mirror of
https://github.com/openfaas/faas.git
synced 2025-06-10 09:16:48 +00:00
6beca8f59b
Fixes issue found in e2e testing where the headers were not being passed to the basic-auth-plugin. This change makes sure the upstream check gets all headers copied in before making the call. Tested with negative unit tests before writing fix. Signed-off-by: Alex Ellis <alexellis2@gmail.com>
165 lines
4.5 KiB
Go
165 lines
4.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func Test_External_Auth_Wrapper_FailsInvalidAuth(t *testing.T) {
|
|
|
|
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusForbidden)
|
|
}))
|
|
defer s.Close()
|
|
|
|
next := func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
}
|
|
|
|
passBody := false
|
|
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
rr := httptest.NewRecorder()
|
|
handler(rr, req)
|
|
|
|
if rr.Code == http.StatusOK {
|
|
t.Errorf("Status incorrect, did not want: %d, but got %d", http.StatusOK, rr.Code)
|
|
}
|
|
}
|
|
|
|
func Test_External_Auth_Wrapper_PassesValidAuth(t *testing.T) {
|
|
|
|
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
defer s.Close()
|
|
|
|
next := func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
}
|
|
|
|
passBody := false
|
|
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
rr := httptest.NewRecorder()
|
|
handler(rr, req)
|
|
want := http.StatusNotImplemented
|
|
if rr.Code != want {
|
|
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
|
|
}
|
|
}
|
|
|
|
func Test_External_Auth_Wrapper_WithoutRequiredHeaderFailsAuth(t *testing.T) {
|
|
wantToken := "secret-key"
|
|
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Header.Get("X-Token") == wantToken {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
}))
|
|
defer s.Close()
|
|
|
|
next := func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
}
|
|
|
|
passBody := false
|
|
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
|
|
// use an invalid token
|
|
req.Header.Set("X-Token", "invalid-key")
|
|
|
|
rr := httptest.NewRecorder()
|
|
handler(rr, req)
|
|
want := http.StatusUnauthorized
|
|
if rr.Code != want {
|
|
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
|
|
}
|
|
}
|
|
|
|
func Test_External_Auth_Wrapper_WithRequiredHeaderPassesValidAuth(t *testing.T) {
|
|
wantToken := "secret-key"
|
|
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Header.Get("X-Token") == wantToken {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
}))
|
|
defer s.Close()
|
|
|
|
next := func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
}
|
|
|
|
passBody := false
|
|
handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
req.Header.Set("X-Token", wantToken)
|
|
|
|
rr := httptest.NewRecorder()
|
|
handler(rr, req)
|
|
want := http.StatusNotImplemented
|
|
if rr.Code != want {
|
|
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
|
|
}
|
|
}
|
|
|
|
func Test_External_Auth_Wrapper_TimeoutGivesInternalServerError(t *testing.T) {
|
|
|
|
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
time.Sleep(50 * time.Millisecond)
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
defer s.Close()
|
|
|
|
next := func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
}
|
|
|
|
passBody := false
|
|
handler := MakeExternalAuthHandler(next, time.Millisecond*10, s.URL, passBody)
|
|
|
|
req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
rr := httptest.NewRecorder()
|
|
handler(rr, req)
|
|
|
|
want := http.StatusInternalServerError
|
|
if rr.Code != want {
|
|
t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
|
|
}
|
|
}
|
|
|
|
// // Test_External_Auth_Wrapper_PassesValidAuthButOnly200IsValid this test exists
|
|
// // to document the TODO action to consider all "2xx" statuses as valid.
|
|
// func Test_External_Auth_Wrapper_PassesValidAuthButOnly200IsValid(t *testing.T) {
|
|
|
|
// s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// w.WriteHeader(http.StatusAccepted)
|
|
// }))
|
|
// defer s.Close()
|
|
|
|
// next := func(w http.ResponseWriter, r *http.Request) {
|
|
// w.WriteHeader(http.StatusNotImplemented)
|
|
// }
|
|
|
|
// passBody := false
|
|
// handler := MakeExternalAuthHandler(next, time.Second*5, s.URL, passBody)
|
|
|
|
// req := httptest.NewRequest(http.MethodGet, s.URL, nil)
|
|
// rr := httptest.NewRecorder()
|
|
// handler(rr, req)
|
|
// want := http.StatusUnauthorized
|
|
// if rr.Code != want {
|
|
// t.Errorf("Status incorrect, want: %d, but got %d", want, rr.Code)
|
|
// }
|
|
// }
|