1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
package authz
import (
"context"
"fmt"
"net/http"
"net/http/httptest"
"testing"
"git.ofmax.li/go-git-server/internal/admin"
"github.com/casbin/casbin/v2"
)
func junkTestHandler() http.HandlerFunc {
return func(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(http.StatusOK)
}
}
func TestAuthentication(t *testing.T) {
badToken, _, _ := GenerateNewToken()
token, hash, _ := GenerateNewToken()
okUserName := "tester"
badUserName := "badb00"
tm := TokenMap{}
tm["uid:tester"] = hash
cases := []struct {
description string
username string
token string
tm TokenMap
statusCode int
handler http.HandlerFunc
}{
{
username: okUserName,
token: token,
tm: tm,
statusCode: http.StatusOK,
description: "Good Login",
handler: func(rw http.ResponseWriter, req *http.Request) {
ctx := req.Context()
uid := ctx.Value("urn")
if uid != fmt.Sprintf("uid:%s", okUserName) {
t.Fatal("Context UID not set")
}
},
},
{
username: badUserName,
token: token,
tm: tm,
statusCode: http.StatusForbidden,
description: "Bad usename",
handler: junkTestHandler(),
},
{
username: okUserName,
token: badToken,
tm: tm,
statusCode: http.StatusForbidden,
description: "Bad token",
handler: junkTestHandler(),
},
}
for _, tc := range cases {
authHandler := Authentication(tc.tm, tc.handler)
req := httptest.NewRequest(http.MethodGet, "https://git.ofmax.li", nil)
req.SetBasicAuth(tc.username, tc.token)
recorder := httptest.NewRecorder()
authHandler.ServeHTTP(recorder, req)
result := recorder.Result()
if result.StatusCode != tc.statusCode {
t.Fatalf("Test Case %s failed Expected: %d Found: %d",
tc.description, tc.statusCode, result.StatusCode)
}
t.Logf("Test Case: %s Expected: %d Found: %d",
tc.description, tc.statusCode, result.StatusCode)
}
}
func TestAuthorization(t *testing.T) {
t.Log("Starting authorization tests")
baseURL := "http://test"
enf, err := casbin.NewSyncedEnforcer("../../auth_model.ini", "../../testpolicy.csv")
if err != nil {
t.Fatalf("Failed to load policies\n%s", err)
}
cases := []struct {
url string
user string
expectedStatus int
description string
}{
{
url: fmt.Sprintf("%s/%s", baseURL, "repo/url"),
user: "uid:jack",
expectedStatus: 200,
description: "an autorized action should yield a 200",
},
{
url: fmt.Sprintf("%s/%s", baseURL, "repo/url/bar"),
user: "uid:chumba",
expectedStatus: 403,
description: "an unautorized action should yield a 403",
},
}
svcr := &admin.Servicer{
enf,
&admin.ServerRepos{},
}
for _, tc := range cases {
t.Logf("test case: %s", tc.description)
authHandler := Authorization(svcr, junkTestHandler())
recorder := httptest.NewRecorder()
req := httptest.NewRequest(http.MethodGet, tc.url, nil)
ctx := req.Context()
ctx = context.WithValue(ctx, "urn", tc.user)
req = req.WithContext(ctx)
authHandler.ServeHTTP(recorder, req)
result := recorder.Result()
if result.StatusCode != tc.expectedStatus {
t.Fatalf("Test Case failed Expected: %d Found: %d", tc.expectedStatus, result.StatusCode)
}
}
}
|
