func Test_BasicAuth(t *testing.T) {
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))
h := http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
res.Write([]byte("hello"))
})
m := negroni.New()
m.Use(Basic("foo", "bar"))
m.UseHandler(h)
r, _ := http.NewRequest("GET", "foo", nil)
recorder := httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code != 401 {
t.Error("Response not 401")
}
respBody := recorder.Body.String()
if respBody == "hello" {
t.Error("Auth block failed")
}
recorder = httptest.NewRecorder()
r.Header.Set("Authorization", auth)
m.ServeHTTP(recorder, r)
if recorder.Code == 401 {
t.Error("Response is 401")
}
if recorder.Body.String() != "hello" {
t.Error("Auth failed, got: ", recorder.Body.String())
}
}
func main() {
flag.Usage = usage
flag.Parse()
args := flag.Args()
if len(args) != 5 {
usage()
return
}
if gpgpubkey == nil {
fmt.Fprintf(os.Stderr, "internal error: gpgpubkey is nil")
return
}
if https == nil {
fmt.Fprintf(os.Stderr, "internal error: https is nil")
return
}
if port == nil {
fmt.Fprintf(os.Stderr, "internal error: port is nil")
return
}
serverName = args[0]
directory = args[1]
templatedir = args[2]
username = args[3]
password = args[4]
os.RemoveAll(path.Join(directory, "tmp"))
err := os.MkdirAll(path.Join(directory, "tmp"), 0755)
if err != nil {
fmt.Fprintf(os.Stderr, "%v", err)
return
}
uploads = make(map[int]*upload)
authHandler := auth.Basic(username, password)
r := mux.NewRouter()
r.HandleFunc("/", renderListOfACIs)
r.HandleFunc("/pubkeys.gpg", getPubkeys)
n0 := negroni.New(authHandler)
n0.UseHandler(handler{initiateUpload})
r.Handle("/{image}/startupload", n0)
n1 := negroni.New(authHandler)
n1.UseHandler(handler{uploadManifest})
r.Handle("/manifest/{num}", n1)
n2 := negroni.New(authHandler)
n2.UseHandler(handler{receiveUpload(tmpSigPath, gotSig)})
r.Handle("/signature/{num}", n2)
n3 := negroni.New(authHandler)
n3.UseHandler(handler{receiveUpload(tmpACIPath, gotACI)})
r.Handle("/aci/{num}", n3)
n4 := negroni.New(authHandler)
n4.UseHandler(handler{completeUpload})
r.Handle("/complete/{num}", n4)
n := negroni.New(negroni.NewStatic(http.Dir(directory)),
negroni.NewRecovery(), negroni.NewLogger())
n.UseHandler(r)
n.Run(":" + strconv.Itoa(*port))
}
func Test_CacheBasic(t *testing.T) {
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))
invalidAuth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:barbar"))
hashedPassword, err := Hash("bar")
if err != nil {
t.Error("Hashing password failed")
}
dataStore := &MockDataStore{hashedPassword}
h := http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
res.Write([]byte("hello"))
})
cacheExpireTime := 500 * time.Millisecond
cachePurseTime := 200 * time.Millisecond
m := negroni.New()
m.Use(CacheBasic(dataStore, cacheExpireTime, cachePurseTime))
m.UseHandler(h)
// Test request fails without credential.
r, _ := http.NewRequest("GET", "foo", nil)
recorder := httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code != 401 {
t.Error("Response not 401")
}
respBody := recorder.Body.String()
if respBody == "hello" {
t.Error("Auth block failed")
}
// Test request succeeds with valid credential.
r.Header.Set("Authorization", auth)
recorder = httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code == 401 {
t.Error("Response is 401")
}
if recorder.Body.String() != "hello" {
t.Error("Auth failed, got: ", recorder.Body.String())
}
// Test request fails with invalid credential.
r.Header.Set("Authorization", invalidAuth)
recorder = httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code != 401 {
t.Error("Response not 401")
}
respBody = recorder.Body.String()
if respBody == "hello" {
t.Error("Auth block failed")
}
// Test cache expiration.
// 1. Expect 1st request: succeed
// 2. Change password in data store to empty, wait for cache to expire
// 3. Expect 2nd request: fail
// 4. Change password in data store back to valid password, wait for cache to expire
// 5. Expect 3nd request: success
r.Header.Set("Authorization", auth)
recorder = httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code == 401 {
t.Error("Response is 401")
}
if recorder.Body.String() != "hello" {
t.Error("Auth failed, got: ", recorder.Body.String())
}
dataStore.HashedPassword = nil
time.Sleep(cacheExpireTime)
recorder = httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code != 401 {
t.Error("Response not 401")
}
respBody = recorder.Body.String()
if respBody == "hello" {
t.Error("Auth block failed")
}
dataStore.HashedPassword = hashedPassword
time.Sleep(cacheExpireTime)
recorder = httptest.NewRecorder()
m.ServeHTTP(recorder, r)
if recorder.Code == 401 {
t.Error("Response is 401")
}
if recorder.Body.String() != "hello" {
t.Error("Auth failed, got: ", recorder.Body.String())
}
}
