MCPcopy
hub / github.com/crowdsecurity/crowdsec / TestAPIKey

Function TestAPIKey

pkg/apiserver/api_key_test.go:13–99  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

11)
12
13func TestAPIKey(t *testing.T) {
14 ctx := t.Context()
15 router, config := NewAPITest(t, ctx)
16
17 apiKey, _ := CreateTestBouncer(t, ctx, config.API.Server.DbConfig)
18
19 // Login with empty token
20 w := httptest.NewRecorder()
21 req, err := http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader(""))
22 require.NoError(t, err)
23 req.Header.Add("User-Agent", UserAgent)
24 req.RemoteAddr = "127.0.0.1:1234"
25 router.ServeHTTP(w, req)
26
27 assert.Equal(t, http.StatusForbidden, w.Code)
28 assert.JSONEq(t, `{"message":"access forbidden"}`, w.Body.String())
29
30 // Login with invalid token
31 w = httptest.NewRecorder()
32 req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader(""))
33 require.NoError(t, err)
34 req.Header.Add("User-Agent", UserAgent)
35 req.Header.Add("X-Api-Key", "a1b2c3d4e5f6")
36 req.RemoteAddr = "127.0.0.1:1234"
37 router.ServeHTTP(w, req)
38
39 assert.Equal(t, http.StatusForbidden, w.Code)
40 assert.JSONEq(t, `{"message":"access forbidden"}`, w.Body.String())
41
42 // Login with valid token
43 w = httptest.NewRecorder()
44 req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader(""))
45 require.NoError(t, err)
46 req.Header.Add("User-Agent", UserAgent)
47 req.Header.Add("X-Api-Key", apiKey)
48 req.RemoteAddr = "127.0.0.1:1234"
49 router.ServeHTTP(w, req)
50
51 assert.Equal(t, http.StatusOK, w.Code)
52 assert.Equal(t, "null", w.Body.String())
53
54 // Login with valid token from another IP
55 w = httptest.NewRecorder()
56 req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader(""))
57 require.NoError(t, err)
58 req.Header.Add("User-Agent", UserAgent)
59 req.Header.Add("X-Api-Key", apiKey)
60 req.RemoteAddr = "4.3.2.1:1234"
61 router.ServeHTTP(w, req)
62
63 assert.Equal(t, http.StatusOK, w.Code)
64 assert.Equal(t, "null", w.Body.String())
65
66 // Make the requests multiple times to make sure we only create one
67 w = httptest.NewRecorder()
68 req, err = http.NewRequestWithContext(ctx, http.MethodGet, "/v1/decisions", strings.NewReader(""))
69 require.NoError(t, err)
70 req.Header.Add("User-Agent", UserAgent)

Callers

nothing calls this directly

Calls 7

NewAPITestFunction · 0.85
CreateTestBouncerFunction · 0.85
GetBouncersFunction · 0.85
NewReaderMethod · 0.80
AddMethod · 0.45
StringMethod · 0.45
LenMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…