2021-04-09 18:00:40 +02:00
|
|
|
package app
|
|
|
|
|
|
|
|
import (
|
2021-04-09 21:00:54 +02:00
|
|
|
"brainbaking.com/go-jamming/common"
|
2021-04-09 18:00:40 +02:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
|
|
|
var conf = &common.Config{
|
2021-04-09 21:00:54 +02:00
|
|
|
Token: "boemsjakkalakka",
|
|
|
|
AllowedWebmentionSources: []string{"http://ewelja.be"},
|
2021-04-09 18:00:40 +02:00
|
|
|
}
|
|
|
|
|
2022-06-21 11:35:52 +02:00
|
|
|
func TestTokenOnlyUnauthorizedWithWrongToken(t *testing.T) {
|
2021-04-09 18:00:40 +02:00
|
|
|
srv := &server{
|
|
|
|
conf: conf,
|
|
|
|
}
|
|
|
|
|
|
|
|
passed := false
|
2022-06-21 11:35:52 +02:00
|
|
|
handler := srv.tokenOnly(func(writer http.ResponseWriter, request *http.Request) {
|
2021-04-09 18:00:40 +02:00
|
|
|
passed = true
|
|
|
|
})
|
|
|
|
r, _ := http.NewRequest("PUT", "/whatever", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r = mux.SetURLVars(r, map[string]string{
|
2021-04-09 21:00:54 +02:00
|
|
|
"token": "invalid",
|
2021-04-09 18:00:40 +02:00
|
|
|
"domain": conf.AllowedWebmentionSources[0],
|
|
|
|
})
|
|
|
|
|
|
|
|
handler(w, r)
|
|
|
|
assert.False(t, passed, "should not have called unauthorized func")
|
|
|
|
}
|
|
|
|
|
2022-04-23 21:27:43 +02:00
|
|
|
func TestDomainOnlyWithWrongDomain(t *testing.T) {
|
2021-04-09 18:00:40 +02:00
|
|
|
srv := &server{
|
|
|
|
conf: conf,
|
|
|
|
}
|
|
|
|
|
|
|
|
passed := false
|
2022-04-23 21:27:43 +02:00
|
|
|
handler := srv.domainOnly(func(writer http.ResponseWriter, request *http.Request) {
|
2021-04-09 18:00:40 +02:00
|
|
|
passed = true
|
|
|
|
})
|
|
|
|
r, _ := http.NewRequest("PUT", "/whatever", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r = mux.SetURLVars(r, map[string]string{
|
2021-04-09 21:00:54 +02:00
|
|
|
"token": conf.Token,
|
2021-04-09 18:00:40 +02:00
|
|
|
"domain": "https://sexymoddafokkas.be",
|
|
|
|
})
|
|
|
|
|
|
|
|
handler(w, r)
|
|
|
|
assert.False(t, passed, "should not have called unauthorized func")
|
|
|
|
}
|
|
|
|
|
2022-06-21 11:35:52 +02:00
|
|
|
func TestTokenOnlyOkIfTokenAndDomainMatch(t *testing.T) {
|
2021-04-09 18:00:40 +02:00
|
|
|
srv := &server{
|
|
|
|
conf: conf,
|
|
|
|
}
|
|
|
|
|
|
|
|
passed := false
|
2022-06-21 11:35:52 +02:00
|
|
|
handler := srv.tokenOnly(func(writer http.ResponseWriter, request *http.Request) {
|
2021-04-09 18:00:40 +02:00
|
|
|
passed = true
|
|
|
|
})
|
|
|
|
r, _ := http.NewRequest("PUT", "/whatever", nil)
|
|
|
|
w := httptest.NewRecorder()
|
|
|
|
r = mux.SetURLVars(r, map[string]string{
|
2021-04-09 21:00:54 +02:00
|
|
|
"token": conf.Token,
|
2021-04-09 18:00:40 +02:00
|
|
|
"domain": conf.AllowedWebmentionSources[0],
|
|
|
|
})
|
|
|
|
|
|
|
|
handler(w, r)
|
|
|
|
assert.True(t, passed, "should have passed authentication!")
|
|
|
|
}
|