-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathproxy_test.go
105 lines (83 loc) · 2.89 KB
/
proxy_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package main
import (
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/caido/grafana-auth-proxy/pkg/authtest"
"github.com/caido/grafana-auth-proxy/pkg/extraction"
"github.com/caido/grafana-auth-proxy/pkg/identity"
"github.com/caido/grafana-auth-proxy/pkg/validation"
"github.com/lestrrat-go/jwx/jwk"
"github.com/stretchr/testify/assert"
)
const (
cookieName = "AuthCookie"
)
func setupTestBackendServer() (string, func()) {
backendServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userId := r.Header.Get(grafanaAuthHeader)
w.WriteHeader(http.StatusOK)
w.Write([]byte(userId))
}))
return backendServer.URL, backendServer.Close
}
func setupTestRequestsHandler(servedUrl string) *RequestsHandler {
// Extractor
tokenExtractor := extraction.NewTokenExtractor(extraction.NewCookieExtractor(cookieName))
// Validator
publicKey := authtest.LoadPublicKey()
rawKeys := authtest.GetRawRS256Jwk(publicKey)
keys, _ := jwk.ParseString(rawKeys)
tokenValidator := validation.NewTokenValidator(keys, []string{"RS256"}, authtest.Audience, authtest.Issuer)
// Identity Provider
identityProvider := identity.NewTokenProvider(authtest.Claim)
backendURL, _ := url.Parse(servedUrl)
return &RequestsHandler{
ServedUrl: backendURL,
TokenExtractor: tokenExtractor,
TokenValidator: tokenValidator,
IdentityProvider: identityProvider,
}
}
func setupTestToken() string {
claims := authtest.GetDefaultClaims()
privateKey := authtest.LoadPrivateKey()
token := authtest.CreateTokenString(claims, privateKey)
return token
}
func TestRequestsHandlerValidRequest(t *testing.T) {
// Prepare the backend and proxy
backendURL, closeBackend := setupTestBackendServer()
defer closeBackend()
requestHandler := setupTestRequestsHandler(backendURL)
// Prepare the request
req, _ := http.NewRequest("GET", "/test", nil)
req.AddCookie(&http.Cookie{Name: cookieName, Value: setupTestToken()})
// Send the request
rr := httptest.NewRecorder()
requestHandler.ServeHTTP(rr, req)
assert.Equal(t, rr.Code, http.StatusOK)
assert.Equal(t, rr.Body.String(), "[email protected]")
}
func TestRequestsHandlerBackendDown(t *testing.T) {
// Prepare the proxy
requestHandler := setupTestRequestsHandler("http://localhost:12345")
// Prepare the request
req, _ := http.NewRequest("GET", "/test", nil)
req.AddCookie(&http.Cookie{Name: cookieName, Value: setupTestToken()})
// Send the request
rr := httptest.NewRecorder()
requestHandler.ServeHTTP(rr, req)
assert.Equal(t, rr.Code, http.StatusBadGateway)
}
func TestRequestsHandlerMissingAuthentication(t *testing.T) {
// Prepare the proxy
requestHandler := setupTestRequestsHandler("http://localhost:12345")
// Prepare the request
req, _ := http.NewRequest("GET", "/test", nil)
// Send the request
rr := httptest.NewRecorder()
requestHandler.ServeHTTP(rr, req)
assert.Equal(t, rr.Code, http.StatusUnauthorized)
}