MCPcopy Index your code
hub / github.com/syncthing/syncthing / TestHtmlFormLogin

Function TestHtmlFormLogin

lib/api/api_test.go:841–981  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

839}
840
841func TestHtmlFormLogin(t *testing.T) {
842 t.Parallel()
843
844 cfg := newMockedConfig()
845 cfg.GUIReturns(config.GUIConfiguration{
846 User: "üser",
847 Password: "$2a$10$IdIZTxTg/dCNuNEGlmLynOjqg4B1FvDKuIV5e0BB3pnWVHNb8.GSq", // bcrypt of "räksmörgås" in UTF-8
848 SendBasicAuthPrompt: false,
849 })
850 baseURL := startHTTP(t, cfg)
851
852 loginUrl := baseURL + "/rest/noauth/auth/password"
853 resourceUrl := baseURL + "/meta.js"
854 resourceUrl404 := baseURL + "/any-path/that/does/nooooooot/match-any/noauth-pattern"
855
856 performLogin := func(username string, password string) *http.Response {
857 t.Helper()
858 return httpPost(loginUrl, map[string]string{"username": username, "password": password}, nil, t)
859 }
860
861 performResourceRequest := func(url string, cookies []*http.Cookie) *http.Response {
862 t.Helper()
863 return httpGet(url, "", "", "", "", cookies, t)
864 }
865
866 testNoAuthPath := func(noAuthPath string) {
867 t.Run("auth is not needed for "+noAuthPath, func(t *testing.T) {
868 t.Parallel()
869 resp := httpGet(baseURL+noAuthPath, "", "", "", "", nil, t)
870 if resp.StatusCode != http.StatusOK {
871 t.Errorf("Unexpected non-200 return code %d at %s", resp.StatusCode, noAuthPath)
872 }
873 if hasSessionCookie(resp.Cookies()) {
874 t.Errorf("Unexpected session cookie at %s", noAuthPath)
875 }
876 })
877 }
878 testNoAuthPath("/index.html")
879 testNoAuthPath("/rest/svc/lang")
880
881 t.Run("incorrect password is rejected with 403", func(t *testing.T) {
882 t.Parallel()
883 resp := performLogin("üser", "rksmrgs") // string literals in Go source code are in UTF-8
884 if resp.StatusCode != http.StatusForbidden {
885 t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode)
886 }
887 if hasSessionCookie(resp.Cookies()) {
888 t.Errorf("Unexpected session cookie for incorrect password")
889 }
890 resp = performResourceRequest(resourceUrl, resp.Cookies())
891 if resp.StatusCode != http.StatusForbidden {
892 t.Errorf("Unexpected non-403 return code %d for incorrect password", resp.StatusCode)
893 }
894 })
895
896 t.Run("incorrect username is rejected with 403", func(t *testing.T) {
897 t.Parallel()
898 resp := performLogin("user", "räksmörgås") // string literals in Go source code are in UTF-8

Callers

nothing calls this directly

Calls 9

newMockedConfigFunction · 0.85
startHTTPFunction · 0.85
httpPostFunction · 0.85
httpGetFunction · 0.85
hasSessionCookieFunction · 0.85
hasDeleteSessionCookieFunction · 0.85
GUIReturnsMethod · 0.80
HelperMethod · 0.80
RunMethod · 0.45

Tested by

no test coverage detected