prometheus-fail2ban-exporter/auth/middleware_test.go

package auth

import (
	"net/http"
	"net/http/httptest"
	"testing"
)

type testAuthProvider struct {
	enabled bool
	match   bool
}

func (p testAuthProvider) Enabled() bool {
	return p.enabled
}

func (p testAuthProvider) DoesBasicAuthMatch(username, password string) bool {
	return p.match
}

func newTestRequest() *http.Request {
	return httptest.NewRequest(http.MethodGet, "http://example.com", nil)
}

func executeBasicAuthMiddlewareTest(t *testing.T, authEnabled bool, authMatches bool, expectedCode int, expectedCallCount int) {
	callCount := 0
	testHandler := func(w http.ResponseWriter, r *http.Request) {
		callCount++
	}

	handler := BasicAuthMiddleware(testHandler, testAuthProvider{enabled: authEnabled, match: authMatches})
	recorder := httptest.NewRecorder()
	request := newTestRequest()
	if authEnabled {
		request.SetBasicAuth("test", "test")
	}
	handler.ServeHTTP(recorder, request)

	if recorder.Code != expectedCode {
		t.Errorf("statusCode = %v, want %v", recorder.Code, expectedCode)
	}
	if callCount != expectedCallCount {
		t.Errorf("callCount = %v, want %v", callCount, expectedCallCount)
	}
}

func Test_GIVEN_DisabledBasicAuth_WHEN_MethodCalled_THEN_RequestProcessed(t *testing.T) {
	executeBasicAuthMiddlewareTest(t, false, false, http.StatusOK, 1)
}

func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithCorrectCredentials_THEN_RequestProcessed(t *testing.T) {
	executeBasicAuthMiddlewareTest(t, true, true, http.StatusOK, 1)
}

func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithIncorrectCredentials_THEN_RequestRejected(t *testing.T) {
	executeBasicAuthMiddlewareTest(t, true, false, http.StatusUnauthorized, 0)
}
feat: add support for basic auth (#16) Add new CLI parameters to enable protecting the API endpoints with basic auth authentication. Wrap the server endpoints in a new auth middleware that protects it using the provided basic auth credentials (if set). Store the provided basic auth credentials as hashed values to prevent them from being accidentally leaked. Add unit tests to ensure the new functionality works as expected. 2022-01-14 21:36:49 +00:00			`package auth`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`
			`)`

			`type testAuthProvider struct {`
			`enabled bool`
			`match bool`
			`}`

			`func (p testAuthProvider) Enabled() bool {`
			`return p.enabled`
			`}`

			`func (p testAuthProvider) DoesBasicAuthMatch(username, password string) bool {`
			`return p.match`
			`}`

			`func newTestRequest() *http.Request {`
			`return httptest.NewRequest(http.MethodGet, "http://example.com", nil)`
			`}`

			`func executeBasicAuthMiddlewareTest(t *testing.T, authEnabled bool, authMatches bool, expectedCode int, expectedCallCount int) {`
			`callCount := 0`
			`testHandler := func(w http.ResponseWriter, r *http.Request) {`
			`callCount++`
			`}`

			`handler := BasicAuthMiddleware(testHandler, testAuthProvider{enabled: authEnabled, match: authMatches})`
			`recorder := httptest.NewRecorder()`
			`request := newTestRequest()`
			`if authEnabled {`
			`request.SetBasicAuth("test", "test")`
			`}`
			`handler.ServeHTTP(recorder, request)`

			`if recorder.Code != expectedCode {`
			`t.Errorf("statusCode = %v, want %v", recorder.Code, expectedCode)`
			`}`
			`if callCount != expectedCallCount {`
			`t.Errorf("callCount = %v, want %v", callCount, expectedCallCount)`
			`}`
			`}`

			`func Test_GIVEN_DisabledBasicAuth_WHEN_MethodCalled_THEN_RequestProcessed(t *testing.T) {`
			`executeBasicAuthMiddlewareTest(t, false, false, http.StatusOK, 1)`
			`}`

			`func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithCorrectCredentials_THEN_RequestProcessed(t *testing.T) {`
			`executeBasicAuthMiddlewareTest(t, true, true, http.StatusOK, 1)`
			`}`

			`func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithIncorrectCredentials_THEN_RequestRejected(t *testing.T) {`
			`executeBasicAuthMiddlewareTest(t, true, false, http.StatusUnauthorized, 0)`
			`}`