impl test fileauth

2022-02-18 08:05:50 -07:00 · 2022-02-18 08:05:50 -07:00 · 09c06a4a0c
parent 44d548c603
commit 09c06a4a0c
3 changed files with 254 additions and 0 deletions
--- a/server/auth.go
+++ b/server/auth.go
@ -0,0 +1,61 @@
 package main
 import (
 	"errors"
 	"io/ioutil"
 	yaml "gopkg.in/yaml.v2"
 )
 type auth interface {
 	Login(string, string) (bool, error)
 	Groups(string) ([]string, error)
 }
 type FileAuth struct {
 	path string
 }
 type fileAuthContent struct {
 	Users map[string]struct {
 		Password string
 		Groups   []string
 	}
 }
 func NewFileAuth(path string) FileAuth {
 	return FileAuth{path: path}
 }
 func (fileAuth FileAuth) Login(u, p string) (bool, error) {
 	content, err := fileAuth.load()
 	if err != nil {
 		return false, err
 	}
 	entry, ok := content.Users[u]
 	return ok && entry.Password == p, nil
 }
 func (fileAuth FileAuth) Groups(u string) ([]string, error) {
 	content, err := fileAuth.load()
 	if err != nil {
 		return nil, err
 	}
 	entry, ok := content.Users[u]
 	if !ok {
 		return nil, errors.New("invalid user")
 	}
 	return entry.Groups, nil
 }
 func (fileAuth FileAuth) load() (fileAuthContent, error) {
 	var fileAuthContent fileAuthContent
 	b, err := ioutil.ReadFile(fileAuth.path)
 	if err != nil {
 		return fileAuthContent, err
 	}
 	if err := yaml.Unmarshal(b, &fileAuthContent); err != nil {
 		return fileAuthContent, err
 	}
 	return fileAuthContent, nil
 }
--- a/server/auth_test.go
+++ b/server/auth_test.go
@ -0,0 +1,118 @@
 package main
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path"
 	"testing"
 )
 func TestFileAuth(t *testing.T) {
 	user := "username"
 	passw := "password"
 	g := "group"
 	emptyp := func() string {
 		d := t.TempDir()
 		f, err := ioutil.TempFile(d, "login.yaml.*")
 		if err != nil {
 			t.Fatal(err)
 		}
 		f.Close()
 		return path.Join(d, f.Name())
 	}
 	goodp := func() string {
 		p := emptyp()
 		if err := ensureAndWrite(p, []byte(fmt.Sprintf(`{
 			"users": {
 				%q: {
 					"password": %q,
 					"groups": [%q]
 				}
 			}
 		}`, user, passw, g))); err != nil {
 			t.Fatal(err)
 		}
 		return p
 	}
 	t.Run("no file", func(t *testing.T) {
 		p := emptyp()
 		os.Remove(p)
 		fa := NewFileAuth(p)
 		if _, err := fa.Login(user, passw); err == nil {
 			t.Fatal(err)
 		}
 	})
 	t.Run("bad file", func(t *testing.T) {
 		p := emptyp()
 		if err := ensureAndWrite(p, []byte(`{"hello:}`)); err != nil {
 			t.Fatal(err)
 		}
 		fa := NewFileAuth(p)
 		if _, err := fa.Login(user, passw); err == nil {
 			t.Fatal(err)
 		}
 	})
 	t.Run("bad user", func(t *testing.T) {
 		p := goodp()
 		fa := NewFileAuth(p)
 		if ok, err := fa.Login("bad"+user, passw); err != nil {
 			t.Fatal(err)
 		} else if ok {
 			t.Fatal(ok)
 		}
 	})
 	t.Run("bad pass", func(t *testing.T) {
 		p := goodp()
 		fa := NewFileAuth(p)
 		if ok, err := fa.Login(user, "bad"+passw); err != nil {
 			t.Fatal(err)
 		} else if ok {
 			t.Fatal(ok)
 		}
 	})
 	t.Run("good load", func(t *testing.T) {
 		p := goodp()
 		fa := NewFileAuth(p)
 		got, err := fa.load()
 		if err != nil {
 			t.Fatal(err)
 		}
 		if len(got.Users) != 1 {
 			t.Error(got.Users)
 		}
 		if entry, ok := got.Users[user]; !ok {
 			t.Error(ok)
 		} else if entry.Password != passw {
 			t.Error(entry)
 		} else if len(entry.Groups) != 1 {
 			t.Error(entry.Groups)
 		} else if entry.Groups[0] != g {
 			t.Error(entry.Groups)
 		}
 	})
 	t.Run("good", func(t *testing.T) {
 		p := goodp()
 		b, _ := ioutil.ReadFile(p)
 		t.Logf("goodp: %s: %s", p, b)
 		fa := NewFileAuth(p)
 		if ok, err := fa.Login(user, passw); err != nil {
 			t.Fatal(err)
 		} else if !ok {
 			t.Fatal(ok)
 		}
 		if groups, err := fa.Groups(user); err != nil {
 			t.Fatal(err)
 		} else if len(groups) != 1 {
 			t.Fatal(groups)
 		} else if groups[0] != g {
 			t.Fatal(groups)
 		}
 	})
 }
--- a/server/authenticate.go
+++ b/server/authenticate.go
@ -0,0 +1,75 @@
 package main
 import (
 	"errors"
 	"net/http"
 	"time"
 )
 func (server *Server) authenticate(w http.ResponseWriter, r *http.Request) (*Server, bool, error) {
 	if err := server.parseLogin(w, r); err != nil {
 		return nil, false, err
 	}
 	if ok, err := server.needsLogin(r); err != nil {
 		return nil, false, err
 	} else if ok {
 		w.Header().Set("WWW-Authenticate", "Basic")
 		w.WriteHeader(http.StatusUnauthorized)
 		return nil, true, nil
 	}
 	// TODO: if bad cookie OR no cookie: https://blog.stevensanderson.com/2008/08/25/using-the-browsers-native-login-prompt/
 	// TODO: prompt for user-pass if nothing supplied
 	// TODO: login
 	// TODO: logged in
 	// TODO: get namespaces
 	// TODO: verify cookie namespace is OK
 	// TODO: ~~logout~~ // client side
 	return server.WithLoggedIn("", "", []string{}), false, errors.New("not impl")
 }
 func (server *Server) parseLogin(w http.ResponseWriter, r *http.Request) error {
 	username, password, ok := r.BasicAuth()
 	if !ok {
 		return nil
 	}
 	_, _ = username, password
 	server.setLoginCookie(w, r, "abc")
 	return errors.New("todo: use username+password to set cookie")
 }
 func (server *Server) needsLogin(r *http.Request) (bool, error) {
 	_, ok := server.loginCookie(r)
 	if !ok {
 		return true, nil
 	}
 	// TODO compare namespace + cookie groups
 	return false, errors.New("not impl")
 }
 func (server *Server) setLoginCookie(w http.ResponseWriter, r *http.Request, value string) {
 	cookie := &http.Cookie{
 		Name:    "login",
 		Value:   server.encodeCookie(value),
 		Expires: time.Now().Add(time.Hour * 24),
 	}
 	w.Header().Set("Set-Cookie", cookie.String())
 	r.AddCookie(cookie)
 }
 func (server *Server) loginCookie(r *http.Request) (string, bool) {
 	cookies := r.Cookies()
 	for i := range cookies {
 		if cookies[i].Name == "login" && time.Now().Before(cookies[i].Expires) {
 			return server.decodeCookie(cookies[i].Value)
 		}
 	}
 	return "", false
 }
 func (server *Server) decodeCookie(s string) (string, bool) {
 	panic("not impl")
 }
 func (server *Server) encodeCookie(s string) string {
 	panic("not impl")
 }