servauth_test.go 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. package servauth_test
  2. import (
  3. "fmt"
  4. "io"
  5. "net/http"
  6. "net/http/httptest"
  7. "testing"
  8. . "github.com/onsi/ginkgo"
  9. . "github.com/onsi/gomega"
  10. "github.com/vladimirok5959/golang-utils/utils/http/servauth"
  11. )
  12. var _ = Describe("servauth", func() {
  13. Context("BasicAuth", func() {
  14. var srv *httptest.Server
  15. var client *http.Client
  16. var getTestHandler = func() http.HandlerFunc {
  17. return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  18. if _, err := w.Write([]byte("Index")); err != nil {
  19. fmt.Printf("%s\n", err.Error())
  20. }
  21. })
  22. }
  23. BeforeEach(func() {
  24. srv = httptest.NewServer(servauth.BasicAuth(getTestHandler(), "user", "pass", "msg"))
  25. client = srv.Client()
  26. })
  27. AfterEach(func() {
  28. srv.Close()
  29. })
  30. It("request credentials", func() {
  31. resp, err := client.Get(srv.URL + "/")
  32. Expect(err).To(Succeed())
  33. defer resp.Body.Close()
  34. Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized))
  35. Expect(resp.Header["Www-Authenticate"]).To(Equal([]string{`Basic realm="msg"`}))
  36. body, err := io.ReadAll(resp.Body)
  37. Expect(err).To(Succeed())
  38. Expect(string(body)).To(Equal("Unauthorised\n"))
  39. })
  40. It("show with correct credentials", func() {
  41. req, err := http.NewRequest("GET", srv.URL+"/", nil)
  42. Expect(err).To(Succeed())
  43. req.SetBasicAuth("user", "pass")
  44. resp, err := client.Do(req)
  45. Expect(err).To(Succeed())
  46. defer resp.Body.Close()
  47. Expect(resp.StatusCode).To(Equal(http.StatusOK))
  48. body, err := io.ReadAll(resp.Body)
  49. Expect(err).To(Succeed())
  50. Expect(string(body)).To(Equal("Index"))
  51. })
  52. It("request credentials with default message", func() {
  53. srv.Close()
  54. srv = httptest.NewServer(servauth.BasicAuth(getTestHandler(), "user", "pass", ""))
  55. client = srv.Client()
  56. resp, err := client.Get(srv.URL + "/")
  57. Expect(err).To(Succeed())
  58. defer resp.Body.Close()
  59. Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized))
  60. Expect(resp.Header["Www-Authenticate"]).To(Equal([]string{`Basic realm="Please enter username and password"`}))
  61. body, err := io.ReadAll(resp.Body)
  62. Expect(err).To(Succeed())
  63. Expect(string(body)).To(Equal("Unauthorised\n"))
  64. })
  65. It("don't request credentials on empty username", func() {
  66. srv.Close()
  67. srv = httptest.NewServer(servauth.BasicAuth(getTestHandler(), "", "", ""))
  68. client = srv.Client()
  69. resp, err := client.Get(srv.URL + "/")
  70. Expect(err).To(Succeed())
  71. defer resp.Body.Close()
  72. Expect(resp.StatusCode).To(Equal(http.StatusOK))
  73. body, err := io.ReadAll(resp.Body)
  74. Expect(err).To(Succeed())
  75. Expect(string(body)).To(Equal("Index"))
  76. })
  77. It("request credentials on not empty username but empty password", func() {
  78. srv.Close()
  79. srv = httptest.NewServer(servauth.BasicAuth(getTestHandler(), "user", "", "msg"))
  80. client = srv.Client()
  81. resp, err := client.Get(srv.URL + "/")
  82. Expect(err).To(Succeed())
  83. defer resp.Body.Close()
  84. Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized))
  85. Expect(resp.Header["Www-Authenticate"]).To(Equal([]string{`Basic realm="msg"`}))
  86. body, err := io.ReadAll(resp.Body)
  87. Expect(err).To(Succeed())
  88. Expect(string(body)).To(Equal("Unauthorised\n"))
  89. })
  90. It("block requests to 30 seconds on 5 times wrong entered credentials", func() {
  91. req, err := http.NewRequest("GET", srv.URL+"/", nil)
  92. Expect(err).To(Succeed())
  93. req.SetBasicAuth("user", "wrong")
  94. for i := 1; i <= 5; i++ {
  95. resp, err := client.Do(req)
  96. Expect(err).To(Succeed())
  97. Expect(resp.Body.Close())
  98. Expect(resp.StatusCode).To(Equal(http.StatusUnauthorized))
  99. Expect(resp.Header.Get("Retry-After")).To(Equal(""))
  100. }
  101. resp, err := client.Do(req)
  102. Expect(err).To(Succeed())
  103. defer resp.Body.Close()
  104. Expect(resp.StatusCode).To(Equal(http.StatusTooManyRequests))
  105. Expect(resp.Header.Get("Retry-After")).To(Equal("30"))
  106. body, err := io.ReadAll(resp.Body)
  107. Expect(err).To(Succeed())
  108. Expect(string(body)).To(Equal("Too Many Requests\n"))
  109. })
  110. })
  111. })
  112. func TestSuite(t *testing.T) {
  113. RegisterFailHandler(Fail)
  114. RunSpecs(t, "servauth")
  115. }