MCPcopy
hub / github.com/ipfs/kubo / TestRPCAuth

Function TestRPCAuth

test/cli/rpc_auth_test.go:16–285  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

14const rpcDeniedMsg = "Kubo RPC Access Denied: Please provide a valid authorization token as defined in the API.Authorizations configuration."
15
16func TestRPCAuth(t *testing.T) {
17 t.Parallel()
18
19 makeAndStartProtectedNode := func(t *testing.T, authorizations map[string]*config.RPCAuthScope) *harness.Node {
20 authorizations["test-node-starter"] = &config.RPCAuthScope{
21 AuthSecret: "bearer:test-node-starter",
22 AllowedPaths: []string{"/api/v0"},
23 }
24
25 node := harness.NewT(t).NewNode().Init()
26 node.UpdateConfig(func(cfg *config.Config) {
27 cfg.API.Authorizations = authorizations
28 })
29 node.StartDaemonWithAuthorization("Bearer test-node-starter")
30 return node
31 }
32
33 makeHTTPTest := func(authSecret, header string) func(t *testing.T) {
34 return func(t *testing.T) {
35 t.Parallel()
36 t.Log(authSecret, header)
37
38 node := makeAndStartProtectedNode(t, map[string]*config.RPCAuthScope{
39 "userA": {
40 AuthSecret: authSecret,
41 AllowedPaths: []string{"/api/v0/id"},
42 },
43 })
44
45 apiClient := node.APIClient()
46 apiClient.Client = &http.Client{
47 Transport: auth.NewAuthorizedRoundTripper(header, http.DefaultTransport),
48 }
49
50 // Can access /id with valid token
51 resp := apiClient.Post("/api/v0/id", nil)
52 assert.Equal(t, 200, resp.StatusCode)
53
54 // But not /config/show
55 resp = apiClient.Post("/api/v0/config/show", nil)
56 assert.Equal(t, 403, resp.StatusCode)
57
58 // create client which sends invalid access token
59 invalidApiClient := node.APIClient()
60 invalidApiClient.Client = &http.Client{
61 Transport: auth.NewAuthorizedRoundTripper("Bearer invalid", http.DefaultTransport),
62 }
63
64 // Can't access /id with invalid token
65 errResp := invalidApiClient.Post("/api/v0/id", nil)
66 assert.Equal(t, 403, errResp.StatusCode)
67
68 node.StopDaemon()
69 }
70 }
71
72 makeCLITest := func(authSecret string) func(t *testing.T) {
73 return func(t *testing.T) {

Callers

nothing calls this directly

Calls 15

NewTFunction · 0.92
NewNodeMethod · 0.80
UpdateConfigMethod · 0.80
LogMethod · 0.80
APIClientMethod · 0.80
PostMethod · 0.80
StopDaemonMethod · 0.80
RunIPFSMethod · 0.80
RunMethod · 0.80
StartDaemonMethod · 0.80

Tested by

no test coverage detected