refactor config basic auth to handle hashing data
Add unit tests for the basicAuth to ensure it behaves as expected. Update the basic auth provider struct in the cfg package to handle all the hashing automatically.
This commit is contained in:
parent
e78d4e7298
commit
5be7095e87
@ -25,9 +25,7 @@ func BasicAuthMiddleware(handlerFunc http.HandlerFunc, basicAuthProvider BasicAu
|
|||||||
func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool {
|
func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool {
|
||||||
rawUsername, rawPassword, ok := r.BasicAuth()
|
rawUsername, rawPassword, ok := r.BasicAuth()
|
||||||
if ok {
|
if ok {
|
||||||
username := HashString(rawUsername)
|
return basicAuthProvider.DoesBasicAuthMatch(rawUsername, rawPassword)
|
||||||
password := HashString(rawPassword)
|
|
||||||
return basicAuthProvider.DoesBasicAuthMatch(username, password)
|
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,25 @@
|
|||||||
package cfg
|
package cfg
|
||||||
|
|
||||||
type basicAuth struct {
|
import "fail2ban-prometheus-exporter/auth"
|
||||||
|
|
||||||
|
type hashedBasicAuth struct {
|
||||||
username string
|
username string
|
||||||
password string
|
password string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *basicAuth) Enabled() bool {
|
func newHashedBasicAuth(rawUsername, rawPassword string) *hashedBasicAuth {
|
||||||
|
return &hashedBasicAuth{
|
||||||
|
username: auth.HashString(rawUsername),
|
||||||
|
password: auth.HashString(rawPassword),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *hashedBasicAuth) Enabled() bool {
|
||||||
return len(p.username) > 0 && len(p.password) > 0
|
return len(p.username) > 0 && len(p.password) > 0
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *basicAuth) DoesBasicAuthMatch(username, password string) bool {
|
func (p *hashedBasicAuth) DoesBasicAuthMatch(rawUsername, rawPassword string) bool {
|
||||||
|
username := auth.HashString(rawUsername)
|
||||||
|
password := auth.HashString(rawPassword)
|
||||||
return username == p.username && password == p.password
|
return username == p.username && password == p.password
|
||||||
}
|
}
|
||||||
|
60
src/cfg/basicAuth_test.go
Normal file
60
src/cfg/basicAuth_test.go
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
package cfg
|
||||||
|
|
||||||
|
import "testing"
|
||||||
|
|
||||||
|
func Test_hashedBasicAuth_DoesBasicAuthMatch(t *testing.T) {
|
||||||
|
type args struct {
|
||||||
|
username string
|
||||||
|
password string
|
||||||
|
}
|
||||||
|
type fields struct {
|
||||||
|
username string
|
||||||
|
password string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
fields fields
|
||||||
|
args args
|
||||||
|
want bool
|
||||||
|
}{
|
||||||
|
{"Happy test #1", fields{username: "1234", password: "1234"}, args{username: "1234", password: "1234"}, true},
|
||||||
|
{"Happy test #2", fields{username: "test", password: "1234"}, args{username: "test", password: "1234"}, true},
|
||||||
|
{"Happy test #3", fields{username: "TEST", password: "1234"}, args{username: "TEST", password: "1234"}, true},
|
||||||
|
{"Non match #1", fields{username: "test", password: "1234"}, args{username: "1234", password: "1234"}, false},
|
||||||
|
{"Non match #2", fields{username: "1234", password: "test"}, args{username: "1234", password: "1234"}, false},
|
||||||
|
{"Non match #3", fields{username: "1234", password: "test"}, args{username: "1234", password: "TEST"}, false},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
|
||||||
|
if got := basicAuth.DoesBasicAuthMatch(tt.args.username, tt.args.password); got != tt.want {
|
||||||
|
t.Errorf("DoesBasicAuthMatch() = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Test_hashedBasicAuth_Enabled(t *testing.T) {
|
||||||
|
type fields struct {
|
||||||
|
username string
|
||||||
|
password string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
fields fields
|
||||||
|
want bool
|
||||||
|
}{
|
||||||
|
{"Both blank", fields{username: "", password: ""}, false},
|
||||||
|
{"Single blank #1", fields{username: "test", password: ""}, false},
|
||||||
|
{"Single blank #1", fields{username: "", password: "test"}, false},
|
||||||
|
{"Both populated", fields{username: "test", password: "test"}, true},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
|
||||||
|
if got := basicAuth.Enabled(); got != tt.want {
|
||||||
|
t.Errorf("Enabled() = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
@ -1,7 +1,6 @@
|
|||||||
package cfg
|
package cfg
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fail2ban-prometheus-exporter/auth"
|
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
@ -19,7 +18,7 @@ type AppSettings struct {
|
|||||||
Fail2BanSocketPath string
|
Fail2BanSocketPath string
|
||||||
FileCollectorPath string
|
FileCollectorPath string
|
||||||
FileCollectorEnabled bool
|
FileCollectorEnabled bool
|
||||||
BasicAuthProvider *basicAuth
|
BasicAuthProvider *hashedBasicAuth
|
||||||
}
|
}
|
||||||
|
|
||||||
func Parse() *AppSettings {
|
func Parse() *AppSettings {
|
||||||
@ -43,10 +42,7 @@ func Parse() *AppSettings {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) {
|
func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) {
|
||||||
settings.BasicAuthProvider = &basicAuth{
|
settings.BasicAuthProvider = newHashedBasicAuth(rawUsername, rawPassword)
|
||||||
username: auth.HashString(rawUsername),
|
|
||||||
password: auth.HashString(rawPassword),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (settings *AppSettings) validateFlags() {
|
func (settings *AppSettings) validateFlags() {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user