;; ;; Copyright (c) Two Sigma Open Source, LLC ;; ;; Licensed under the Apache License, Version 2.0 (the "License"); ;; you may not use this file except in compliance with the License. ;; You may obtain a copy of the License at ;; ;; http://www.apache.org/licenses/LICENSE-2.0 ;; ;; Unless required by applicable law or agreed to in writing, software ;; distributed under the License is distributed on an "AS IS" BASIS, ;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ;; See the License for the specific language governing permissions and ;; limitations under the License. ;; (ns waiter.auth.basic-test (:require [clojure.test :refer :all] [ring.middleware.basic-authentication :as basic-authentication] [waiter.auth.authentication :as auth] [waiter.auth.basic :refer :all] [waiter.test-helpers :refer :all] [waiter.util.utils :as utils]) (:import (waiter.auth.basic BasicAuthenticator))) (def ^:const encode-base64 #'basic-authentication/encode-base64) (deftest test-auth-handler (with-redefs [auth/handle-request-auth (fn [handler request method principal password] (is (= "test-password" password)) (-> (handler request) (assoc ::auth-method method ::auth-principal principal))) utils/data->error-response (fn [data-map _] data-map)] (let [config {:password "test-password" :validate-credentials-factory 'waiter.auth.basic/allow-waiter-users-factory} authenticator (basic-authenticator config) handler (fn [{:keys [source]}] {:source source})] (testing "missing authorization and host header" (let [request {:source ::standard-request} auth-handler (auth/wrap-auth-handler authenticator handler) response (auth-handler request)] (is (= {:headers {"www-authenticate" "Basic"}, :message "Missing credentials", :status 401} response)))) (testing "missing authorization header" (let [request {:headers {"host" "www.example.com"} :source ::standard-request} auth-handler (auth/wrap-auth-handler authenticator handler) response (auth-handler request)] (is (= {:headers {"www-authenticate" "Basic realm=\"www.example.com\""}, :message "Missing credentials", :status 401} response)))) (testing "non-basic authorization header" (let [request {:headers {"authorization" "Negotiate abcdefgh" "host" "www.example.com"} :source ::standard-request} auth-handler (auth/wrap-auth-handler authenticator handler) response (auth-handler request)] (is (= {:headers {"www-authenticate" "Basic realm=\"www.example.com\""}, :message "Missing credentials", :status 401} response)))) (testing "invalid authorization header" (let [request {:headers {"authorization" (str "Basic " (encode-base64 "user:w8r")) "host" "www.example.com"} :source ::standard-request} auth-handler (auth/wrap-auth-handler authenticator handler) response (auth-handler request)] (is (= {:message "Invalid credentials", :status 403} response)))) (testing "valid authorization header" (let [request {:headers {"authorization" (str "Basic " (encode-base64 "user@test.com:waiter")) "host" "www.example.com"} :source ::standard-request} auth-handler (auth/wrap-auth-handler authenticator handler) response (auth-handler request)] (is (= {::auth-method :basic ::auth-principal "user@test.com" :source ::standard-request} response))))))) (deftest test-basic-authenticator (let [config {:password "test-password" :validate-credentials-factory 'waiter.auth.basic/allow-waiter-users-factory}] (testing "valid configuration" (is (instance? BasicAuthenticator (basic-authenticator config)))) (testing "invalid configuration" (is (thrown? Throwable (basic-authenticator (dissoc config :password)))) (is (thrown? Throwable (basic-authenticator (dissoc config :validate-credentials-factory)))) (is (thrown? Throwable (basic-authenticator (assoc config :validate-credentials-factory "foo"))))))) (deftest test-allow-waiter-users (let [validate-credentials (allow-waiter-users-factory {})] (is (= "test-user" (validate-credentials "test-user" "waiter"))) (is (nil? (validate-credentials "test-user" "w8r")))))