From 724489d2a44b5977883d19c40abc109ec26ee151 Mon Sep 17 00:00:00 2001 From: Marc Ole Bulling Date: Thu, 2 Dec 2021 16:05:21 +0100 Subject: [PATCH] Minor changes, added tests --- docs/advanced.rst | 3 ++- internal/environment/Environment_test.go | 6 ++++++ internal/webserver/Webserver.go | 16 ++++++++-------- internal/webserver/api/Api.go | 4 ++-- internal/webserver/api/Api_test.go | 14 ++++++++++++++ 5 files changed, 32 insertions(+), 11 deletions(-) diff --git a/docs/advanced.rst b/docs/advanced.rst index d6576f1..fd5ef29 100644 --- a/docs/advanced.rst +++ b/docs/advanced.rst @@ -118,8 +118,9 @@ All values that are described in :ref:`cloudstorage` can be passed as environmen +-----------------------+-------------------------+ +******************************** External Authentication ------------------------- +******************************** In order to use external authentication (eg. services like Authelia or Authentik), set the environment variable ``GOKAPI_DISABLE_LOGIN`` to ``true`` on the first start. *Warning:* This will diasable authentication for the admin menu, which can be dangerous if not set up correctly! diff --git a/internal/environment/Environment_test.go b/internal/environment/Environment_test.go index c494d50..d6e4798 100644 --- a/internal/environment/Environment_test.go +++ b/internal/environment/Environment_test.go @@ -48,3 +48,9 @@ func TestIsAwsProvided(t *testing.T) { env = New() test.IsEqualBool(t, env.IsAwsProvided(), true) } + +func TestToBool(t *testing.T) { + test.IsEqualBool(t, ToBool(IsTrue), true) + test.IsEqualBool(t, ToBool(IsFalse), false) + test.IsEqualBool(t, ToBool("invalid"), false) +} diff --git a/internal/webserver/Webserver.go b/internal/webserver/Webserver.go index 770d2e5..3aac759 100644 --- a/internal/webserver/Webserver.go +++ b/internal/webserver/Webserver.go @@ -172,7 +172,7 @@ func forgotPassword(w http.ResponseWriter, r *http.Request) { // If user is authenticated, this menu lists all uploads and enables uploading new files func showApiAdmin(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) - if !isAuthenticated(w, r, false) { + if !isAuthenticatedOrRedirect(w, r, false) { return } err := templateFolder.ExecuteTemplate(w, "api", (&UploadView{}).convertGlobalConfig(false)) @@ -182,7 +182,7 @@ func showApiAdmin(w http.ResponseWriter, r *http.Request) { // Handling of /apiNew func newApiKey(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) - if !isAuthenticated(w, r, false) { + if !isAuthenticatedOrRedirect(w, r, false) { return } api.NewKey() @@ -192,7 +192,7 @@ func newApiKey(w http.ResponseWriter, r *http.Request) { // Handling of /apiDelete func deleteApiKey(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) - if !isAuthenticated(w, r, false) { + if !isAuthenticatedOrRedirect(w, r, false) { return } keys, ok := r.URL.Query()["id"] @@ -305,7 +305,7 @@ func showHotlink(w http.ResponseWriter, r *http.Request) { // User needs to be admin. Deletes the requested file func deleteFile(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) - if !isAuthenticated(w, r, false) { + if !isAuthenticatedOrRedirect(w, r, false) { return } keyId := queryUrl(w, r, "admin") @@ -332,7 +332,7 @@ func queryUrl(w http.ResponseWriter, r *http.Request, redirectUrl string) string // If user is authenticated, this menu lists all uploads and enables uploading new files func showAdminMenu(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) - if !isAuthenticated(w, r, false) { + if !isAuthenticatedOrRedirect(w, r, false) { return } err := templateFolder.ExecuteTemplate(w, "admin", (&UploadView{}).convertGlobalConfig(true)) @@ -419,7 +419,7 @@ func (u *UploadView) convertGlobalConfig(isMainView bool) *UploadView { func uploadFile(w http.ResponseWriter, r *http.Request) { addNoCacheHeader(w) w.Header().Set("Content-Type", "application/json; charset=UTF-8") - if !isAuthenticated(w, r, true) { + if !isAuthenticatedOrRedirect(w, r, true) { return } err := fileupload.Process(w, r, true, webserverMaxMemory) @@ -452,8 +452,8 @@ func downloadFile(w http.ResponseWriter, r *http.Request) { storage.ServeFile(savedFile, w, r, true) } -// Checks if the user is logged in as an admin. -func isAuthenticated(w http.ResponseWriter, r *http.Request, isUpload bool) bool { +// Checks if the user is logged in as an admin. Redirects to login page if not authenticated +func isAuthenticatedOrRedirect(w http.ResponseWriter, r *http.Request, isUpload bool) bool { if configuration.IsLoginDisabled() { return true } diff --git a/internal/webserver/api/Api.go b/internal/webserver/api/Api.go index e96348d..01383f7 100644 --- a/internal/webserver/api/Api.go +++ b/internal/webserver/api/Api.go @@ -21,7 +21,7 @@ func Process(w http.ResponseWriter, r *http.Request, maxMemory int) { w.Header().Set("cache-control", "no-store") w.Header().Set("Content-Type", "application/json; charset=UTF-8") request := parseRequest(r) - if !isAuthorised(w, request) { + if !isAuthorisedForApi(w, request) { return } switch request.requestUrl { @@ -132,7 +132,7 @@ func isValidKey(key string, modifyTime bool) bool { return false } -func isAuthorised(w http.ResponseWriter, request apiRequest) bool { +func isAuthorisedForApi(w http.ResponseWriter, request apiRequest) bool { if isValidKey(request.apiKey, true) || sessionmanager.IsValidSession(w, request.request) { return true } diff --git a/internal/webserver/api/Api_test.go b/internal/webserver/api/Api_test.go index 741bd07..7634b91 100644 --- a/internal/webserver/api/Api_test.go +++ b/internal/webserver/api/Api_test.go @@ -80,6 +80,20 @@ func TestProcess(t *testing.T) { test.ResponseBodyContains(t, w, "Invalid request") } + +func TestAuthDisabledLogin(t *testing.T) { + w, r := getRecorder("GET", "/api/auth/friendlyname", nil, nil, nil) + Process(w, r, maxMemory) + test.ResponseBodyContains(t, w, "{\"Result\":\"error\",\"ErrorMessage\":\"Unauthorized\"}") + settings := configuration.GetServerSettings() + settings.DisableLogin = true + configuration.Release() + w, r = getRecorder("GET", "/api/auth/friendlyname", nil, nil, nil) + Process(w, r, maxMemory) + test.ResponseBodyContains(t, w, "{\"Result\":\"error\",\"ErrorMessage\":\"Unauthorized\"}") + settings.DisableLogin = false +} + func TestChangeFriendlyName(t *testing.T) { settings := configuration.GetServerSettings() configuration.Release()