(t *testing.T)
| 839 | } |
| 840 | |
| 841 | func TestHtmlFormLogin(t *testing.T) { |
| 842 | t.Parallel() |
| 843 | |
| 844 | cfg := newMockedConfig() |
| 845 | cfg.GUIReturns(config.GUIConfiguration{ |
| 846 | User: "üser", |
| 847 | Password: "$2a$10$IdIZTxTg/dCNuNEGlmLynOjqg4B1FvDKuIV5e0BB3pnWVHNb8.GSq", // bcrypt of "räksmörgås" in UTF-8 |
| 848 | SendBasicAuthPrompt: false, |
| 849 | }) |
| 850 | baseURL := startHTTP(t, cfg) |
| 851 | |
| 852 | loginUrl := baseURL + "/rest/noauth/auth/password" |
| 853 | resourceUrl := baseURL + "/meta.js" |
| 854 | resourceUrl404 := baseURL + "/any-path/that/does/nooooooot/match-any/noauth-pattern" |
| 855 | |
| 856 | performLogin := func(username string, password string) *http.Response { |
| 857 | t.Helper() |
| 858 | return httpPost(loginUrl, map[string]string{"username": username, "password": password}, nil, t) |
| 859 | } |
| 860 | |
| 861 | performResourceRequest := func(url string, cookies []*http.Cookie) *http.Response { |
| 862 | t.Helper() |
| 863 | return httpGet(url, "", "", "", "", cookies, t) |
| 864 | } |
| 865 | |
| 866 | testNoAuthPath := func(noAuthPath string) { |
| 867 | t.Run("auth is not needed for "+noAuthPath, func(t *testing.T) { |
| 868 | t.Parallel() |
| 869 | resp := httpGet(baseURL+noAuthPath, "", "", "", "", nil, t) |
| 870 | if resp.StatusCode != http.StatusOK { |
| 871 | t.Errorf("Unexpected non-200 return code %d at %s", resp.StatusCode, noAuthPath) |
| 872 | } |
| 873 | if hasSessionCookie(resp.Cookies()) { |
| 874 | t.Errorf("Unexpected session cookie at %s", noAuthPath) |
| 875 | } |
| 876 | }) |
| 877 | } |
| 878 | testNoAuthPath("/index.html") |
| 879 | testNoAuthPath("/rest/svc/lang") |
| 880 | |
| 881 | t.Run("incorrect password is rejected with 403", func(t *testing.T) { |
| 882 | t.Parallel() |
| 883 | resp := performLogin("üser", "rksmrgs") // string literals in Go source code are in UTF-8 |
| 884 | if resp.StatusCode != http.StatusForbidden { |
| 885 | t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode) |
| 886 | } |
| 887 | if hasSessionCookie(resp.Cookies()) { |
| 888 | t.Errorf("Unexpected session cookie for incorrect password") |
| 889 | } |
| 890 | resp = performResourceRequest(resourceUrl, resp.Cookies()) |
| 891 | if resp.StatusCode != http.StatusForbidden { |
| 892 | t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode) |
| 893 | } |
| 894 | }) |
| 895 | |
| 896 | t.Run("incorrect username is rejected with 403", func(t *testing.T) { |
| 897 | t.Parallel() |
| 898 | resp := performLogin("user", "räksmörgås") // string literals in Go source code are in UTF-8 |
nothing calls this directly
no test coverage detected