...

Source file src/github.com/go-openapi/runtime/middleware/security_test.go

Documentation: github.com/go-openapi/runtime/middleware 

     1  // Copyright 2015 go-swagger maintainers
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //    http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package middleware
    16  
    17  import (
    18  	stdcontext "context"
    19  	"net/http"
    20  	"net/http/httptest"
    21  	"testing"
    22  
    23  	"github.com/stretchr/testify/assert"
    24  	"github.com/stretchr/testify/require"
    25  
    26  	"github.com/go-openapi/runtime/internal/testing/petstore"
    27  )
    28  
    29  func TestSecurityMiddleware(t *testing.T) {
    30  	spec, api := petstore.NewAPI(t)
    31  	context := NewContext(spec, api, nil)
    32  	context.router = DefaultRouter(spec, context.api)
    33  	mw := newSecureAPI(context, http.HandlerFunc(terminator))
    34  
    35  	t.Run("without auth", func(t *testing.T) {
    36  		recorder := httptest.NewRecorder()
    37  		request, err := http.NewRequestWithContext(stdcontext.Background(), http.MethodGet, "/api/pets", nil)
    38  		require.NoError(t, err)
    39  
    40  		mw.ServeHTTP(recorder, request)
    41  		assert.Equal(t, http.StatusUnauthorized, recorder.Code)
    42  	})
    43  
    44  	t.Run("with wrong password", func(t *testing.T) {
    45  		recorder := httptest.NewRecorder()
    46  		request, err := http.NewRequestWithContext(stdcontext.Background(), http.MethodGet, "/api/pets", nil)
    47  		require.NoError(t, err)
    48  		request.SetBasicAuth("admin", "wrong")
    49  
    50  		mw.ServeHTTP(recorder, request)
    51  		assert.Equal(t, http.StatusUnauthorized, recorder.Code)
    52  		assert.NotEmpty(t, recorder.Header().Get("WWW-Authenticate"))
    53  	})
    54  
    55  	t.Run("with correct password", func(t *testing.T) {
    56  		recorder := httptest.NewRecorder()
    57  		request, err := http.NewRequestWithContext(stdcontext.Background(), http.MethodGet, "/api/pets", nil)
    58  		require.NoError(t, err)
    59  		request.SetBasicAuth("admin", "admin")
    60  
    61  		mw.ServeHTTP(recorder, request)
    62  		assert.Equal(t, http.StatusOK, recorder.Code)
    63  	})
    64  
    65  	t.Run("with unauthenticated path", func(t *testing.T) {
    66  		recorder := httptest.NewRecorder()
    67  		request, err := http.NewRequestWithContext(stdcontext.Background(), http.MethodGet, "//apipets/1", nil)
    68  		require.NoError(t, err)
    69  
    70  		mw.ServeHTTP(recorder, request)
    71  		assert.Equal(t, http.StatusOK, recorder.Code)
    72  	})
    73  }
    74  

View as plain text