faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-12 18:26:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pass headers when using external auth

Browse Source 
Fixes issue found in e2e testing where the headers were not
being passed to the basic-auth-plugin. This change makes sure
the upstream check gets all headers copied in before making
the call.

Tested with negative unit tests before writing fix.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis 2019-06-07 09:37:03 +01:00
parent 8fe40406fa
commit 6beca8f59b
2 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gateway/handlers/external_auth.go
View File

@ -11,6 +11,8 @@ func MakeExternalAuthHandler(next http.HandlerFunc, upstreamTimeout time.Duratio
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
req, _ := http.NewRequest(http.MethodGet, upstreamURL, nil) req, _ := http.NewRequest(http.MethodGet, upstreamURL, nil)
copyHeaders(req.Header, &r.Header)
deadlineContext, cancel := context.WithTimeout( deadlineContext, cancel := context.WithTimeout(
context.Background(), context.Background(),
upstreamTimeout) upstreamTimeout)

60
gateway/handlers/external_auth_test.go
View File

@ -53,6 +53,66 @@ func Test_External_Auth_Wrapper_PassesValidAuth(t *testing.T) {
} }
} }
func Test_External_Auth_Wrapper_WithoutRequiredHeaderFailsAuth(t *testing.T) {
wantToken := "secret-key"
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("X-Token") == wantToken {
w.WriteHeader(http.StatusOK)
return
}
w.WriteHeader(http.StatusUnauthorized)
}))
defer s.Close()
next := func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotImplemented)
}
passBody := false
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
// use an invalid token
req.Header.Set("X-Token", "invalid-key")
rr := httptest.NewRecorder()
handler(rr, req)
want := http.StatusUnauthorized
if rr.Code != want {
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
}
}
func Test_External_Auth_Wrapper_WithRequiredHeaderPassesValidAuth(t *testing.T) {
wantToken := "secret-key"
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("X-Token") == wantToken {
w.WriteHeader(http.StatusOK)
return
}
w.WriteHeader(http.StatusUnauthorized)
}))
defer s.Close()
next := func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotImplemented)
}
passBody := false
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
req.Header.Set("X-Token", wantToken)
rr := httptest.NewRecorder()
handler(rr, req)
want := http.StatusNotImplemented
if rr.Code != want {
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
}
}
func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) { func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) {
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {