summaryrefslogtreecommitdiff
path: root/contrib/tlsauth/auth_test.go
diff options
context:
space:
mode:
authortjpcc <tjp@ctrl-c.club>2023-10-09 08:56:53 -0600
committertjpcc <tjp@ctrl-c.club>2023-10-09 08:56:53 -0600
commitcedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 (patch)
treec04144501fa461b840cea96951f23d926b596ff7 /contrib/tlsauth/auth_test.go
parent1a14f01df1c220f1b8a0dcee1eada007aca8d43f (diff)
more useful tlsauth.Approver type
the predicate function should be able to see the whole context and request
Diffstat (limited to 'contrib/tlsauth/auth_test.go')
-rw-r--r--contrib/tlsauth/auth_test.go85
1 files changed, 0 insertions, 85 deletions
diff --git a/contrib/tlsauth/auth_test.go b/contrib/tlsauth/auth_test.go
index 2a95e1c..df67159 100644
--- a/contrib/tlsauth/auth_test.go
+++ b/contrib/tlsauth/auth_test.go
@@ -1,12 +1,10 @@
package tlsauth_test
import (
- "bytes"
"context"
"crypto/tls"
"crypto/x509"
"net/url"
- "strings"
"testing"
"github.com/stretchr/testify/assert"
@@ -47,89 +45,6 @@ func TestIdentify(t *testing.T) {
assert.True(t, invoked)
}
-func TestRequiredAuth(t *testing.T) {
- invoked1 := false
- invoked2 := false
-
- handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
- invoked1 = true
- return gemini.Success("", &bytes.Buffer{})
- })
-
- handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
- invoked2 = true
- return gemini.Success("", &bytes.Buffer{})
- })
-
- authMiddleware := sr.Filter(tlsauth.RequiredAuth(tlsauth.Allow), nil)
-
- handler1 = sr.Filter(
- func(_ context.Context, req *sr.Request) bool {
- return strings.HasPrefix(req.Path, "/one")
- },
- nil,
- )(authMiddleware(handler1))
- handler2 = authMiddleware(handler2)
-
- server, client, _ := setup(t,
- "testdata/server.crt", "testdata/server.key",
- "testdata/client1.crt", "testdata/client1.key",
- sr.FallthroughHandler(handler1, handler2),
- )
-
- go func() {
- _ = server.Serve()
- }()
- defer server.Close()
-
- requestPath(t, client, server, "/one")
- assert.True(t, invoked1)
-
- client, _ = clientFor(t, server, "", "") // no client cert this time
- requestPath(t, client, server, "/two")
- assert.False(t, invoked2)
-}
-
-func TestOptionalAuth(t *testing.T) {
- invoked1 := false
- invoked2 := false
-
- handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
- if !strings.HasPrefix(request.Path, "/one") {
- return nil
- }
-
- invoked1 = true
- return gemini.Success("", &bytes.Buffer{})
- })
-
- handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response {
- invoked2 = true
- return gemini.Success("", &bytes.Buffer{})
- })
-
- mw := sr.Filter(tlsauth.OptionalAuth(tlsauth.Reject), nil)
- handler := sr.FallthroughHandler(mw(handler1), mw(handler2))
-
- server, client, _ := setup(t,
- "testdata/server.crt", "testdata/server.key",
- "testdata/client1.crt", "testdata/client1.key",
- handler,
- )
-
- go func() {
- _ = server.Serve()
- }()
- defer server.Close()
-
- requestPath(t, client, server, "/one")
- assert.False(t, invoked1)
-
- client, _ = clientFor(t, server, "", "")
- requestPath(t, client, server, "/two")
- assert.True(t, invoked2)
-}
-
func setup(
t *testing.T,
serverCertPath string,