(filePath)`
			`})`

			`Context("with a non existent file", func() {`
			`const filePath = "./test/htpasswd-doesnt-exist.txt"`
			`var validator Validator`
			`var err error`

			`BeforeEach(func() {`
			`validator, err = NewHTPasswdValidator(filePath)`
			`})`

			`It("returns an error", func() {`
Watch the `htpasswd` file for changes and update the `htpasswdMap` (#1701) * dynamically update the htpasswdMap based on the changes made to the htpasswd file * added tests to validate that htpasswdMap is updated after the htpasswd file is changed * refactored `htpasswd` and `watcher` to lower cognitive complexity * returned errors and refactored tests * added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Fix lint issue from code suggestion * Wrap htpasswd load and watch errors with context * add the htpasswd wrapped error context to the test Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-09-01 21:46:00 +03:00			`Expect(err).To(MatchError("could not load htpasswd file: could not open htpasswd file: open ./test/htpasswd-doesnt-exist.txt: no such file or directory"))`
Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`})`

			`It("returns a nil validator", func() {`
			`Expect(validator).To(BeNil())`
			`})`
			`})`
Watch the `htpasswd` file for changes and update the `htpasswdMap` (#1701) * dynamically update the htpasswdMap based on the changes made to the htpasswd file * added tests to validate that htpasswdMap is updated after the htpasswd file is changed * refactored `htpasswd` and `watcher` to lower cognitive complexity * returned errors and refactored tests * added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Fix lint issue from code suggestion * Wrap htpasswd load and watch errors with context * add the htpasswd wrapped error context to the test Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-09-01 21:46:00 +03:00
			`Context("htpasswd file is updated", func() {`
			`const filePathPrefix = "htpasswd-file-updated-"`
			`const adminUserHtpasswdEntry = "admin:$2y$05$SXWrNM7ldtbRzBvUC3VXyOvUeiUcP45XPwM93P5eeGOEPIiAZmJjC"`
			`const user1HtpasswdEntry = "user1:$2y$05$/sZYJOk8.3Etg4V6fV7puuXfCJLmV5Q7u3xvKpjBSJUka.t2YtmmG"`

			`type htpasswdUpdate struct {`
			`testText string`
			`remove bool`
			`expectedLen int`
Update go-redis/redis to v9. (#1847) * Update go-redis/redis to v9. - And updated redislock, testify, ginko and gomega have also been updated. - Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of https://github.com/go-redis/redis/blob/517938a6b083b8d4ffbc9d46c0bd9df19f10ffaf/CHANGELOG.md * Update CHANGELOG.md * Dropping dot import of the types since they created aliases now * fixing some error messages to make tests happy * updating more error messages that were changed to make tests happy * reverting error messages Co-authored-by: Muhammad Arham <marham@i2cinc.com> 2022-10-24 20:41:06 +05:00			`expectedGomegaMatcher types.GomegaMatcher`
Watch the `htpasswd` file for changes and update the `htpasswdMap` (#1701) * dynamically update the htpasswdMap based on the changes made to the htpasswd file * added tests to validate that htpasswdMap is updated after the htpasswd file is changed * refactored `htpasswd` and `watcher` to lower cognitive complexity * returned errors and refactored tests * added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Fix lint issue from code suggestion * Wrap htpasswd load and watch errors with context * add the htpasswd wrapped error context to the test Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-09-01 21:46:00 +03:00			`}`

			`assertHtpasswdMapUpdate := func(hu htpasswdUpdate) {`
			`var validator Validator`
			`var file *os.File`
			`var err error`

			`// Create a temporary file with at least one entry`
			`file, err = os.CreateTemp("", filePathPrefix)`
			`Expect(err).ToNot(HaveOccurred())`
			`_, err = file.WriteString(adminUserHtpasswdEntry + "\n")`
			`Expect(err).ToNot(HaveOccurred())`

			`validator, err = NewHTPasswdValidator(file.Name())`
			`Expect(err).ToNot(HaveOccurred())`

			`htpasswd, ok := validator.(*htpasswdMap)`
			`Expect(ok).To(BeTrue())`

			`if hu.remove {`
			`// Overwrite the original file with another entry`
			`err = os.WriteFile(file.Name(), []byte(user1HtpasswdEntry+"\n"), 0644)`
			`Expect(err).ToNot(HaveOccurred())`
			`} else {`
			`// Add another entry to the original file in append mode`
			`_, err = file.WriteString(user1HtpasswdEntry + "\n")`
			`Expect(err).ToNot(HaveOccurred())`
			`}`

			`err = file.Close()`
			`Expect(err).ToNot(HaveOccurred())`

			`fileNames = append(fileNames, file.Name())`

			`It("has the correct number of users", func() {`
Protect htpasswd user list from race condition 2022-11-03 13:57:42 +01:00			`Expect(len(htpasswd.GetUsers())).To(Equal(hu.expectedLen))`
Watch the `htpasswd` file for changes and update the `htpasswdMap` (#1701) * dynamically update the htpasswdMap based on the changes made to the htpasswd file * added tests to validate that htpasswdMap is updated after the htpasswd file is changed * refactored `htpasswd` and `watcher` to lower cognitive complexity * returned errors and refactored tests * added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> * Fix lint issue from code suggestion * Wrap htpasswd load and watch errors with context * add the htpasswd wrapped error context to the test Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> 2022-09-01 21:46:00 +03:00			`})`

			`It(hu.testText, func() {`
			`Expect(htpasswd.Validate(adminUser, adminPassword)).To(hu.expectedGomegaMatcher)`
			`})`

			`It("new entry is present", func() {`
			`Expect(htpasswd.Validate(user1, user1Password)).To(BeTrue())`
			`})`
			`}`

			`Context("htpasswd entry is added", func() {`
			`assertHtpasswdMapUpdate(htpasswdUpdate{"initial entry is present", false, 2, BeTrue()})`
			`})`

			`Context("htpasswd entry is removed", func() {`
			`assertHtpasswdMapUpdate(htpasswdUpdate{"initial entry is removed", true, 1, BeFalse()})`
			`})`

			`})`
Add HTPasswdValidator to basic authentication package 2020-07-18 00:41:42 +01:00			`})`
			`})`
			`})`