forked from openshift/osin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathutil_test.go
96 lines (81 loc) · 2.62 KB
/
util_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package osin
import (
"net/http"
"net/url"
"testing"
)
const (
badAuthValue = "Digest XHHHHHHH"
goodAuthValue = "Basic dGVzdDp0ZXN0"
)
func TestBasicAuth(t *testing.T) {
r := &http.Request{Header: make(http.Header)}
// Without any header
if b, err := CheckBasicAuth(r); b != nil || err != nil {
t.Errorf("Validated basic auth without header")
}
// with invalid header
r.Header.Set("Authorization", badAuthValue)
b, err := CheckBasicAuth(r)
if b != nil || err == nil {
t.Errorf("Validated invalid auth")
return
}
// with valid header
r.Header.Set("Authorization", goodAuthValue)
b, err = CheckBasicAuth(r)
if b == nil || err != nil {
t.Errorf("Could not extract basic auth")
return
}
// check extracted auth data
if b.Username != "test" || b.Password != "test" {
t.Errorf("Error decoding basic auth")
}
}
func TestGetClientAuth(t *testing.T) {
urlWithSecret, _ := url.Parse("http://host.tld/path?client_id=xxx&client_secret=yyy")
urlWithEmptySecret, _ := url.Parse("http://host.tld/path?client_id=xxx&client_secret=")
urlNoSecret, _ := url.Parse("http://host.tld/path?client_id=xxx")
headerNoAuth := make(http.Header)
headerBadAuth := make(http.Header)
headerBadAuth.Set("Authorization", badAuthValue)
headerOKAuth := make(http.Header)
headerOKAuth.Set("Authorization", goodAuthValue)
var tests = []struct {
header http.Header
url *url.URL
allowQueryParams bool
expectAuth bool
}{
{headerNoAuth, urlWithSecret, true, true},
{headerNoAuth, urlWithSecret, false, false},
{headerNoAuth, urlWithEmptySecret, true, true},
{headerNoAuth, urlWithEmptySecret, false, false},
{headerNoAuth, urlNoSecret, true, false},
{headerNoAuth, urlNoSecret, false, false},
{headerBadAuth, urlWithSecret, true, true},
{headerBadAuth, urlWithSecret, false, false},
{headerBadAuth, urlWithEmptySecret, true, true},
{headerBadAuth, urlWithEmptySecret, false, false},
{headerBadAuth, urlNoSecret, true, false},
{headerBadAuth, urlNoSecret, false, false},
{headerOKAuth, urlWithSecret, true, true},
{headerOKAuth, urlWithSecret, false, true},
{headerOKAuth, urlWithEmptySecret, true, true},
{headerOKAuth, urlWithEmptySecret, false, true},
{headerOKAuth, urlNoSecret, true, true},
{headerOKAuth, urlNoSecret, false, true},
}
for _, tt := range tests {
w := new(Response)
r := &http.Request{Header: tt.header, URL: tt.url}
r.ParseForm()
auth := getClientAuth(w, r, tt.allowQueryParams)
if tt.expectAuth && auth == nil {
t.Errorf("Auth should not be nil for %v", tt)
} else if !tt.expectAuth && auth != nil {
t.Errorf("Auth should be nil for %v", tt)
}
}
}