-
Notifications
You must be signed in to change notification settings - Fork 4
/
rbac_test.go
114 lines (108 loc) · 2.43 KB
/
rbac_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package main
import (
"bytes"
"net/http"
"testing"
"time"
"github.com/gnur/beyondauth/jwt"
)
func getHTTPrequest(token string, headers map[string]string) *http.Request {
buf := new(bytes.Buffer)
r, _ := http.NewRequest("GET", "localhost", buf)
c := http.Cookie{
Name: "x-beyond-auth",
Value: token,
}
r.AddCookie(&c)
for n, v := range headers {
r.Header.Set(n, v)
}
return r
}
func getToken(user, expires string) string {
expireTime, err := time.ParseDuration(expires)
if err != nil {
expireTime = 5 * time.Minute
}
token, _ := jwt.NewToken(user, expireTime)
return token
}
func Test_requestAllowed(t *testing.T) {
var authConfig Conf
loadConfig(&authConfig, "example.toml", true)
type args struct {
rules *Conf
r *http.Request
}
type requestAllowedTest struct {
name string
args args
wantAllowed bool
}
tests := []requestAllowedTest{
requestAllowedTest{
name: "user valid but wrong group",
args: args{
rules: &authConfig,
r: getHTTPrequest(
getToken("test@example.com", "10s"),
map[string]string{
"x-forwarded-for": "1.1.0.12",
"x-forwarded-host": "superprivate.docker.localhost",
},
),
},
wantAllowed: false,
},
requestAllowedTest{
name: "user valid and correct group",
args: args{
rules: &authConfig,
r: getHTTPrequest(
getToken("test@example.com", "10s"),
map[string]string{
"x-forwarded-for": "1.1.1.12",
"x-forwarded-host": "private.docker.localhost",
},
),
},
wantAllowed: true,
},
requestAllowedTest{
name: "valid user with expired token",
args: args{
rules: &authConfig,
r: getHTTPrequest(
getToken("erwin@example.com", "-10s"),
map[string]string{
"x-forwarded-for": "1.1.1.12",
"x-forwarded-host": "private.docker.localhost",
},
),
},
wantAllowed: false,
},
requestAllowedTest{
name: "public domain",
args: args{
rules: &authConfig,
r: getHTTPrequest(
getToken("test@example.com", "-10s"),
map[string]string{
"x-forwarded-for": "1.1.4.12",
"x-forwarded-host": "public.docker.localhost",
},
),
},
wantAllowed: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
gotAllowed, _ := authConfig.requestAllowed(tt.args.r)
if gotAllowed != tt.wantAllowed {
t.Errorf("requestAllowed() gotAllowed = %v, want %v", gotAllowed, tt.wantAllowed)
}
})
}
}