From 17a4e65f082601baaf1560722a24f55a42ff7918 Mon Sep 17 00:00:00 2001 From: David Christofas Date: Tue, 9 Aug 2022 16:50:05 +0200 Subject: [PATCH] add tests for the public share auth middleware --- .../proxy/pkg/middleware/public_share_auth.go | 6 +- .../pkg/middleware/public_share_auth_test.go | 78 +++++++++++++++++++ 2 files changed, 81 insertions(+), 3 deletions(-) create mode 100644 services/proxy/pkg/middleware/public_share_auth_test.go diff --git a/services/proxy/pkg/middleware/public_share_auth.go b/services/proxy/pkg/middleware/public_share_auth.go index 795063d5d0..b32f9ed147 100644 --- a/services/proxy/pkg/middleware/public_share_auth.go +++ b/services/proxy/pkg/middleware/public_share_auth.go @@ -9,7 +9,7 @@ import ( ) const ( - headerRevaAccessToken = "x-access-token" + _headerRevaAccessToken = "x-access-token" headerShareToken = "public-token" basicAuthPasswordPrefix = "password|" authenticationType = "publicshares" @@ -74,11 +74,11 @@ func (a PublicShareAuthenticator) Authenticate(r *http.Request) (*http.Request, return nil, false } - r.Header.Add(headerRevaAccessToken, authResp.Token) + r.Header.Add(_headerRevaAccessToken, authResp.Token) a.Logger.Debug(). Str("authenticator", "public_share"). Str("path", r.URL.Path). Msg("successfully authenticated request") - return r, false + return r, true } diff --git a/services/proxy/pkg/middleware/public_share_auth_test.go b/services/proxy/pkg/middleware/public_share_auth_test.go new file mode 100644 index 0000000000..98637988bd --- /dev/null +++ b/services/proxy/pkg/middleware/public_share_auth_test.go @@ -0,0 +1,78 @@ +package middleware + +import ( + "context" + "net/http" + "net/http/httptest" + + gatewayv1beta1 "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1" + rpcv1beta1 "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/owncloud/ocis/v2/ocis-pkg/log" + "google.golang.org/grpc" +) + +var _ = Describe("Authenticating requests", Label("PublicShareAuthenticator"), func() { + var authenticator Authenticator + BeforeEach(func() { + authenticator = PublicShareAuthenticator{ + Logger: log.NewLogger(), + RevaGatewayClient: mockGatewayClient{ + AuthenticateFunc: func(authType, clientID, clientSecret string) (string, rpcv1beta1.Code) { + if authType != "publicshares" { + return "", rpcv1beta1.Code_CODE_NOT_FOUND + } + + if clientID == "sharetoken" && (clientSecret == "password|examples3cr3t" || clientSecret == "signature|examplesignature|exampleexpiration") { + return "exampletoken", rpcv1beta1.Code_CODE_OK + } + + return "", rpcv1beta1.Code_CODE_NOT_FOUND + }, + }, + } + }) + When("the request contains correct data", func() { + Context("using password authentication", func() { + It("should successfully authenticate", func() { + req := httptest.NewRequest(http.MethodGet, "http://example.com/dav/public-files/?public-token=sharetoken", http.NoBody) + req.SetBasicAuth("public", "examples3cr3t") + + req2, valid := authenticator.Authenticate(req) + + Expect(valid).To(Equal(true)) + Expect(req2).ToNot(BeNil()) + + h := req2.Header + Expect(h.Get(_headerRevaAccessToken)).To(Equal("exampletoken")) + }) + }) + Context("using signature authentication", func() { + It("should successfully authenticate", func() { + req := httptest.NewRequest(http.MethodGet, "http://example.com/dav/public-files/?public-token=sharetoken&signature=examplesignature&expiration=exampleexpiration", http.NoBody) + + req2, valid := authenticator.Authenticate(req) + + Expect(valid).To(Equal(true)) + Expect(req2).ToNot(BeNil()) + + h := req2.Header + Expect(h.Get(_headerRevaAccessToken)).To(Equal("exampletoken")) + }) + }) + }) +}) + +type mockGatewayClient struct { + gatewayv1beta1.GatewayAPIClient + AuthenticateFunc func(authType, clientID, clientSecret string) (string, rpcv1beta1.Code) +} + +func (c mockGatewayClient) Authenticate(ctx context.Context, in *gatewayv1beta1.AuthenticateRequest, opts ...grpc.CallOption) (*gatewayv1beta1.AuthenticateResponse, error) { + token, code := c.AuthenticateFunc(in.GetType(), in.GetClientId(), in.GetClientSecret()) + return &gatewayv1beta1.AuthenticateResponse{ + Status: &rpcv1beta1.Status{Code: code}, + Token: token, + }, nil +}