as 'regular' access control errors don't have a context, they are not…

… relevant for the problem
coupergateway · Apr 6, 2023 · 3a8b319 · 3a8b319
1 parent 956c6fc
commit 3a8b319
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 163 deletions.
diff --git a/server/http_error_handler_test.go b/server/http_error_handler_test.go
@@ -390,44 +390,35 @@ func TestErrorHandler_SuperKind(t *testing.T) {
 	defer shutdown()
 
 	type testcase struct {
-		name          string
-		path          string
-		sendToken     bool
-		sendWrongPass bool
-		expFrom       string
+		name      string
+		path      string
+		sendToken bool
+		expFrom   string
 	}
 
 	for _, tc := range []testcase{
-		{"ba: *", "/ba1", false, false, "*"},
-		{"ba: *, access_control", "/ba2", false, false, "access_control"},
-		{"ba: *, access_control, basic_auth", "/ba3", false, false, "basic_auth"},
-		{"ba: *, access_control, basic_auth, basic_auth_credentials_missing", "/ba4", false, false, "basic_auth_credentials_missing"},
-		{"ba wrong password: *, access_control, basic_auth, basic_auth_credentials_missing", "/ba4", false, true, "basic_auth"},
-		{"jwt: *", "/jwt1", true, false, "*"},
-		{"jwt: *, access_control", "/jwt2", true, false, "access_control"},
-		{"jwt: *, access_control, insufficient_permissions", "/jwt3", true, false, "insufficient_permissions"},
-		{"ep: *", "/ep1", false, false, "*"},
-		{"ep: *, endpoint", "/ep2", false, false, "endpoint"},
-		{"ep: *, endpoint, unexpected_status", "/ep3", false, false, "unexpected_status"},
-		{"be: *", "/be1", false, false, "*"},
-		{"be: *, backend", "/be2", false, false, "backend"},
-		{"be: *, backend, backend_timeout", "/be3", false, false, "backend_timeout"},
-		{"be: backend, backend_timeout", "/be4", false, false, "backend_timeout"},
-		{"be: backend", "/be5", false, false, "backend"},
-		{"be dial error: *, backend", "/be-dial", false, false, "backend"},
+		{"ac: handler for *", "/ac1", true, "*"},
+		{"ac: handlers for *, access_control", "/ac2", true, "access_control"},
+		{"ac: handlers for *, access_control, insufficient_permissions", "/ac3", true, "insufficient_permissions"},
+		{"ep: handler for *", "/ep1", false, "*"},
+		{"ep: handlers for *, endpoint", "/ep2", false, "endpoint"},
+		{"ep: handlers for *, endpoint, unexpected_status", "/ep3", false, "unexpected_status"},
+		{"be: handler for *", "/be1", false, "*"},
+		{"be: handlers for *, backend", "/be2", false, "backend"},
+		{"be: handlers for *, backend, backend_timeout", "/be3", false, "backend_timeout"},
+		{"be: handlers for backend, backend_timeout", "/be4", false, "backend_timeout"},
+		{"be: handler for backend", "/be5", false, "backend"},
+		{"be dial error: handlers for *, backend", "/be-dial", false, "backend"},
 	} {
 		t.Run(tc.name, func(st *testing.T) {
 			h := test.New(st)
 			req, err := http.NewRequest(http.MethodGet, "http://localhost:8080"+tc.path, nil)
 			h.Must(err)
 
 			if tc.sendToken {
-				// not needed for non-jwt tests
+				// not needed for non-ac tests
 				req.Header.Set("Authorization", "Bearer "+token)
 			}
-			if tc.sendWrongPass {
-				req.SetBasicAuth("", "wrong")
-			}
 
 			res, err := client.Do(req)
 			h.Must(err)

diff --git a/server/testdata/integration/error_handler/09_couper.hcl b/server/testdata/integration/error_handler/09_couper.hcl
@@ -1,33 +1,5 @@
 server {
-  endpoint "/ba1" {
-    access_control = ["ba1"]
-
-    response {
-    }
-  }
-
-  endpoint "/ba2" {
-    access_control = ["ba2"]
-
-    response {
-    }
-  }
-
-  endpoint "/ba3" {
-    access_control = ["ba3"]
-
-    response {
-    }
-  }
-
-  endpoint "/ba4" {
-    access_control = ["ba4"]
-
-    response {
-    }
-  }
-
-  endpoint "/jwt1" {
+  endpoint "/ac1" {
     access_control = ["at"]
     required_permission = "rp"
 
@@ -44,7 +16,7 @@ server {
     }
   }
 
-  endpoint "/jwt2" {
+  endpoint "/ac2" {
     access_control = ["at"]
     required_permission = "rp"
 
@@ -70,7 +42,7 @@ server {
     }
   }
 
-  endpoint "/jwt3" {
+  endpoint "/ac3" {
     access_control = ["at"]
     required_permission = "rp"
 
@@ -343,112 +315,6 @@ server {
 }
 
 definitions {
-  basic_auth "ba1" {
-    password = "asdf"
-
-    error_handler "*" {
-      response {
-        status = 204
-        headers = {
-          from = "*"
-        }
-      }
-    }
-  }
-
-  basic_auth "ba2" {
-    password = "asdf"
-
-    error_handler "*" {
-      response {
-        status = 204
-        headers = {
-          from = "*"
-        }
-      }
-    }
-
-    error_handler "access_control" {
-      response {
-        status = 204
-        headers = {
-          from = "access_control"
-        }
-      }
-    }
-  }
-
-  basic_auth "ba3" {
-    password = "asdf"
-
-    error_handler "*" {
-      response {
-        status = 204
-        headers = {
-          from = "*"
-        }
-      }
-    }
-
-    error_handler "access_control" {
-      response {
-        status = 204
-        headers = {
-          from = "access_control"
-        }
-      }
-    }
-
-    error_handler "basic_auth" {
-      response {
-        status = 204
-        headers = {
-          from = "basic_auth"
-        }
-      }
-    }
-  }
-
-  basic_auth "ba4" {
-    password = "asdf"
-
-    error_handler "*" {
-      response {
-        status = 204
-        headers = {
-          from = "*"
-        }
-      }
-    }
-
-    error_handler "access_control" {
-      response {
-        status = 204
-        headers = {
-          from = "access_control"
-        }
-      }
-    }
-
-    error_handler "basic_auth" {
-      response {
-        status = 204
-        headers = {
-          from = "basic_auth"
-        }
-      }
-    }
-
-    error_handler "basic_auth_credentials_missing" {
-      response {
-        status = 204
-        headers = {
-          from = "basic_auth_credentials_missing"
-        }
-      }
-    }
-  }
-
   jwt "at" {
     signature_algorithm = "HS256"
     key = "asdf"