Skip to content
Permalink
Browse files
Fix proxyauth_test and remove it from skipping tests (#4129)
After reverting #4094, bringing this back as a seperate fix.
  • Loading branch information
big-r81 committed Aug 8, 2022
1 parent cfed4bb commit f8dad2fe60b61fb1a5a5917b57cc646de237ba36
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 68 deletions.
@@ -2,10 +2,6 @@
"CookieAuthTest": [
"cookie auth"
],
"ProxyAuthTest": [
"proxy auth with secret",
"proxy auth without secret"
],
"ReaderACLTest": [
"unrestricted db can be read"
],
@@ -4,27 +4,7 @@ defmodule ProxyAuthTest do
@moduletag :authentication

@tag :with_db
test "proxy auth with secret", context do
db_name = context[:db_name]

design_doc = %{
_id: "_design/test",
language: "javascript",
shows: %{
welcome: """
function(doc,req) {
return "Welcome " + req.userCtx["name"];
}
""",
role: """
function(doc, req) {
return req.userCtx['roles'][0];
}
"""
}
}

{:ok, _} = create_doc(db_name, design_doc)
test "proxy auth with secret" do

users_db_name = random_db_name()
create_db(users_db_name)
@@ -38,19 +18,19 @@ defmodule ProxyAuthTest do
:value => users_db_name
},
%{
:section => "couch_httpd_auth",
:section => "chttpd_auth",
:key => "proxy_use_secret",
:value => "true"
},
%{
:section => "couch_httpd_auth",
:section => "chttpd_auth",
:key => "secret",
:value => secret
}
]

run_on_modified_server(server_config, fn ->
test_fun(db_name, users_db_name, secret)
test_fun(users_db_name, secret)
end)
delete_db(users_db_name)
end
@@ -63,15 +43,11 @@ defmodule ProxyAuthTest do
end

defp hex_hmac_sha1(secret, message) do
signature = case :erlang.system_info(:otp_release) do
'20' -> :crypto.hmac(:sha, secret, message)
'21' -> :crypto.hmac(:sha, secret, message)
_ -> :crypto.mac(:hmac, :sha, secret, message)
end
signature = :crypto.mac(:hmac, :sha, secret, message)
Base.encode16(signature, case: :lower)
end

def test_fun(db_name, users_db_name, secret) do
def test_fun(users_db_name, secret) do
user = prepare_user_doc(name: "couch@apache.org", password: "test")
create_doc(users_db_name, user)

@@ -85,38 +61,24 @@ defmodule ProxyAuthTest do

headers = [
"X-Auth-CouchDB-UserName": "couch@apache.org",
"X-Auth-CouchDB-Roles": "test",
"X-Auth-CouchDB-Roles": "test_role",
"X-Auth-CouchDB-Token": hex_hmac_sha1(secret, "couch@apache.org")
]
resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers)
assert resp.body == "Welcome couch@apache.org"

resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers)
assert resp.body == "test"
resp2 =
Couch.get("/_session",
headers: headers
)

assert resp2.body["userCtx"]["name"] == "couch@apache.org"
assert resp2.body["userCtx"]["roles"] == ["test_role"]
assert resp2.body["info"]["authenticated"] == "proxy"
assert resp2.body["ok"] == true

end

@tag :with_db
test "proxy auth without secret", context do
db_name = context[:db_name]

design_doc = %{
_id: "_design/test",
language: "javascript",
shows: %{
welcome: """
function(doc,req) {
return "Welcome " + req.userCtx["name"];
}
""",
role: """
function(doc, req) {
return req.userCtx['roles'][0];
}
"""
}
}

{:ok, _} = create_doc(db_name, design_doc)
test "proxy auth without secret" do

users_db_name = random_db_name()
create_db(users_db_name)
@@ -128,20 +90,20 @@ defmodule ProxyAuthTest do
:value => users_db_name
},
%{
:section => "couch_httpd_auth",
:section => "chttpd_auth",
:key => "proxy_use_secret",
:value => "false"
}
]

run_on_modified_server(server_config, fn ->
test_fun_no_secret(db_name, users_db_name)
test_fun_no_secret(users_db_name)
end)

delete_db(users_db_name)
end

def test_fun_no_secret(db_name, users_db_name) do
def test_fun_no_secret(users_db_name) do
user = prepare_user_doc(name: "couch@apache.org", password: "test")
create_doc(users_db_name, user)

@@ -155,13 +117,18 @@ defmodule ProxyAuthTest do

headers = [
"X-Auth-CouchDB-UserName": "couch@apache.org",
"X-Auth-CouchDB-Roles": "test"
"X-Auth-CouchDB-Roles": "test_role_1,test_role_2"
]

resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers)
assert resp.body == "Welcome couch@apache.org"
resp2 =
Couch.get("/_session",
headers: headers
)

assert resp2.body["userCtx"]["name"] == "couch@apache.org"
assert resp2.body["userCtx"]["roles"] == ["test_role_1", "test_role_2"]
assert resp2.body["info"]["authenticated"] == "proxy"
assert resp2.body["ok"] == true

resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers)
assert resp.body == "test"
end
end

0 comments on commit f8dad2f

Please sign in to comment.