mirrors/dozzle
1
0
Fork 0
mirror of https://github.com/amir20/dozzle.git synced 2025-12-24 06:28:42 +01:00
Code Issues Projects Releases Wiki Activity

Adds more tests for auth

Browse Source
This commit is contained in:
Amir Raminfar
2021-04-11 14:46:59 -07:00
parent f822bd5ccd
commit f239d077a2
2 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/auth.go
View File

@@ -62,11 +62,11 @@ func (h *handler) isAuthorizationNeeded(r *http.Request) bool {
func (h *handler) validateCredentials(w http.ResponseWriter, r *http.Request) { func (h *handler) validateCredentials(w http.ResponseWriter, r *http.Request) {
if !secured { if !secured {
log.Panic("Validating credentials with secured=false should not happen") log.Panic("Validating credentials without username and password should not happen")
} }
if r.Method != "POST" { if r.Method != "POST" {
log.Fatal("Expecting method to be POST") log.Fatal("Expecting credential validation method to be POST")
http.Error(w, http.StatusText(http.StatusNotAcceptable), http.StatusNotAcceptable) http.Error(w, http.StatusText(http.StatusNotAcceptable), http.StatusNotAcceptable)
return return
} }

59
web/routes_test.go
View File

@@ -1,11 +1,13 @@
package web package web
import ( import (
"bytes"
"context" "context"
"errors" "errors"
"io" "io"
"io/fs" "io/fs"
"io/ioutil" "io/ioutil"
"mime/multipart"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"os" "os"
@@ -321,6 +323,63 @@ func Test_createRoutes_username_password_invalid(t *testing.T) {
abide.AssertHTTPResponse(t, t.Name(), rr.Result()) abide.AssertHTTPResponse(t, t.Name(), rr.Result())
} }
func Test_createRoutes_username_password_login_happy(t *testing.T) {
handler := createHandler(nil, nil, Config{Base: "/", Username: "amir", Password: "password", Key: "key"})
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
fw, err := writer.CreateFormField("username")
require.NoError(t, err, "Creating field should not be error.")
_, err = io.Copy(fw, strings.NewReader("amir"))
require.NoError(t, err, "Copying field should not result in error.")
fw, err = writer.CreateFormField("password")
require.NoError(t, err, "Creating field should not be error.")
_, err = io.Copy(fw, strings.NewReader("password"))
require.NoError(t, err, "Copying field should not result in error.")
writer.Close()
req, err := http.NewRequest("POST", "/api/validateCredentials", bytes.NewReader(body.Bytes()))
req.Header.Set("Content-Type", writer.FormDataContentType())
require.NoError(t, err, "NewRequest should not return an error.")
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
assert.Equal(t, rr.Code, 200)
cookie := rr.Header().Get("Set-Cookie")
assert.Matches(t, cookie, "session=.+")
}
func Test_createRoutes_username_password_login_failed(t *testing.T) {
handler := createHandler(nil, nil, Config{Base: "/", Username: "amir", Password: "password", Key: "key"})
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
fw, err := writer.CreateFormField("username")
require.NoError(t, err, "Creating field should not be error.")
_, err = io.Copy(fw, strings.NewReader("amir"))
require.NoError(t, err, "Copying field should not result in error.")
fw, err = writer.CreateFormField("password")
require.NoError(t, err, "Creating field should not be error.")
_, err = io.Copy(fw, strings.NewReader("bad"))
require.NoError(t, err, "Copying field should not result in error.")
writer.Close()
req, err := http.NewRequest("POST", "/api/validateCredentials", bytes.NewReader(body.Bytes()))
req.Header.Set("Content-Type", writer.FormDataContentType())
require.NoError(t, err, "NewRequest should not return an error.")
rr := httptest.NewRecorder()
handler.ServeHTTP(rr, req)
assert.Equal(t, rr.Code, 401)
}
func createHandler(client docker.Client, content fs.FS, config Config) *mux.Router { func createHandler(client docker.Client, content fs.FS, config Config) *mux.Router {
if client == nil { if client == nil {
client = new(MockedClient) client = new(MockedClient)