955 lines
26 KiB
Go
955 lines
26 KiB
Go
package backends
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
|
|
. "github.com/iegomez/mosquitto-go-auth/backends/constants"
|
|
log "github.com/sirupsen/logrus"
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
)
|
|
|
|
func TestHTTPAllJsonServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
httpResponse := &HTTPResponse{
|
|
Ok: true,
|
|
Error: "",
|
|
}
|
|
|
|
var data interface{}
|
|
var params map[string]interface{}
|
|
|
|
body, _ := ioutil.ReadAll(r.Body)
|
|
defer r.Body.Close()
|
|
|
|
err := json.Unmarshal(body, &data)
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
if err != nil {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Json unmarshal error"
|
|
}
|
|
|
|
params = data.(map[string]interface{})
|
|
log.Debugf("received params %v for path %s", params, r.URL.Path)
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"].(string) == username && params["password"].(string) == password {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Wrong credentials."
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"].(string) == username {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Not a superuser."
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
paramsAcc := int64(params["acc"].(float64))
|
|
if params["username"].(string) == username && params["topic"].(string) == topic && params["clientid"].(string) == clientId && paramsAcc <= acc {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Acl check failed."
|
|
}
|
|
}
|
|
|
|
jsonResponse, err := json.Marshal(httpResponse)
|
|
if err != nil {
|
|
w.Write([]byte("error"))
|
|
}
|
|
|
|
w.Write(jsonResponse)
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "json"
|
|
authOpts["http_response_mode"] = "json"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
authOpts["http_timeout"] = "5"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
So(hb.UserAgent, ShouldEqual, "mosquitto-2.0.0")
|
|
So(hb.httpMethod, ShouldEqual, http.MethodPost)
|
|
|
|
Convey("Given custom user agent, it should override default one", func() {
|
|
customAuthOpts := make(map[string]string)
|
|
|
|
for k, v := range authOpts {
|
|
customAuthOpts[k] = v
|
|
}
|
|
|
|
customAuthOpts["http_user_agent"] = "custom-user-agent"
|
|
|
|
customHb, err := NewHTTP(customAuthOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
So(customHb.UserAgent, ShouldEqual, "custom-user-agent")
|
|
})
|
|
|
|
Convey("Given http method GET, it should override the default POST one", func() {
|
|
customAuthOpts := make(map[string]string)
|
|
|
|
for k, v := range authOpts {
|
|
customAuthOpts[k] = v
|
|
}
|
|
|
|
customAuthOpts["http_method"] = "GET"
|
|
|
|
customHb, err := NewHTTP(customAuthOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
So(customHb.httpMethod, ShouldEqual, http.MethodGet)
|
|
})
|
|
|
|
Convey("Given http method PUT, it should override the default POST one", func() {
|
|
customAuthOpts := make(map[string]string)
|
|
|
|
for k, v := range authOpts {
|
|
customAuthOpts[k] = v
|
|
}
|
|
|
|
customAuthOpts["http_method"] = "PUT"
|
|
|
|
customHb, err := NewHTTP(customAuthOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
So(customHb.httpMethod, ShouldEqual, http.MethodPut)
|
|
})
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
func TestHTTPJsonStatusOnlyServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
var data interface{}
|
|
var params map[string]interface{}
|
|
|
|
body, _ := ioutil.ReadAll(r.Body)
|
|
defer r.Body.Close()
|
|
|
|
err := json.Unmarshal(body, &data)
|
|
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
}
|
|
|
|
params = data.(map[string]interface{})
|
|
log.Debugf("received params %v for path %s", params, r.URL.Path)
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"].(string) == username && params["password"].(string) == password {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"].(string) == username {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
//uAcc := float64.(params["acc"])
|
|
paramsAcc := int64(params["acc"].(float64))
|
|
if params["username"].(string) == username && params["topic"].(string) == topic && params["clientid"].(string) == clientId && paramsAcc <= acc {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "json"
|
|
authOpts["http_response_mode"] = "status"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
func TestHTTPJsonTextResponseServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
var data interface{}
|
|
var params map[string]interface{}
|
|
|
|
body, _ := ioutil.ReadAll(r.Body)
|
|
defer r.Body.Close()
|
|
|
|
err := json.Unmarshal(body, &data)
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
if err != nil {
|
|
w.Write([]byte(err.Error()))
|
|
}
|
|
|
|
params = data.(map[string]interface{})
|
|
log.Debugf("received params %v for path %s", params, r.URL.Path)
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"].(string) == username && params["password"].(string) == password {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Wrong credentials."))
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"].(string) == username {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Not a superuser"))
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
//uAcc := float64.(params["acc"])
|
|
paramsAcc := int64(params["acc"].(float64))
|
|
if params["username"].(string) == username && params["topic"].(string) == topic && params["clientid"].(string) == clientId && paramsAcc <= acc {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Acl check failed."))
|
|
}
|
|
} else {
|
|
w.Write([]byte("Path not found."))
|
|
}
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "json"
|
|
authOpts["http_response_mode"] = "text"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
func TestHTTPFormJsonResponseServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
httpResponse := &HTTPResponse{
|
|
Ok: true,
|
|
Error: "",
|
|
}
|
|
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var params = r.Form
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"][0] == username && params["password"][0] == password {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Wrong credentials."
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"][0] == username {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Not a superuser."
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
paramsAcc, _ := strconv.ParseInt(params["acc"][0], 10, 64)
|
|
if params["username"][0] == username && params["topic"][0] == topic && params["clientid"][0] == clientId && paramsAcc <= acc {
|
|
httpResponse.Ok = true
|
|
httpResponse.Error = ""
|
|
} else {
|
|
httpResponse.Ok = false
|
|
httpResponse.Error = "Acl check failed."
|
|
}
|
|
}
|
|
|
|
jsonResponse, err := json.Marshal(httpResponse)
|
|
if err != nil {
|
|
w.Write([]byte("error"))
|
|
}
|
|
|
|
w.Write(jsonResponse)
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "form"
|
|
authOpts["http_response_mode"] = "json"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
func TestHTTPFormStatusOnlyServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
var params = r.Form
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"][0] == username && params["password"][0] == password {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"][0] == username {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
paramsAcc, _ := strconv.ParseInt(params["acc"][0], 10, 64)
|
|
if params["username"][0] == username && params["topic"][0] == topic && params["clientid"][0] == clientId && paramsAcc <= acc {
|
|
w.WriteHeader(http.StatusOK)
|
|
} else {
|
|
w.WriteHeader(http.StatusNotFound)
|
|
}
|
|
}
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "form"
|
|
authOpts["http_response_mode"] = "status"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
func TestHTTPFormTextResponseServer(t *testing.T) {
|
|
|
|
username := "test_user"
|
|
password := "test_password"
|
|
topic := "test/topic"
|
|
var acc = int64(1)
|
|
clientId := "test_client"
|
|
|
|
version := "2.0.0"
|
|
|
|
mockServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
var params = r.Form
|
|
|
|
if r.URL.Path == "/user" {
|
|
if params["username"][0] == username && params["password"][0] == password {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Wrong credentials."))
|
|
}
|
|
} else if r.URL.Path == "/superuser" {
|
|
if params["username"][0] == username {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Not a superuser"))
|
|
}
|
|
} else if r.URL.Path == "/acl" {
|
|
paramsAcc, _ := strconv.ParseInt(params["acc"][0], 10, 64)
|
|
if params["username"][0] == username && params["topic"][0] == topic && params["clientid"][0] == clientId && paramsAcc <= acc {
|
|
w.Write([]byte("ok"))
|
|
} else {
|
|
w.Write([]byte("Acl check failed."))
|
|
}
|
|
} else {
|
|
w.Write([]byte("Path not found."))
|
|
}
|
|
|
|
}))
|
|
|
|
defer mockServer.Close()
|
|
|
|
log.Debugf("trying host: %s", mockServer.URL)
|
|
|
|
authOpts := make(map[string]string)
|
|
authOpts["http_params_mode"] = "form"
|
|
authOpts["http_response_mode"] = "text"
|
|
authOpts["http_host"] = strings.Replace(mockServer.URL, "http://", "", -1)
|
|
authOpts["http_port"] = ""
|
|
authOpts["http_getuser_uri"] = "/user"
|
|
authOpts["http_superuser_uri"] = "/superuser"
|
|
authOpts["http_aclcheck_uri"] = "/acl"
|
|
|
|
Convey("Given correct options an http backend instance should be returned", t, func() {
|
|
hb, err := NewHTTP(authOpts, log.DebugLevel, version)
|
|
So(err, ShouldBeNil)
|
|
|
|
Convey("Given correct password/username, get user should return true", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, password, clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given incorrect password/username, get user should return false", func() {
|
|
|
|
authenticated, err := hb.GetUser(username, "wrong_password", clientId)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct username, get superuser should return true", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
Convey("But disabling superusers by removing superuri should now return false", func() {
|
|
hb.SuperuserUri = ""
|
|
superuser, err := hb.GetSuperuser(username)
|
|
So(err, ShouldBeNil)
|
|
So(superuser, ShouldBeFalse)
|
|
})
|
|
|
|
})
|
|
|
|
Convey("Given incorrect username, get superuser should return false", func() {
|
|
|
|
authenticated, err := hb.GetSuperuser("not_admin")
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given correct topic, username, client id and acc, acl check should return true", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeTrue)
|
|
|
|
})
|
|
|
|
Convey("Given an acc that requires more privileges than the user has, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, clientId, MOSQ_ACL_WRITE)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a topic not present in acls, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, "fake/topic", clientId, MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
Convey("Given a clientId that doesn't match, check acl should return false", func() {
|
|
|
|
authenticated, err := hb.CheckAcl(username, topic, "fake_client_id", MOSQ_ACL_READ)
|
|
So(err, ShouldBeNil)
|
|
So(authenticated, ShouldBeFalse)
|
|
|
|
})
|
|
|
|
hb.Halt()
|
|
|
|
})
|
|
|
|
}
|