go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-01-23 10:41:03 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
3bd3117182
iris/middleware/basicauth/basicauth_test.go
Gerasimos (Makis) Maropoulos 6add1ba49b
fix #2158 and more
2023-07-08 02:08:18 +03:00

158 lines
5.7 KiB
Go
Raw Blame History

// Package basicauth_tests performs black-box testing of the basicauth middleware.
// Note that, a secondary test is also available at: _examples/auth/basicauth/main_test.go
package basicauth_test
import (
"fmt"
"testing"
"github.com/kataras/iris/v12"
"github.com/kataras/iris/v12/httptest"
"github.com/kataras/iris/v12/middleware/basicauth"
)
func TestBasicAuthUseRouter(t *testing.T) {
app := iris.New()
users := map[string]string{
"usr": "pss",
"admin": "admin",
}
auth := basicauth.New(basicauth.Options{
Allow: basicauth.AllowUsers(users),
Realm: basicauth.DefaultRealm,
MaxTries: 1,
})
app.UseRouter(auth)
app.Get("/user_json", func(ctx iris.Context) {
ctx.JSON(ctx.User())
})
app.Get("/user_string", func(ctx iris.Context) {
user := ctx.User()
authorization, _ := user.GetAuthorization()
username, _ := user.GetUsername()
password, _ := user.GetPassword()
ctx.Writef("%s\n%s\n%s", authorization, username, password)
})
app.Get("/", func(ctx iris.Context) {
username, _, _ := ctx.Request().BasicAuth()
ctx.Writef("Hello, %s!", username)
})
app.Subdomain("static").Get("/", func(ctx iris.Context) {
username, _, _ := ctx.Request().BasicAuth()
ctx.Writef("Static, %s", username)
})
resetWithUseRouter := app.Subdomain("reset_with_use_router").ResetRouterFilters()
resetWithUseRouter.UseRouter(func(ctx iris.Context) {
ctx.Record()
ctx.Writef("with use router\n")
ctx.Next()
})
resetWithUseRouter.Get("/", func(ctx iris.Context) {
username, _, _ := ctx.Request().BasicAuth()
ctx.Writef("%s", username) // username should be empty.
})
// ^ order of these should not matter.
app.Subdomain("reset").ResetRouterFilters().Get("/", func(ctx iris.Context) {
username, _, _ := ctx.Request().BasicAuth()
ctx.Writef("%s", username) // username should be empty.
})
e := httptest.New(t, app.Configure(
iris.WithFireMethodNotAllowed,
iris.WithResetOnFireErrorCode,
))
for username, password := range users {
// Test pass authentication and route found.
e.GET("/").WithBasicAuth(username, password).Expect().
Status(httptest.StatusOK).Body().IsEqual(fmt.Sprintf("Hello, %s!", username))
e.GET("/user_json").WithBasicAuth(username, password).Expect().
Status(httptest.StatusOK).JSON().Object().ContainsMap(iris.Map{
"username": username,
})
e.GET("/user_string").WithBasicAuth(username, password).Expect().
Status(httptest.StatusOK).Body().
Equal(fmt.Sprintf("%s\n%s\n%s", "Basic Authentication", username, password))
// Test empty auth.
e.GET("/").Expect().Status(httptest.StatusUnauthorized).Body().IsEqual("Unauthorized")
// Test invalid auth.
e.GET("/").WithBasicAuth(username, "invalid_password").Expect().
Status(httptest.StatusForbidden)
e.GET("/").WithBasicAuth("invaid_username", password).Expect().
Status(httptest.StatusForbidden)
// Test different method, it should pass the authentication (no stop on 401)
// but it doesn't fire the GET route, instead it gives 405.
e.POST("/").WithBasicAuth(username, password).Expect().
Status(httptest.StatusMethodNotAllowed).Body().IsEqual("Method Not Allowed")
// Test pass the authentication but route not found.
e.GET("/notfound").WithBasicAuth(username, password).Expect().
Status(httptest.StatusNotFound).Body().IsEqual("Not Found")
// Test empty auth.
e.GET("/notfound").Expect().Status(httptest.StatusUnauthorized).Body().IsEqual("Unauthorized")
// Test invalid auth.
e.GET("/notfound").WithBasicAuth(username, "invalid_password").Expect().
Status(httptest.StatusForbidden)
e.GET("/notfound").WithBasicAuth("invaid_username", password).Expect().
Status(httptest.StatusForbidden)
// Test subdomain inherited.
sub := e.Builder(func(req *httptest.Request) {
req.WithURL("http://static.mydomain.com")
})
// Test pass and route found.
sub.GET("/").WithBasicAuth(username, password).Expect().
Status(httptest.StatusOK).Body().IsEqual(fmt.Sprintf("Static, %s", username))
// Test empty auth.
sub.GET("/").Expect().Status(httptest.StatusUnauthorized)
// Test invalid auth.
sub.GET("/").WithBasicAuth(username, "invalid_password").Expect().
Status(httptest.StatusForbidden)
sub.GET("/").WithBasicAuth("invaid_username", password).Expect().
Status(httptest.StatusForbidden)
// Test pass the authentication but route not found.
sub.GET("/notfound").WithBasicAuth(username, password).Expect().
Status(httptest.StatusNotFound).Body().IsEqual("Not Found")
// Test empty auth.
sub.GET("/notfound").Expect().Status(httptest.StatusUnauthorized).Body().IsEqual("Unauthorized")
// Test invalid auth.
sub.GET("/notfound").WithBasicAuth(username, "invalid_password").Expect().
Status(httptest.StatusForbidden)
sub.GET("/notfound").WithBasicAuth("invaid_username", password).Expect().
Status(httptest.StatusForbidden)
// Test a reset-ed Party with a single one UseRouter
// which writes on matched routes and reset and send the error on errors.
// (all should pass without auth).
sub = e.Builder(func(req *httptest.Request) {
req.WithURL("http://reset_with_use_router.mydomain.com")
})
sub.GET("/").Expect().Status(httptest.StatusOK).Body().IsEqual("with use router\n")
sub.POST("/").Expect().Status(httptest.StatusMethodNotAllowed).Body().IsEqual("Method Not Allowed")
sub.GET("/notfound").Expect().Status(httptest.StatusNotFound).Body().IsEqual("Not Found")
// Test a reset-ed Party (all should pass without auth).
sub = e.Builder(func(req *httptest.Request) {
req.WithURL("http://reset.mydomain.com")
})
sub.GET("/").Expect().Status(httptest.StatusOK).Body().IsEmpty()
sub.POST("/").Expect().Status(httptest.StatusMethodNotAllowed).Body().IsEqual("Method Not Allowed")
sub.GET("/notfound").Expect().Status(httptest.StatusNotFound).Body().IsEqual("Not Found")
}
}
Reference in New Issue View Git Blame Copy Permalink