From 7bc1305cb4a5f0de769d0c357328174e071a144a Mon Sep 17 00:00:00 2001 From: David Christofas Date: Tue, 9 Aug 2022 15:32:35 +0200 Subject: [PATCH] add tests for the basic auth middleware --- .../proxy/pkg/middleware/basic_auth_test.go | 68 +++++++++++++++++++ .../pkg/middleware/middleware_suite_test.go | 13 ++++ .../proxy/pkg/middleware/oidc_auth_test.go | 36 ++++------ 3 files changed, 95 insertions(+), 22 deletions(-) create mode 100644 services/proxy/pkg/middleware/basic_auth_test.go create mode 100644 services/proxy/pkg/middleware/middleware_suite_test.go diff --git a/services/proxy/pkg/middleware/basic_auth_test.go b/services/proxy/pkg/middleware/basic_auth_test.go new file mode 100644 index 0000000000..fcc2e6f3ce --- /dev/null +++ b/services/proxy/pkg/middleware/basic_auth_test.go @@ -0,0 +1,68 @@ +package middleware + +import ( + "context" + "net/http" + "net/http/httptest" + + userv1beta1 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" + . "github.com/onsi/ginkgo/v2" + + . "github.com/onsi/gomega" + "github.com/owncloud/ocis/v2/ocis-pkg/log" + "github.com/owncloud/ocis/v2/ocis-pkg/oidc" + "github.com/owncloud/ocis/v2/services/proxy/pkg/user/backend" + "github.com/owncloud/ocis/v2/services/proxy/pkg/user/backend/test" +) + +var _ = Describe("Authenticating requests", Label("BasicAuthenticator"), func() { + var authenticator Authenticator + BeforeEach(func() { + authenticator = BasicAuthenticator{ + Logger: log.NewLogger(), + UserProvider: &test.UserBackendMock{ + AuthenticateFunc: func(ctx context.Context, username, password string) (*userv1beta1.User, string, error) { + var user *userv1beta1.User + if username == "testuser" && password == "testpassword" { + user = &userv1beta1.User{ + Id: &userv1beta1.UserId{ + Idp: "IdpId", + OpaqueId: "OpaqueId", + }, + Username: "testuser", + Mail: "testuser@example.com", + } + return user, "", nil + } + return nil, "", backend.ErrAccountNotFound + }, + }, + } + }) + + When("the request contains correct data", func() { + It("should successfully authenticate", func() { + req := httptest.NewRequest(http.MethodGet, "http://example.com/example/path", http.NoBody) + req.SetBasicAuth("testuser", "testpassword") + + req2, valid := authenticator.Authenticate(req) + + Expect(valid).To(Equal(true)) + Expect(req2).ToNot(BeNil()) + }) + It("adds claims to the request context", func() { + req := httptest.NewRequest(http.MethodGet, "http://example.com/example/path", http.NoBody) + req.SetBasicAuth("testuser", "testpassword") + + req2, valid := authenticator.Authenticate(req) + Expect(valid).To(Equal(true)) + + claims := oidc.FromContext(req2.Context()) + Expect(claims).ToNot(BeNil()) + Expect(claims[oidc.Iss]).To(Equal("IdpId")) + Expect(claims[oidc.PreferredUsername]).To(Equal("testuser")) + Expect(claims[oidc.Email]).To(Equal("testuser@example.com")) + Expect(claims[oidc.OwncloudUUID]).To(Equal("OpaqueId")) + }) + }) +}) diff --git a/services/proxy/pkg/middleware/middleware_suite_test.go b/services/proxy/pkg/middleware/middleware_suite_test.go new file mode 100644 index 0000000000..09e4e11360 --- /dev/null +++ b/services/proxy/pkg/middleware/middleware_suite_test.go @@ -0,0 +1,13 @@ +package middleware_test + +import ( + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestMiddleware(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Middleware Suite") +} diff --git a/services/proxy/pkg/middleware/oidc_auth_test.go b/services/proxy/pkg/middleware/oidc_auth_test.go index 6b7e97bceb..93612e3c48 100644 --- a/services/proxy/pkg/middleware/oidc_auth_test.go +++ b/services/proxy/pkg/middleware/oidc_auth_test.go @@ -5,35 +5,27 @@ import ( "fmt" "net/http" "net/http/httptest" - "testing" "github.com/coreos/go-oidc/v3/oidc" - "github.com/owncloud/ocis/v2/ocis-pkg/log" - "github.com/owncloud/ocis/v2/services/proxy/pkg/config" + . "github.com/onsi/ginkgo/v2" "golang.org/x/oauth2" ) -func TestOIDCAuthMiddleware(t *testing.T) { - next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) +var _ = Describe("Test OIDC Authenticator", func() { + It("should authenticate requests", func() { + m := OIDCAuthenticator{ + ProviderFunc: func() (OIDCProvider, error) { return mockOP(false), nil }, + } - m := OIDCAuth( - Logger(log.NewLogger()), - OIDCProviderFunc(func() (OIDCProvider, error) { - return mockOP(false), nil - }), - OIDCIss("https://localhost:9200"), - AccessTokenVerifyMethod(config.AccessTokenVerificationNone), - )(next) + r := httptest.NewRequest(http.MethodGet, "https://idp.example.com", nil) + r.Header.Set("Authorization", "Bearer sometoken") - r := httptest.NewRequest(http.MethodGet, "https://idp.example.com", nil) - r.Header.Set("Authorization", "Bearer sometoken") - w := httptest.NewRecorder() - m.ServeHTTP(w, r) - - if w.Code != http.StatusInternalServerError { - t.Errorf("expected an internal server error") - } -} + _, ok := m.Authenticate(r) + if ok { + Fail("expected an internal server error") + } + }) +}) type mockOIDCProvider struct { UserInfoFunc func(ctx context.Context, ts oauth2.TokenSource) (*oidc.UserInfo, error)