forked from TykTechnologies/tyk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mw_basic_auth_test.go
87 lines (71 loc) · 3.08 KB
/
mw_basic_auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package main
import (
"encoding/base64"
"fmt"
"strings"
"testing"
"github.com/TykTechnologies/tyk/test"
"github.com/TykTechnologies/tyk/user"
)
func genAuthHeader(username, password string) string {
toEncode := strings.Join([]string{username, password}, ":")
encodedPass := base64.StdEncoding.EncodeToString([]byte(toEncode))
return fmt.Sprintf("Basic %s", encodedPass)
}
func testPrepareBasicAuth() *user.SessionState {
session := createStandardSession()
session.BasicAuthData.Password = "password"
session.AccessRights = map[string]user.AccessDefinition{"test": {APIID: "test", Versions: []string{"v1"}}}
buildAndLoadAPI(func(spec *APISpec) {
spec.UseBasicAuth = true
spec.UseKeylessAccess = false
spec.Proxy.ListenPath = "/"
spec.OrgID = "default"
})
return session
}
func TestBasicAuth(t *testing.T) {
ts := newTykTestServer()
defer ts.Close()
session := testPrepareBasicAuth()
validPassword := map[string]string{"Authorization": genAuthHeader("user", "password")}
wrongPassword := map[string]string{"Authorization": genAuthHeader("user", "wrong")}
wrongFormat := map[string]string{"Authorization": genAuthHeader("user", "password:more")}
malformed := map[string]string{"Authorization": "not base64"}
ts.Run(t, []test.TestCase{
// Create base auth based key
{Method: "POST", Path: "/tyk/keys/defaultuser", Data: session, AdminAuth: true, Code: 200},
{Method: "GET", Path: "/", Code: 401, BodyMatch: `Authorization field missing`},
{Method: "GET", Path: "/", Headers: validPassword, Code: 200},
{Method: "GET", Path: "/", Headers: wrongPassword, Code: 401},
{Method: "GET", Path: "/", Headers: wrongFormat, Code: 400, BodyMatch: `Attempted access with malformed header, values not in basic auth format`},
{Method: "GET", Path: "/", Headers: malformed, Code: 400, BodyMatch: `Attempted access with malformed header, auth data not encoded correctly`},
}...)
}
func BenchmarkBasicAuth(b *testing.B) {
b.ReportAllocs()
ts := newTykTestServer()
defer ts.Close()
session := testPrepareBasicAuth()
validPassword := map[string]string{"Authorization": genAuthHeader("user", "password")}
wrongPassword := map[string]string{"Authorization": genAuthHeader("user", "wrong")}
wrongFormat := map[string]string{"Authorization": genAuthHeader("user", "password:more")}
malformed := map[string]string{"Authorization": "not base64"}
// Create base auth based key
ts.Run(b, test.TestCase{
Method: "POST",
Path: "/tyk/keys/defaultuser",
Data: session,
AdminAuth: true,
Code: 200,
})
for i := 0; i < b.N; i++ {
ts.Run(b, []test.TestCase{
{Method: "GET", Path: "/", Code: 401, BodyMatch: `Authorization field missing`},
{Method: "GET", Path: "/", Headers: validPassword, Code: 200},
{Method: "GET", Path: "/", Headers: wrongPassword, Code: 401},
{Method: "GET", Path: "/", Headers: wrongFormat, Code: 400, BodyMatch: `Attempted access with malformed header, values not in basic auth format`},
{Method: "GET", Path: "/", Headers: malformed, Code: 400, BodyMatch: `Attempted access with malformed header, auth data not encoded correctly`},
}...)
}
}