split headers.Authenticate and headers.Authorization (#523)

2025-10-05 15:16:51 +08:00 · 2024-02-22 13:19:31 +01:00
parent c93d5c54d9
commit c10f7aaedb
21 changed files with 369 additions and 424 deletions
--- a/pkg/headers/authenticate_test.go
+++ b/pkg/headers/authenticate_test.go
@@ -24,82 +24,52 @@ var casesAuthenticate = []struct {
 		base.HeaderValue{`Basic realm="4419b63f5e51"`},
 		Authenticate{
 			Method: AuthBasic,
-			Realm:  stringPtr("4419b63f5e51"),
+			Realm:  "4419b63f5e51",
 		},
 	},
 	{
-		"digest request 1",
+		"digest 1",
 		base.HeaderValue{`Digest realm="4419b63f5e51", nonce="8b84a3b789283a8bea8da7fa7d41f08b", stale="FALSE"`},
 		base.HeaderValue{`Digest realm="4419b63f5e51", nonce="8b84a3b789283a8bea8da7fa7d41f08b", stale="FALSE"`},
 		Authenticate{
 			Method: AuthDigest,
-			Realm:  stringPtr("4419b63f5e51"),
-			Nonce:  stringPtr("8b84a3b789283a8bea8da7fa7d41f08b"),
+			Realm:  "4419b63f5e51",
+			Nonce:  "8b84a3b789283a8bea8da7fa7d41f08b",
 			Stale:  stringPtr("FALSE"),
 		},
 	},
 	{
-		"digest request 2",
+		"digest 2",
 		base.HeaderValue{`Digest realm="4419b63f5e51", nonce="8b84a3b789283a8bea8da7fa7d41f08b", stale=FALSE`},
 		base.HeaderValue{`Digest realm="4419b63f5e51", nonce="8b84a3b789283a8bea8da7fa7d41f08b", stale="FALSE"`},
 		Authenticate{
 			Method: AuthDigest,
-			Realm:  stringPtr("4419b63f5e51"),
-			Nonce:  stringPtr("8b84a3b789283a8bea8da7fa7d41f08b"),
+			Realm:  "4419b63f5e51",
+			Nonce:  "8b84a3b789283a8bea8da7fa7d41f08b",
 			Stale:  stringPtr("FALSE"),
 		},
 	},
 	{
-		"digest request 3",
+		"digest 3",
 		base.HeaderValue{`Digest realm="4419b63f5e51",nonce="133767111917411116111311118211673010032",  stale="FALSE"`},
 		base.HeaderValue{`Digest realm="4419b63f5e51", nonce="133767111917411116111311118211673010032", stale="FALSE"`},
 		Authenticate{
 			Method: AuthDigest,
-			Realm:  stringPtr("4419b63f5e51"),
-			Nonce:  stringPtr("133767111917411116111311118211673010032"),
+			Realm:  "4419b63f5e51",
+			Nonce:  "133767111917411116111311118211673010032",
 			Stale:  stringPtr("FALSE"),
 		},
 	},
 	{
-		"digest response generic",
-		base.HeaderValue{`Digest username="aa", realm="bb", nonce="cc", uri="dd", response="ee"`},
-		base.HeaderValue{`Digest username="aa", realm="bb", nonce="cc", uri="dd", response="ee"`},
-		Authenticate{
-			Method:   AuthDigest,
-			Username: stringPtr("aa"),
-			Realm:    stringPtr("bb"),
-			Nonce:    stringPtr("cc"),
-			URI:      stringPtr("dd"),
-			Response: stringPtr("ee"),
-		},
-	},
-	{
-		"digest response with empty field",
-		base.HeaderValue{`Digest username="", realm="IPCAM", ` +
-			`nonce="5d17cd12b9fa8a85ac5ceef0926ea5a6", uri="rtsp://localhost:8554/mystream", ` +
-			`response="c072ae90eb4a27f4cdcb90d62266b2a1"`},
-		base.HeaderValue{`Digest username="", realm="IPCAM", ` +
-			`nonce="5d17cd12b9fa8a85ac5ceef0926ea5a6", uri="rtsp://localhost:8554/mystream", ` +
-			`response="c072ae90eb4a27f4cdcb90d62266b2a1"`},
-		Authenticate{
-			Method:   AuthDigest,
-			Username: stringPtr(""),
-			Realm:    stringPtr("IPCAM"),
-			Nonce:    stringPtr("5d17cd12b9fa8a85ac5ceef0926ea5a6"),
-			URI:      stringPtr("rtsp://localhost:8554/mystream"),
-			Response: stringPtr("c072ae90eb4a27f4cdcb90d62266b2a1"),
-		},
-	},
-	{
-		"digest response with no spaces and additional fields",
+		"digest after failed auth",
 		base.HeaderValue{`Digest realm="Please log in with a valid username",` +
 			`nonce="752a62306daf32b401a41004555c7663",opaque="",stale=FALSE,algorithm=MD5`},
 		base.HeaderValue{`Digest realm="Please log in with a valid username", ` +
 			`nonce="752a62306daf32b401a41004555c7663", opaque="", stale="FALSE", algorithm="MD5"`},
 		Authenticate{
 			Method:    AuthDigest,
-			Realm:     stringPtr("Please log in with a valid username"),
-			Nonce:     stringPtr("752a62306daf32b401a41004555c7663"),
+			Realm:     "Please log in with a valid username",
+			Nonce:     "752a62306daf32b401a41004555c7663",
 			Opaque:    stringPtr(""),
 			Stale:     stringPtr("FALSE"),
 			Algorithm: stringPtr("MD5"),
@@ -118,46 +88,6 @@ func TestAuthenticateUnmarshal(t *testing.T) {
 	}
 }

-func TestAutenticatehUnmarshalErrors(t *testing.T) {
-	for _, ca := range []struct {
-		name string
-		hv   base.HeaderValue
-		err  string
-	}{
-		{
-			"empty",
-			base.HeaderValue{},
-			"value not provided",
-		},
-		{
-			"2 values",
-			base.HeaderValue{"a", "b"},
-			"value provided multiple times ([a b])",
-		},
-		{
-			"no keys",
-			base.HeaderValue{"Basic"},
-			"unable to split between method and keys (Basic)",
-		},
-		{
-			"invalid keys",
-			base.HeaderValue{`Basic key1="k`},
-			"apexes not closed (key1=\"k)",
-		},
-		{
-			"invalid method",
-			base.HeaderValue{"Testing key1=val1"},
-			"invalid method (Testing)",
-		},
-	} {
-		t.Run(ca.name, func(t *testing.T) {
-			var h Authenticate
-			err := h.Unmarshal(ca.hv)
-			require.EqualError(t, err, ca.err)
-		})
-	}
-}
-
 func TestAuthenticateMarshal(t *testing.T) {
 	for _, ca := range casesAuthenticate {
 		t.Run(ca.name, func(t *testing.T) {
@@ -166,3 +96,28 @@ func TestAuthenticateMarshal(t *testing.T) {
 		})
 	}
 }
+
+func FuzzAuthenticateUnmarshal(f *testing.F) {
+	for _, ca := range casesAuthenticate {
+		f.Add(ca.vin[0])
+	}
+
+	f.Fuzz(func(t *testing.T, b string) {
+		var h Authenticate
+		h.Unmarshal(base.HeaderValue{b}) //nolint:errcheck
+	})
+}
+
+func TestAuthenticateAdditionalErrors(t *testing.T) {
+	func() {
+		var h Authenticate
+		err := h.Unmarshal(base.HeaderValue{})
+		require.Error(t, err)
+	}()
+
+	func() {
+		var h Authenticate
+		err := h.Unmarshal(base.HeaderValue{"a", "b"})
+		require.Error(t, err)
+	}()
+}