// newAuthenticatorFromBasicAuthFile returns an authenticator.Request or an error
func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Request, error) {
basicAuthenticator, err := passwordfile.NewCSV(basicAuthFile)
if err != nil {
return nil, err
}
return basicauth.New(basicAuthenticator), nil
}
// newAuthenticatorFromTokenFile returns an authenticator.Request or an error
func newAuthenticatorFromKeystoneURL(keystoneConfigFile string) (authenticator.Request, error) {
keystoneAuthenticator, err := keystone.NewKeystoneAuthenticator(keystoneConfigFile)
if err != nil {
return nil, err
}
return basicauth.New(keystoneAuthenticator), nil
}
func TestKeystoneAuth(t *testing.T) {
testCases := map[string]struct {
Header string
keystoneAuthenticator testKeystoneAuthenticator
ExpectedCalled bool
ExpectedUsername string
ExpectedPassword string
ExpectedUser string
ExpectedOK bool
ExpectedErr bool
}{
"no header": {
Header: "",
},
"non-basic header": {
Header: "Bearer foo",
},
"empty value basic header": {
Header: "Basic",
},
"whitespace value basic header": {
Header: "Basic ",
},
"non base-64 basic header": {
Header: "Basic !@#$",
ExpectedErr: true,
},
"malformed basic header": {
Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user_without_password")),
ExpectedErr: true,
},
"empty password basic header": {
Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:")),
ExpectedOK: false,
},
"valid basic header": {
Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1:withcolon")),
ExpectedOK: false,
ExpectedErr: false,
},
"password auth returned user": {
Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1")),
ExpectedCalled: true,
ExpectedUsername: "******",
ExpectedPassword: "******",
ExpectedOK: true,
},
"password auth returned error": {
Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password2")),
ExpectedCalled: true,
ExpectedUsername: "******",
ExpectedPassword: "******",
ExpectedErr: false,
ExpectedOK: false,
},
}
for k, testCase := range testCases {
ksAuth := testCase.keystoneAuthenticator
auth := basicauth.New(&ksAuth)
req, _ := http.NewRequest("GET", "/", nil)
if testCase.Header != "" {
req.Header.Set("Authorization", testCase.Header)
}
user, ok, err := auth.AuthenticateRequest(req)
if testCase.ExpectedErr && err == nil {
t.Errorf("%s: Expected error, got none", k)
continue
}
if !testCase.ExpectedErr && err != nil {
t.Errorf("%s: Did not expect error, got err:%v", k, err)
continue
}
if testCase.ExpectedOK != ok {
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectedOK, ok)
continue
}
if testCase.ExpectedOK {
if testCase.ExpectedUsername != user.GetName() {
t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectedUsername, user.GetName())
continue
}
}
}
}