(t *testing.T)
| 10 | ) |
| 11 | |
| 12 | func TestCheckRouteAuthByRequest(t *testing.T) { |
| 13 | rc := &RouteConfig{ |
| 14 | Username: "alice", |
| 15 | Password: "secret", |
| 16 | } |
| 17 | |
| 18 | t.Run("accepts nil route config", func(t *testing.T) { |
| 19 | req := httptest.NewRequest("GET", "/", nil) |
| 20 | require.True(t, checkRouteAuthByRequest(req, nil)) |
| 21 | }) |
| 22 | |
| 23 | t.Run("accepts route without credentials", func(t *testing.T) { |
| 24 | req := httptest.NewRequest("GET", "/", nil) |
| 25 | require.True(t, checkRouteAuthByRequest(req, &RouteConfig{})) |
| 26 | }) |
| 27 | |
| 28 | t.Run("accepts authorization header", func(t *testing.T) { |
| 29 | req := httptest.NewRequest("GET", "/", nil) |
| 30 | req.SetBasicAuth("alice", "secret") |
| 31 | require.True(t, checkRouteAuthByRequest(req, rc)) |
| 32 | }) |
| 33 | |
| 34 | t.Run("accepts proxy authorization header", func(t *testing.T) { |
| 35 | req := httptest.NewRequest("GET", "http://target.example.com/", nil) |
| 36 | req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "secret")) |
| 37 | require.True(t, checkRouteAuthByRequest(req, rc)) |
| 38 | }) |
| 39 | |
| 40 | t.Run("rejects authorization fallback for proxy request", func(t *testing.T) { |
| 41 | req := httptest.NewRequest("GET", "http://target.example.com/", nil) |
| 42 | req.SetBasicAuth("alice", "secret") |
| 43 | require.False(t, checkRouteAuthByRequest(req, rc)) |
| 44 | }) |
| 45 | |
| 46 | t.Run("rejects wrong proxy authorization even when authorization matches", func(t *testing.T) { |
| 47 | req := httptest.NewRequest("GET", "http://target.example.com/", nil) |
| 48 | req.SetBasicAuth("alice", "secret") |
| 49 | req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "wrong")) |
| 50 | require.False(t, checkRouteAuthByRequest(req, rc)) |
| 51 | }) |
| 52 | |
| 53 | t.Run("rejects when neither header matches", func(t *testing.T) { |
| 54 | req := httptest.NewRequest("GET", "http://target.example.com/", nil) |
| 55 | req.SetBasicAuth("alice", "wrong") |
| 56 | req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "wrong")) |
| 57 | require.False(t, checkRouteAuthByRequest(req, rc)) |
| 58 | }) |
| 59 | |
| 60 | t.Run("rejects proxy authorization on direct request", func(t *testing.T) { |
| 61 | req := httptest.NewRequest("GET", "/", nil) |
| 62 | req.Header.Set("Proxy-Authorization", httppkg.BasicAuth("alice", "secret")) |
| 63 | require.False(t, checkRouteAuthByRequest(req, rc)) |
| 64 | }) |
| 65 | } |
| 66 | |
| 67 | func TestGetRequestRouteUser(t *testing.T) { |
| 68 | t.Run("proxy request uses proxy authorization username", func(t *testing.T) { |
nothing calls this directly
no test coverage detected
searching dependent graphs…