volker.raschek/prometheus-fail2ban-exporter
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

refactor config basic auth to handle hashing data

Browse Source 
Add unit tests for the basicAuth to ensure it behaves as expected.
Update the basic auth provider struct in the cfg package to handle all the
hashing automatically.
This commit is contained in:
Hector 2022-01-13 22:21:39 +00:00
parent e78d4e7298
commit 5be7095e87
4 changed files with 77 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/auth/middleware.go
View File

@ -25,9 +25,7 @@ func BasicAuthMiddleware(handlerFunc http.HandlerFunc, basicAuthProvider BasicAu
func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool { func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool {
rawUsername, rawPassword, ok := r.BasicAuth() rawUsername, rawPassword, ok := r.BasicAuth()
if ok { if ok {
username := HashString(rawUsername) return basicAuthProvider.DoesBasicAuthMatch(rawUsername, rawPassword)
password := HashString(rawPassword)
return basicAuthProvider.DoesBasicAuthMatch(username, password)
} }
return false return false
} }

17
src/cfg/basicAuth.go
View File

@ -1,14 +1,25 @@
package cfg package cfg
type basicAuth struct { import "fail2ban-prometheus-exporter/auth"
type hashedBasicAuth struct {
username string username string
password string password string
} }
func (p *basicAuth) Enabled() bool { func newHashedBasicAuth(rawUsername, rawPassword string) *hashedBasicAuth {
return &hashedBasicAuth{
username: auth.HashString(rawUsername),
password: auth.HashString(rawPassword),
}
}
func (p *hashedBasicAuth) Enabled() bool {
return len(p.username) > 0 && len(p.password) > 0 return len(p.username) > 0 && len(p.password) > 0
} }
func (p *basicAuth) DoesBasicAuthMatch(username, password string) bool { func (p *hashedBasicAuth) DoesBasicAuthMatch(rawUsername, rawPassword string) bool {
username := auth.HashString(rawUsername)
password := auth.HashString(rawPassword)
return username == p.username && password == p.password return username == p.username && password == p.password
} }

60
src/cfg/basicAuth_test.go Normal file
View File

@ -0,0 +1,60 @@
package cfg
import "testing"
func Test_hashedBasicAuth_DoesBasicAuthMatch(t *testing.T) {
type args struct {
username string
password string
}
type fields struct {
username string
password string
}
tests := []struct {
name string
fields fields
args args
want bool
}{
{"Happy test #1", fields{username: "1234", password: "1234"}, args{username: "1234", password: "1234"}, true},
{"Happy test #2", fields{username: "test", password: "1234"}, args{username: "test", password: "1234"}, true},
{"Happy test #3", fields{username: "TEST", password: "1234"}, args{username: "TEST", password: "1234"}, true},
{"Non match #1", fields{username: "test", password: "1234"}, args{username: "1234", password: "1234"}, false},
{"Non match #2", fields{username: "1234", password: "test"}, args{username: "1234", password: "1234"}, false},
{"Non match #3", fields{username: "1234", password: "test"}, args{username: "1234", password: "TEST"}, false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
if got := basicAuth.DoesBasicAuthMatch(tt.args.username, tt.args.password); got != tt.want {
t.Errorf("DoesBasicAuthMatch() = %v, want %v", got, tt.want)
}
})
}
}
func Test_hashedBasicAuth_Enabled(t *testing.T) {
type fields struct {
username string
password string
}
tests := []struct {
name string
fields fields
want bool
}{
{"Both blank", fields{username: "", password: ""}, false},
{"Single blank #1", fields{username: "test", password: ""}, false},
{"Single blank #1", fields{username: "", password: "test"}, false},
{"Both populated", fields{username: "test", password: "test"}, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
if got := basicAuth.Enabled(); got != tt.want {
t.Errorf("Enabled() = %v, want %v", got, tt.want)
}
})
}
}

8
src/cfg/cfg.go
View File

@ -1,7 +1,6 @@
package cfg package cfg
import ( import (
"fail2ban-prometheus-exporter/auth"
"flag" "flag"
"fmt" "fmt"
"os" "os"
@ -19,7 +18,7 @@ type AppSettings struct {
Fail2BanSocketPath string Fail2BanSocketPath string
FileCollectorPath string FileCollectorPath string
FileCollectorEnabled bool FileCollectorEnabled bool
BasicAuthProvider *basicAuth BasicAuthProvider *hashedBasicAuth
} }
func Parse() *AppSettings { func Parse() *AppSettings {
@ -43,10 +42,7 @@ func Parse() *AppSettings {
} }
func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) { func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) {
settings.BasicAuthProvider = &basicAuth{ settings.BasicAuthProvider = newHashedBasicAuth(rawUsername, rawPassword)
username: auth.HashString(rawUsername),
password: auth.HashString(rawPassword),
}
} }
func (settings *AppSettings) validateFlags() { func (settings *AppSettings) validateFlags() {