func TestServiceToken(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
case "/auth/tokens":
if r.Method == "POST" {
_, _ = ioutil.ReadAll(r.Body)
defer r.Body.Close()
w.Header().Set("X-Subject-Token", "servicetoken")
w.Write([]byte(`{
"token": {
"methods": [
"password"
],
"expires_at": "2016-11-06T15:32:17.893769Z",
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "423f19a4ac1e4f48bbb4180756e6eb6c",
"name": "admin"
},
"audit_ids": [
"ZzZwkUflQfygX7pdYDBCQQ"
],
"issued_at": "2015-11-06T14:32:17.893797Z"
}
}`))
} else if r.Method == "GET" {
if r.Header.Get("X-Auth-Token") != "servicetoken" {
t.Errorf("Expected 'X-Auth-Token' == %q; got %q", "servicetoken", r.Header.Get("X-Auth-Token"))
}
if r.Header.Get("X-Subject-Token") != "usertoken" &&
r.Header.Get("X-Subject-Token") != "myservicetoken" {
t.Errorf("Expected 'X-Subject-Token' == usertoken or myservicetoken; got %q", r.Header.Get("X-Subject-Token"))
}
w.Header().Set("X-Auth-Token", "servicetoken")
w.Header().Set("X-Subject-Token", r.Header.Get("X-Subject-Token"))
w.Write([]byte(`{
"token": {
"methods": [
"token"
],
"expires_at": "2016-11-05T22:00:11.000000Z",
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "10a2e6e717a245d9acad3e5f97aeca3d",
"name": "testuser"
},
"audit_ids": [
"mAjXQhiYRyKwkB4qygdLVg"
],
"issued_at": "2015-11-05T21:00:33.819948Z"
}
}`))
} else {
t.Errorf("Expected method GET or POST; got %q", r.Method)
}
default:
t.Errorf("Invalid path %q", r.URL.Path)
}
}))
defer ts.Close()
// Create a middleware and app, test whether the middleware will be able to
// auto handle service token retrieval and authentication for us.
opts := Opts{
AuthMethod: "password",
Username: "******",
Password: "******",
UserDomainId: "default",
Client: keystoneclient.Opts{
AuthUrl: ts.URL,
},
DelayAuthDecision: true,
TokenCacheTime: time.Duration(300) * time.Second,
}
authToken := NewAuthToken(&opts)
handler := router.MiddlewareHandlerChain(router.ContextHandlerFunc(appServiceToken), authToken)
ts_service := httptest.NewServer(
//wrap handler into an http handler, also insert t into ctx
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := context.Background()
ctx = context.WithValue(ctx, "test", t)
handler(ctx, w, r)
}))
defer ts_service.Close()
// create a client and request to ts_service
client := &http.Client{}
req, _ := http.NewRequest("GET", ts_service.URL, nil)
req.Header.Add("X-Auth-Token", "usertoken")
req.Header.Add("X-Service-Token", "myservicetoken")
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
if string(body) != "Test success!" {
t.Errorf("Response error, should be Test Success!, got: %v", body)
}
}
func TestUserTokenNodelay(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.URL.Path {
case "/auth/tokens":
if r.Method == "POST" {
_, _ = ioutil.ReadAll(r.Body)
defer r.Body.Close()
w.Header().Set("X-Subject-Token", "servicetoken")
w.Write([]byte(`{
"token": {
"methods": [
"password"
],
"expires_at": "2016-11-06T15:32:17.893769Z",
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "423f19a4ac1e4f48bbb4180756e6eb6c",
"name": "admin"
},
"audit_ids": [
"ZzZwkUflQfygX7pdYDBCQQ"
],
"issued_at": "2015-11-06T14:32:17.893797Z"
}
}`))
} else if r.Method == "GET" {
if r.Header.Get("X-Auth-Token") != "servicetoken" {
t.Errorf("Expected 'X-Auth-Token' == %q; got %q", "servicetoken", r.Header.Get("X-Auth-Token"))
}
if r.Header.Get("X-Subject-Token") != "usertoken" {
t.Errorf("Expected 'X-Subject-Token' == %q; got %q", "usertoken", r.Header.Get("X-Subject-Token"))
}
//return invalid user!
w.WriteHeader(http.StatusNotFound)
} else {
t.Errorf("Expected method GET or POST; got %q", r.Method)
}
default:
t.Errorf("Invalid path %q", r.URL.Path)
}
}))
defer ts.Close()
// Create a middleware and app, test whether the middleware will be able to
// auto handle service token retrieval and authentication for us.
opts := Opts{
AuthMethod: "password",
Username: "******",
Password: "******",
UserDomainId: "default",
Client: keystoneclient.Opts{
AuthUrl: ts.URL,
},
DelayAuthDecision: false,
TokenCacheTime: time.Duration(300) * time.Second,
}
authToken := NewAuthToken(&opts)
handler := router.MiddlewareHandlerChain(router.ContextHandlerFunc(appUserTokenNodelay), authToken)
ts_service := httptest.NewServer(
//wrap handler into an http handler, also insert t into ctx
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := context.Background()
ctx = context.WithValue(ctx, "test", t)
handler(ctx, w, r)
}))
defer ts_service.Close()
// create a client and request to ts_service
client := &http.Client{}
req, _ := http.NewRequest("GET", ts_service.URL, nil)
req.Header.Add("X-Auth-Token", "usertoken")
resp, _ := client.Do(req)
defer resp.Body.Close()
//because delay cache decision is false, we will get "WWW-Authenticate"
if resp.Header.Get("WWW-Authenticate") != ts.URL {
t.Errorf("Response error, should be %v, got: %v", ts.URL, resp.Header.Get("WWW-Authenticate"))
}
}