...

Source file src/edge-infra.dev/pkg/edge/auth-proxy/handlers/session_user_details_test.go

Documentation: edge-infra.dev/pkg/edge/auth-proxy/handlers 

     1  package handlers
     2  
     3  import (
     4  	"net/http"
     5  	"testing"
     6  	"time"
     7  
     8  	"edge-infra.dev/pkg/edge/auth-proxy/types"
     9  
    10  	"github.com/gin-contrib/sessions"
    11  	"github.com/stretchr/testify/assert"
    12  )
    13  
    14  func setValidSession(session sessions.Session) {
    15  	session.Set(types.SessionExpirationField, time.Now().Add(time.Minute))
    16  	session.Set(types.SessionIDField, "sessionID")
    17  }
    18  
    19  // User details set in the session are expected to be set identically in the incoming request
    20  func TestSessionUserDetailsValid(t *testing.T) {
    21  	tests := map[string]struct {
    22  		req *http.Request
    23  	}{
    24  		"Empty Header": {
    25  			req: &http.Request{
    26  				Header: http.Header{},
    27  			},
    28  		},
    29  		"Overwrite Pre-Written Header Values": {
    30  			req: &http.Request{
    31  				Header: http.Header{
    32  					headerKeyUsername:      []string{"overwrite"},
    33  					headerKeyEmail:         []string{"overwrite"},
    34  					headerKeyRoles:         []string{"overwrite"},
    35  					headerKeyBannerEdgeIDs: []string{"overwrite"},
    36  				},
    37  			},
    38  		},
    39  	}
    40  
    41  	for name, tc := range tests {
    42  		t.Run(name, func(t *testing.T) {
    43  			username := "user"
    44  			email := "email@domain"
    45  			roles := []string{"role1", "role2", "role3"}
    46  			bannerEdgeIDs := []string{"banner1", "banner2", "banner3"}
    47  
    48  			proxyHandler.session.Set(types.SessionUsernameField, username)
    49  			proxyHandler.session.Set(types.SessionEmailField, email)
    50  			proxyHandler.session.Set(types.SessionRolesField, roles)
    51  			proxyHandler.session.Set(types.SessionBannerEdgeIDs, bannerEdgeIDs)
    52  			setValidSession(proxyHandler.session)
    53  
    54  			res, _, err := proxyHandler.SessionUserDetails(tc.req, nil)
    55  			assert.NoError(t, err)
    56  
    57  			assert.Equal(t, username, res.Header.Get(headerKeyUsername))
    58  			assert.Equal(t, email, res.Header.Get(headerKeyEmail))
    59  			assert.Equal(t, roles, res.Header.Values(headerKeyRoles))
    60  			assert.Equal(t, bannerEdgeIDs, res.Header.Values(headerKeyBannerEdgeIDs))
    61  		})
    62  	}
    63  }
    64  
    65  // On any error, no session user details should be set on the incoming request
    66  func TestSessionUserDetailsBad(t *testing.T) {
    67  	tests := map[string]struct {
    68  		key1 interface{}
    69  		key2 interface{}
    70  		key3 interface{}
    71  		val1 interface{}
    72  		val2 interface{}
    73  		val3 interface{}
    74  	}{
    75  		"No Username": {
    76  			key1: types.SessionBannerEdgeIDs,
    77  			val1: []string{"banner1", "banner2", "banner3"},
    78  			key2: types.SessionRolesField,
    79  			val2: []string{"role1", "role2", "role3"},
    80  			key3: types.SessionEmailField,
    81  			val3: "email",
    82  		},
    83  		"No Roles": {
    84  			key1: types.SessionUsernameField,
    85  			val1: "user",
    86  			key2: types.SessionBannerEdgeIDs,
    87  			val2: []string{"banner1", "banner2", "banner3"},
    88  			key3: types.SessionEmailField,
    89  			val3: "email",
    90  		},
    91  		"No Banners": {
    92  			key1: types.SessionUsernameField,
    93  			val1: "user",
    94  			key2: types.SessionRolesField,
    95  			val2: []string{"role1", "role2", "role3"},
    96  			key3: types.SessionEmailField,
    97  			val3: "email",
    98  		},
    99  		"No Email": {
   100  			key1: types.SessionUsernameField,
   101  			val1: "user",
   102  			key2: types.SessionRolesField,
   103  			val2: []string{"role1", "role2", "role3"},
   104  			key3: types.SessionBannerEdgeIDs,
   105  			val3: []string{"banner1", "banner2", "banner3"},
   106  		},
   107  		"No Session Values": {},
   108  	}
   109  
   110  	for name, tc := range tests {
   111  		t.Run(name, func(t *testing.T) {
   112  			proxyHandler.session.Clear()
   113  			proxyHandler.session.Set(tc.key1, tc.val1)
   114  			proxyHandler.session.Set(tc.key2, tc.val2)
   115  			proxyHandler.session.Set(tc.key3, tc.val3)
   116  			setValidSession(proxyHandler.session)
   117  
   118  			req, err := http.NewRequest(http.MethodGet, "", nil)
   119  			assert.NoError(t, err)
   120  			assert.Empty(t, req.Header)
   121  
   122  			req, _, err = proxyHandler.SessionUserDetails(req, nil)
   123  			// We must not return non-nil errors
   124  			assert.NoError(t, err)
   125  			assert.Empty(t, req.Header)
   126  		})
   127  	}
   128  }
   129  
   130  // Empty arrays are treated as not-nil and will not cause an error
   131  func TestSessionUserDetailsEmptyArrays(t *testing.T) {
   132  	proxyHandler.session.Set(types.SessionUsernameField, "username")
   133  	proxyHandler.session.Set(types.SessionEmailField, "email@domain")
   134  	proxyHandler.session.Set(types.SessionRolesField, []string{})
   135  	proxyHandler.session.Set(types.SessionBannerEdgeIDs, []string{})
   136  	setValidSession(proxyHandler.session)
   137  
   138  	req, err := http.NewRequest(http.MethodGet, "", nil)
   139  	assert.NoError(t, err)
   140  	_, _, err = proxyHandler.SessionUserDetails(req, nil)
   141  	assert.NoError(t, err)
   142  }
   143  
   144  // If the initial valid session check returns false, return with error
   145  func TestSessionUserDetailsInvalidSession(t *testing.T) {
   146  	tests := map[string]struct {
   147  		req *http.Request
   148  	}{
   149  		"Empty Header": {
   150  			req: &http.Request{
   151  				Header: http.Header{},
   152  			},
   153  		},
   154  		"With Injected Headers": {
   155  			req: &http.Request{
   156  				Header: http.Header{
   157  					headerKeyUsername:      []string{"overwrite"},
   158  					headerKeyEmail:         []string{"overwrite"},
   159  					headerKeyRoles:         []string{"overwrite"},
   160  					headerKeyBannerEdgeIDs: []string{"overwrite"},
   161  				},
   162  			},
   163  		},
   164  	}
   165  
   166  	for name, tc := range tests {
   167  		t.Run(name, func(t *testing.T) {
   168  			proxyHandler.session.Clear()
   169  
   170  			req, _, err := proxyHandler.SessionUserDetails(tc.req, nil)
   171  			// We must not return non-nil errors
   172  			assert.NoError(t, err)
   173  			assert.Empty(t, req.Header)
   174  		})
   175  	}
   176  }
   177  

View as plain text