// newAuthenticatorFromBasicAuthFile returns an authenticator.Request or an error func newAuthenticatorFromBasicAuthFile(basicAuthFile string) (authenticator.Request, error) { basicAuthenticator, err := passwordfile.NewCSV(basicAuthFile) if err != nil { return nil, err } return basicauth.New(basicAuthenticator), nil }
// newAuthenticatorFromTokenFile returns an authenticator.Request or an error func newAuthenticatorFromKeystoneURL(keystoneConfigFile string) (authenticator.Request, error) { keystoneAuthenticator, err := keystone.NewKeystoneAuthenticator(keystoneConfigFile) if err != nil { return nil, err } return basicauth.New(keystoneAuthenticator), nil }
func TestKeystoneAuth(t *testing.T) { testCases := map[string]struct { Header string keystoneAuthenticator testKeystoneAuthenticator ExpectedCalled bool ExpectedUsername string ExpectedPassword string ExpectedUser string ExpectedOK bool ExpectedErr bool }{ "no header": { Header: "", }, "non-basic header": { Header: "Bearer foo", }, "empty value basic header": { Header: "Basic", }, "whitespace value basic header": { Header: "Basic ", }, "non base-64 basic header": { Header: "Basic !@#$", ExpectedErr: true, }, "malformed basic header": { Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user_without_password")), ExpectedErr: true, }, "empty password basic header": { Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:")), ExpectedOK: false, }, "valid basic header": { Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1:withcolon")), ExpectedOK: false, ExpectedErr: false, }, "password auth returned user": { Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password1")), ExpectedCalled: true, ExpectedUsername: "******", ExpectedPassword: "******", ExpectedOK: true, }, "password auth returned error": { Header: "Basic " + base64.StdEncoding.EncodeToString([]byte("user1:password2")), ExpectedCalled: true, ExpectedUsername: "******", ExpectedPassword: "******", ExpectedErr: false, ExpectedOK: false, }, } for k, testCase := range testCases { ksAuth := testCase.keystoneAuthenticator auth := basicauth.New(&ksAuth) req, _ := http.NewRequest("GET", "/", nil) if testCase.Header != "" { req.Header.Set("Authorization", testCase.Header) } user, ok, err := auth.AuthenticateRequest(req) if testCase.ExpectedErr && err == nil { t.Errorf("%s: Expected error, got none", k) continue } if !testCase.ExpectedErr && err != nil { t.Errorf("%s: Did not expect error, got err:%v", k, err) continue } if testCase.ExpectedOK != ok { t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectedOK, ok) continue } if testCase.ExpectedOK { if testCase.ExpectedUsername != user.GetName() { t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectedUsername, user.GetName()) continue } } } }