(t *testing.T)
| 571 | } |
| 572 | |
| 573 | func TestHTTPLogin(t *testing.T) { |
| 574 | // This test intentionally does not use t.Parallel() |
| 575 | |
| 576 | httpGetBasicAuth := func(url string, username string, password string) *http.Response { |
| 577 | t.Helper() |
| 578 | return httpGet(url, username, password, "", "", nil, t) |
| 579 | } |
| 580 | |
| 581 | httpGetXapikey := func(url string, xapikeyHeader string) *http.Response { |
| 582 | t.Helper() |
| 583 | return httpGet(url, "", "", xapikeyHeader, "", nil, t) |
| 584 | } |
| 585 | |
| 586 | httpGetAuthorizationBearer := func(url string, bearer string) *http.Response { |
| 587 | t.Helper() |
| 588 | return httpGet(url, "", "", "", bearer, nil, t) |
| 589 | } |
| 590 | |
| 591 | testWith := func(sendBasicAuthPrompt bool, expectedOkStatus int, expectedFailStatus int, path string) { |
| 592 | cfg := newMockedConfig() |
| 593 | cfg.GUIReturns(config.GUIConfiguration{ |
| 594 | User: "üser", |
| 595 | Password: "$2a$10$IdIZTxTg/dCNuNEGlmLynOjqg4B1FvDKuIV5e0BB3pnWVHNb8.GSq", // bcrypt of "räksmörgås" in UTF-8 |
| 596 | RawAddress: "127.0.0.1:0", |
| 597 | APIKey: testAPIKey, |
| 598 | SendBasicAuthPrompt: sendBasicAuthPrompt, |
| 599 | }) |
| 600 | baseURL := startHTTP(t, cfg) |
| 601 | url := baseURL + path |
| 602 | |
| 603 | t.Run(fmt.Sprintf("%d path", expectedOkStatus), func(t *testing.T) { |
| 604 | t.Run("no auth is rejected", func(t *testing.T) { |
| 605 | resp := httpGetBasicAuth(url, "", "") |
| 606 | if resp.StatusCode != expectedFailStatus { |
| 607 | t.Errorf("Unexpected non-%d return code %d for unauthed request", expectedFailStatus, resp.StatusCode) |
| 608 | } |
| 609 | if hasSessionCookie(resp.Cookies()) { |
| 610 | t.Errorf("Unexpected session cookie for unauthed request") |
| 611 | } |
| 612 | }) |
| 613 | |
| 614 | t.Run("incorrect password is rejected", func(t *testing.T) { |
| 615 | resp := httpGetBasicAuth(url, "üser", "rksmrgs") |
| 616 | if resp.StatusCode != expectedFailStatus { |
| 617 | t.Errorf("Unexpected non-%d return code %d for incorrect password", expectedFailStatus, resp.StatusCode) |
| 618 | } |
| 619 | if hasSessionCookie(resp.Cookies()) { |
| 620 | t.Errorf("Unexpected session cookie for incorrect password") |
| 621 | } |
| 622 | }) |
| 623 | |
| 624 | t.Run("incorrect username is rejected", func(t *testing.T) { |
| 625 | resp := httpGetBasicAuth(url, "user", "räksmörgås") // string literals in Go source code are in UTF-8 |
| 626 | if resp.StatusCode != expectedFailStatus { |
| 627 | t.Errorf("Unexpected non-%d return code %d for incorrect username", expectedFailStatus, resp.StatusCode) |
| 628 | } |
| 629 | if hasSessionCookie(resp.Cookies()) { |
| 630 | t.Errorf("Unexpected session cookie for incorrect username") |
nothing calls this directly
no test coverage detected