Add some auth tests

Former-commit-id: 7a6286d40a95a16af483ba4e253e020805647ac8 [formerly b9c0c7b3dfc13391a82e05eb1a7be94d067b1327] [formerly ed44abc1ba59afc19e402eeb5ab42ffeeff80d23 [formerly e6e1984c47]] Former-commit-id: 13290a47d1dd5f4218b873951b4ddb798cd54dd2 [formerly 27db473259f4927be4bfd55b88e57fb87814d8d1] Former-commit-id: 2ef8c236e62859b8cacef5b5e679780de7f22add
2025-11-26 14:25:26 +08:00 · 2017-07-25 11:57:27 +01:00
parent c62363b26a
commit b5965d9a82
7 changed files with 214 additions and 15 deletions
--- a/auth_test.go
+++ b/auth_test.go
@@ -0,0 +1,92 @@
+package filemanager
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+	"time"
+)
+
+var defaultCredentials = "{\"username\":\"admin\",\"password\":\"admin\"}"
+
+var authHandlerTests = []struct {
+	Data     string
+	Expected int
+}{
+	{defaultCredentials, http.StatusOK},
+	{"{\"username\":\"admin\",\"password\":\"wrong\"}", http.StatusForbidden},
+	{"{\"username\":\"wrong\",\"password\":\"admin\"}", http.StatusForbidden},
+}
+
+func TestAuthHandler(t *testing.T) {
+	fm := newTest(t)
+	defer fm.Clean()
+
+	for _, test := range authHandlerTests {
+		req, err := http.NewRequest("POST", "/api/auth/get", strings.NewReader(test.Data))
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		w := httptest.NewRecorder()
+		fm.ServeHTTP(w, req)
+
+		if w.Code != test.Expected {
+			t.Errorf("Wrong status code: got %v want %v", w.Code, test.Expected)
+		}
+	}
+}
+
+func TestRenewHandler(t *testing.T) {
+	fm := newTest(t)
+	defer fm.Clean()
+
+	// First, we have to make an auth request to get the user authenticated,
+	r, err := http.NewRequest("POST", "/api/auth/get", strings.NewReader(defaultCredentials))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	w := httptest.NewRecorder()
+	fm.ServeHTTP(w, r)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("Couldn't authenticate: got %v", w.Code)
+	}
+
+	token := w.Body.String()
+
+	// Test renew authorization via Authorization Header.
+	r, err = http.NewRequest("GET", "/api/auth/renew", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r.Header.Set("Authorization", "Bearer "+token)
+	w = httptest.NewRecorder()
+	fm.ServeHTTP(w, r)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("Can't renew auth via header: got %v", w.Code)
+	}
+
+	// Test renew authorization via cookie field.
+	r, err = http.NewRequest("GET", "/api/auth/renew", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	r.AddCookie(&http.Cookie{
+		Value:   token,
+		Name:    "auth",
+		Expires: time.Now().Add(1 * time.Hour),
+	})
+
+	w = httptest.NewRecorder()
+	fm.ServeHTTP(w, r)
+
+	if w.Code != http.StatusOK {
+		t.Errorf("Can't renew auth via cookie: got %v", w.Code)
+	}
+}