apps/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-09-27 05:08:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
94e361a8fdfcf53427e3289fc0c68f130f2d6b63
photoprism/internal/server/webdav_auth_test.go
Michael Mayer 94e361a8fd WebDAV: Add authorization check based on auth tokens #782 #808 #3943 
Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-10 16:54:13 +01:00

107 lines
2.8 KiB
Go
Raw Blame History

package server
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"github.com/photoprism/photoprism/internal/config"
"github.com/photoprism/photoprism/internal/entity"
"github.com/photoprism/photoprism/pkg/header"
"github.com/photoprism/photoprism/pkg/rnd"
)
func TestWebDAVAuth(t *testing.T) {
conf := config.TestConfig()
webdavHandler := WebDAVAuth(conf)
t.Run("Unauthorized", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
webdavHandler(c)
assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())
assert.Equal(t, BasicAuthRealm, c.Writer.Header().Get("WWW-Authenticate"))
})
t.Run("AliceToken", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
sess := entity.SessionFixtures.Get("alice_token")
header.SetAuthorization(c.Request, sess.AuthToken())
webdavHandler(c)
assert.Equal(t, http.StatusOK, c.Writer.Status())
assert.Equal(t, "", c.Writer.Header().Get("WWW-Authenticate"))
})
t.Run("AliceTokenWebdav", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
sess := entity.SessionFixtures.Get("alice_token_webdav")
header.SetAuthorization(c.Request, sess.AuthToken())
webdavHandler(c)
assert.Equal(t, http.StatusOK, c.Writer.Status())
assert.Equal(t, "", c.Writer.Header().Get("WWW-Authenticate"))
})
t.Run("AliceTokenScope", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
sess := entity.SessionFixtures.Get("alice_token_scope")
header.SetAuthorization(c.Request, sess.AuthToken())
webdavHandler(c)
assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())
assert.Equal(t, BasicAuthRealm, c.Writer.Header().Get("WWW-Authenticate"))
})
t.Run("InvalidAuthToken", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
header.SetAuthorization(c.Request, rnd.AuthToken())
webdavHandler(c)
assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())
assert.Equal(t, BasicAuthRealm, c.Writer.Header().Get("WWW-Authenticate"))
})
t.Run("InvalidAuthSecret", func(t *testing.T) {
w := httptest.NewRecorder()
c, _ := gin.CreateTestContext(w)
c.Request = &http.Request{
Header: make(http.Header),
}
header.SetAuthorization(c.Request, rnd.AuthSecret())
webdavHandler(c)
assert.Equal(t, http.StatusUnauthorized, c.Writer.Status())
assert.Equal(t, BasicAuthRealm, c.Writer.Header().Get("WWW-Authenticate"))
})
}
Reference in New Issue View Git Blame Copy Permalink