func TestIsAllowed(t *testing.T) { router := mux.NewRouter() router.HandleFunc("/oauth2/token", tokenHandler).Methods("POST") router.HandleFunc("/guard/allowed", func(rw http.ResponseWriter, req *http.Request) { if req.Header.Get("Authorization") != "Basic YXBwOmtleQ==" { http.Error(rw, req.Header.Get("Authorization"), http.StatusUnauthorized) return } var p handler.GrantedPayload decoder := json.NewDecoder(req.Body) if err := decoder.Decode(&p); err != nil { t.Logf("Could not decode body %s", err) pkg.HttpError(rw, errors.New(err), http.StatusBadRequest) return } assert.Equal(t, "foo", p.Permission) assert.Equal(t, "bar", p.Token) assert.Equal(t, "res", p.Resource) assert.Equal(t, "foo", p.Context.Owner) pkg.WriteJSON(rw, struct { Allowed bool `json:"allowed"` }{Allowed: true}) }).Methods("POST") ts := httptest.NewServer(router) defer ts.Close() c := New(ts.URL, "app", "key") allowed, err := c.IsAllowed(&AuthorizeRequest{Permission: "foo", Token: "bar", Resource: "res", Context: &operator.Context{Owner: "foo"}}) assert.Nil(t, err, "%s", err) assert.True(t, allowed) }
func TestIsAuthenticated(t *testing.T) { router := mux.NewRouter() called := false router.HandleFunc("/oauth2/token", tokenHandler).Methods("POST") router.HandleFunc("/oauth2/introspect", func(rw http.ResponseWriter, req *http.Request) { if req.Header.Get("Authorization") != "Basic YXBwOmtleQ==" { http.Error(rw, req.Header.Get("Authorization"), http.StatusUnauthorized) return } req.ParseForm() assert.NotEmpty(t, req.Form.Get("token")) pkg.WriteJSON(rw, struct { Active bool `json:"active"` }{Active: true}) called = true }).Methods("POST") ts := httptest.NewServer(router) defer ts.Close() c := New(ts.URL, "app", "key") active, err := c.IsAuthenticated("some.token") assert.Nil(t, err, "%s", err) assert.True(t, active) assert.True(t, called) }
func TestIsRequestAllowed(t *testing.T) { router := mux.NewRouter() router.HandleFunc("/guard/allowed", func(rw http.ResponseWriter, req *http.Request) { if req.Header.Get("Authorization") != "Basic YXBwOmtleQ==" { http.Error(rw, req.Header.Get("Authorization"), http.StatusUnauthorized) return } pkg.WriteJSON(rw, struct { Allowed bool `json:"allowed"` }{Allowed: true}) }).Methods("POST") router.HandleFunc("/oauth2/token", tokenHandler).Methods("POST") ts := httptest.NewServer(router) defer ts.Close() c := New(ts.URL, "app", "key") c.SetClientToken(&oauth2.Token{TokenType: "bearer", AccessToken: "foobar"}) allowed, err := c.IsRequestAllowed(&http.Request{Header: http.Header{"Authorization": []string{"Bearer token"}}}, "", "", "") assert.Nil(t, err) assert.True(t, allowed) }