Example #1
0
// newAuthenticatorFromBasicAuthFile returns an authenticator.Request or an error
func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Request, error) {
	basicAuthenticator, err := passwordfile.NewCSV(basicAuthFile)
	if err != nil {
		return nil, err
	}

	return basicauth.New(basicAuthenticator), nil
}
Example #2
0
// newAuthenticatorFromTokenFile returns an authenticator.Request or an error
func newAuthenticatorFromKeystoneURL(keystoneConfigFile string) (authenticator.Request, error) {
	keystoneAuthenticator, err := keystone.NewKeystoneAuthenticator(keystoneConfigFile)
	if err != nil {
		return nil, err
	}

	return basicauth.New(keystoneAuthenticator), nil
}
Example #3
0
func getTestBasicAuth() authenticator.Request {
	passwordAuthenticator := passwordtest.New()
	passwordAuthenticator.Users[UserAdmin] = &user.DefaultInfo{Name: UserAdmin, Password: "******"}
	passwordAuthenticator.Users[UserTest] = &user.DefaultInfo{Name: UserTest, Password: "******"}
	return basicauth.New(passwordAuthenticator)
}
Example #4
0
func TestKeystoneAuth(t *testing.T) {

	testCases := map[string]struct {
		Header                string
		keystoneAuthenticator testKeystoneAuthenticator

		ExpectedCalled   bool
		ExpectedUsername string
		ExpectedPassword string

		ExpectedUser string
		ExpectedOK   bool
		ExpectedErr  bool
	}{
		"no header": {
			Header: "",
		},
		"non-basic header": {
			Header: "Bearer foo",
		},
		"empty value basic header": {
			Header: "Basic",
		},
		"whitespace value basic header": {
			Header: "Basic  ",
		},
		"non base-64 basic header": {
			Header:      "Basic !@#$",
			ExpectedErr: true,
		},
		"malformed basic header": {
			Header:      "Basic " + base64.StdEncoding.EncodeToString([]byte("user_without_password")),
			ExpectedErr: true,
		},
		"empty password basic header": {
			Header:     "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:")),
			ExpectedOK: false,
		},
		"valid basic header": {
			Header:      "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1:withcolon")),
			ExpectedOK:  false,
			ExpectedErr: false,
		},
		"password auth returned user": {
			Header:           "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1")),
			ExpectedCalled:   true,
			ExpectedUsername: "******",
			ExpectedPassword: "******",
			ExpectedOK:       true,
		},
		"password auth returned error": {
			Header:           "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password2")),
			ExpectedCalled:   true,
			ExpectedUsername: "******",
			ExpectedPassword: "******",
			ExpectedErr:      false,
			ExpectedOK:       false,
		},
	}

	for k, testCase := range testCases {

		ksAuth := testCase.keystoneAuthenticator

		auth := basicauth.New(&ksAuth)

		req, _ := http.NewRequest("GET", "/", nil)
		if testCase.Header != "" {
			req.Header.Set("Authorization", testCase.Header)
		}

		user, ok, err := auth.AuthenticateRequest(req)

		if testCase.ExpectedErr && err == nil {
			t.Errorf("%s: Expected error, got none", k)
			continue
		}
		if !testCase.ExpectedErr && err != nil {
			t.Errorf("%s: Did not expect error, got err:%v", k, err)
			continue
		}
		if testCase.ExpectedOK != ok {
			t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectedOK, ok)
			continue
		}

		if testCase.ExpectedOK {
			if testCase.ExpectedUsername != user.GetName() {
				t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectedUsername, user.GetName())
				continue
			}
		}
	}
}