1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: Apache-2.0
14 check "gopkg.in/check.v1"
17 // Gocheck boilerplate
18 func Test(t *testing.T) {
22 var _ = check.Suite(&HandlersSuite{})
24 type HandlersSuite struct {
26 gotCredentials *Credentials
29 func (s *HandlersSuite) SetUpTest(c *check.C) {
31 s.gotCredentials = nil
34 func (s *HandlersSuite) TestLoadToken(c *check.C) {
35 handler := LoadToken(s)
36 handler.ServeHTTP(httptest.NewRecorder(), httptest.NewRequest("GET", "/foo/bar?api_token=xyzzy", nil))
37 c.Check(s.gotCredentials.Tokens, check.DeepEquals, []string{"xyzzy"})
40 // Ignore leading and trailing spaces, newlines, etc. in case a user
41 // has added them inadvertently during copy/paste.
42 func (s *HandlersSuite) TestTrimSpaceInQuery(c *check.C) {
43 handler := LoadToken(s)
44 handler.ServeHTTP(httptest.NewRecorder(), httptest.NewRequest("GET", "/foo/bar?api_token=%20xyzzy%0a", nil))
45 c.Check(s.gotCredentials.Tokens, check.DeepEquals, []string{"xyzzy"})
47 func (s *HandlersSuite) TestTrimSpaceInPostForm(c *check.C) {
48 handler := LoadToken(s)
49 req := httptest.NewRequest("POST", "/foo/bar", strings.NewReader(url.Values{"api_token": []string{"\nxyzzy\n"}}.Encode()))
50 req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
51 handler.ServeHTTP(httptest.NewRecorder(), req)
52 c.Check(s.gotCredentials.Tokens, check.DeepEquals, []string{"xyzzy"})
54 func (s *HandlersSuite) TestTrimSpaceInCookie(c *check.C) {
55 handler := LoadToken(s)
56 req := httptest.NewRequest("GET", "/foo/bar", nil)
57 req.AddCookie(&http.Cookie{Name: "arvados_api_token", Value: EncodeTokenCookie([]byte("\vxyzzy\n"))})
58 handler.ServeHTTP(httptest.NewRecorder(), req)
59 c.Check(s.gotCredentials.Tokens, check.DeepEquals, []string{"xyzzy"})
61 func (s *HandlersSuite) TestTrimSpaceInBasicAuth(c *check.C) {
62 handler := LoadToken(s)
63 req := httptest.NewRequest("GET", "/foo/bar", nil)
64 req.SetBasicAuth("username", "\txyzzy\n")
65 handler.ServeHTTP(httptest.NewRecorder(), req)
66 c.Check(s.gotCredentials.Tokens, check.DeepEquals, []string{"xyzzy"})
69 func (s *HandlersSuite) TestRequireLiteralTokenEmpty(c *check.C) {
70 handler := RequireLiteralToken("", s)
72 w := httptest.NewRecorder()
73 handler.ServeHTTP(w, httptest.NewRequest("GET", "/foo/bar?api_token=abcdef", nil))
74 c.Check(s.served, check.Equals, 1)
75 c.Check(w.Code, check.Equals, http.StatusOK)
77 w = httptest.NewRecorder()
78 handler.ServeHTTP(w, httptest.NewRequest("GET", "/foo/bar", nil))
79 c.Check(s.served, check.Equals, 2)
80 c.Check(w.Code, check.Equals, http.StatusOK)
83 func (s *HandlersSuite) TestRequireLiteralToken(c *check.C) {
84 handler := RequireLiteralToken("xyzzy", s)
86 w := httptest.NewRecorder()
87 handler.ServeHTTP(w, httptest.NewRequest("GET", "/foo/bar?api_token=abcdef", nil))
88 c.Check(s.served, check.Equals, 0)
89 c.Check(w.Code, check.Equals, http.StatusForbidden)
91 w = httptest.NewRecorder()
92 handler.ServeHTTP(w, httptest.NewRequest("GET", "/foo/bar", nil))
93 c.Check(s.served, check.Equals, 0)
94 c.Check(w.Code, check.Equals, http.StatusUnauthorized)
96 w = httptest.NewRecorder()
97 handler.ServeHTTP(w, httptest.NewRequest("GET", "/foo/bar?api_token=xyzzy", nil))
98 c.Check(s.served, check.Equals, 1)
99 c.Check(w.Code, check.Equals, http.StatusOK)
100 c.Assert(s.gotCredentials, check.NotNil)
101 c.Assert(s.gotCredentials.Tokens, check.HasLen, 1)
102 c.Check(s.gotCredentials.Tokens[0], check.Equals, "xyzzy")
105 func (s *HandlersSuite) ServeHTTP(w http.ResponseWriter, r *http.Request) {
107 s.gotCredentials = CredentialsFromRequest(r)
108 s.gotCredentials.LoadTokensFromHTTPRequestBody(r)
projects / arvados.git / blob