|
|
@@ -0,0 +1,106 @@
|
|
|
+package auth
|
|
|
+
|
|
|
+import (
|
|
|
+ "net/http/httptest"
|
|
|
+ "testing"
|
|
|
+
|
|
|
+ authpublic "github.com/OliveTin/OliveTin/internal/auth/authpublic"
|
|
|
+ config "github.com/OliveTin/OliveTin/internal/config"
|
|
|
+ "github.com/stretchr/testify/assert"
|
|
|
+ "github.com/stretchr/testify/require"
|
|
|
+)
|
|
|
+
|
|
|
+func TestCheckUserFromLocalBearerApiKey_Match_LowercaseBearerScheme(t *testing.T) {
|
|
|
+ t.Parallel()
|
|
|
+
|
|
|
+ cfg := config.DefaultConfig()
|
|
|
+ cfg.AuthLocalUsers.Enabled = true
|
|
|
+ cfg.AuthLocalUsers.Users = []*config.LocalUser{{
|
|
|
+ Username: "bot",
|
|
|
+ Usergroup: "bots",
|
|
|
+ ApiKey: "secret-api-key",
|
|
|
+ }}
|
|
|
+
|
|
|
+ req := httptest.NewRequest("POST", "/", nil)
|
|
|
+ req.Header.Set("Authorization", "bearer secret-api-key")
|
|
|
+
|
|
|
+ ctx := &authpublic.AuthCheckingContext{Request: req, Config: cfg}
|
|
|
+ user := checkUserFromLocalBearerApiKey(ctx)
|
|
|
+ require.NotNil(t, user)
|
|
|
+ assert.Equal(t, "bot", user.Username)
|
|
|
+ assert.Equal(t, "bots", user.UsergroupLine)
|
|
|
+ assert.Equal(t, "local", user.Provider)
|
|
|
+}
|
|
|
+
|
|
|
+func TestCheckUserFromLocalBearerApiKey_Match(t *testing.T) {
|
|
|
+ t.Parallel()
|
|
|
+
|
|
|
+ cfg := config.DefaultConfig()
|
|
|
+ cfg.AuthLocalUsers.Enabled = true
|
|
|
+ cfg.AuthLocalUsers.Users = []*config.LocalUser{{
|
|
|
+ Username: "bot",
|
|
|
+ Usergroup: "bots",
|
|
|
+ ApiKey: "secret-api-key",
|
|
|
+ }}
|
|
|
+
|
|
|
+ req := httptest.NewRequest("POST", "/", nil)
|
|
|
+ req.Header.Set("Authorization", "Bearer secret-api-key")
|
|
|
+
|
|
|
+ ctx := &authpublic.AuthCheckingContext{Request: req, Config: cfg}
|
|
|
+ user := checkUserFromLocalBearerApiKey(ctx)
|
|
|
+ require.NotNil(t, user)
|
|
|
+ assert.Equal(t, "bot", user.Username)
|
|
|
+ assert.Equal(t, "bots", user.UsergroupLine)
|
|
|
+ assert.Equal(t, "local", user.Provider)
|
|
|
+}
|
|
|
+
|
|
|
+func TestCheckUserFromLocalBearerApiKey_WrongKey(t *testing.T) {
|
|
|
+ t.Parallel()
|
|
|
+
|
|
|
+ cfg := config.DefaultConfig()
|
|
|
+ cfg.AuthLocalUsers.Enabled = true
|
|
|
+ cfg.AuthLocalUsers.Users = []*config.LocalUser{{
|
|
|
+ Username: "bot",
|
|
|
+ ApiKey: "secret-api-key",
|
|
|
+ }}
|
|
|
+
|
|
|
+ req := httptest.NewRequest("POST", "/", nil)
|
|
|
+ req.Header.Set("Authorization", "Bearer wrong")
|
|
|
+
|
|
|
+ ctx := &authpublic.AuthCheckingContext{Request: req, Config: cfg}
|
|
|
+ assert.Nil(t, checkUserFromLocalBearerApiKey(ctx))
|
|
|
+}
|
|
|
+
|
|
|
+func TestCheckUserFromLocalBearerApiKey_DisabledLocalUsers(t *testing.T) {
|
|
|
+ t.Parallel()
|
|
|
+
|
|
|
+ cfg := config.DefaultConfig()
|
|
|
+ cfg.AuthLocalUsers.Enabled = false
|
|
|
+ cfg.AuthLocalUsers.Users = []*config.LocalUser{{
|
|
|
+ Username: "bot",
|
|
|
+ ApiKey: "secret-api-key",
|
|
|
+ }}
|
|
|
+
|
|
|
+ req := httptest.NewRequest("POST", "/", nil)
|
|
|
+ req.Header.Set("Authorization", "Bearer secret-api-key")
|
|
|
+
|
|
|
+ ctx := &authpublic.AuthCheckingContext{Request: req, Config: cfg}
|
|
|
+ assert.Nil(t, checkUserFromLocalBearerApiKey(ctx))
|
|
|
+}
|
|
|
+
|
|
|
+func TestCheckUserFromLocalBearerApiKey_NoBearerPrefix(t *testing.T) {
|
|
|
+ t.Parallel()
|
|
|
+
|
|
|
+ cfg := config.DefaultConfig()
|
|
|
+ cfg.AuthLocalUsers.Enabled = true
|
|
|
+ cfg.AuthLocalUsers.Users = []*config.LocalUser{{
|
|
|
+ Username: "bot",
|
|
|
+ ApiKey: "secret-api-key",
|
|
|
+ }}
|
|
|
+
|
|
|
+ req := httptest.NewRequest("POST", "/", nil)
|
|
|
+ req.Header.Set("Authorization", "secret-api-key")
|
|
|
+
|
|
|
+ ctx := &authpublic.AuthCheckingContext{Request: req, Config: cfg}
|
|
|
+ assert.Nil(t, checkUserFromLocalBearerApiKey(ctx))
|
|
|
+}
|