summaryrefslogtreecommitdiff
path: root/contrib/tlsauth/gemini_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/tlsauth/gemini_test.go')
-rw-r--r--contrib/tlsauth/gemini_test.go111
1 files changed, 111 insertions, 0 deletions
diff --git a/contrib/tlsauth/gemini_test.go b/contrib/tlsauth/gemini_test.go
new file mode 100644
index 0000000..bc87958
--- /dev/null
+++ b/contrib/tlsauth/gemini_test.go
@@ -0,0 +1,111 @@
+package tlsauth_test
+
+import (
+ "bytes"
+ "context"
+ "strings"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+
+ "tildegit.org/tjp/gus"
+ "tildegit.org/tjp/gus/contrib/tlsauth"
+ "tildegit.org/tjp/gus/gemini"
+)
+
+func TestGeminiAuth(t *testing.T) {
+ handler1 := func(_ context.Context, request *gus.Request) *gus.Response {
+ if !strings.HasPrefix(request.Path, "/one") {
+ return nil
+ }
+
+ return gemini.Success("", &bytes.Buffer{})
+ }
+ handler2 := func(_ context.Context, request *gus.Request) *gus.Response {
+ if !strings.HasPrefix(request.Path, "/two") {
+ return nil
+ }
+
+ return gemini.Success("", &bytes.Buffer{})
+ }
+ handler3 := func(_ context.Context, request *gus.Request) *gus.Response {
+ if !strings.HasPrefix(request.Path, "/three") {
+ return nil
+ }
+
+ return gemini.Success("", &bytes.Buffer{})
+ }
+ handler4 := func(_ context.Context, request *gus.Request) *gus.Response {
+ return gemini.Success("", &bytes.Buffer{})
+ }
+
+ handler := gus.FallthroughHandler(
+ tlsauth.GeminiAuth(tlsauth.Allow)(handler1),
+ tlsauth.GeminiAuth(tlsauth.Allow)(handler2),
+ tlsauth.GeminiAuth(tlsauth.Reject)(handler3),
+ tlsauth.GeminiAuth(tlsauth.Reject)(handler4),
+ )
+
+ server, authClient, _ := setup(t,
+ "testdata/server.crt", "testdata/server.key",
+ "testdata/client1.crt", "testdata/client1.key",
+ handler,
+ )
+
+ authlessClient, _ := clientFor(t, server, "", "")
+
+ go server.Serve()
+ defer server.Close()
+
+ resp := requestPath(t, authClient, server, "/one")
+ assert.Equal(t, gemini.StatusSuccess, resp.Status)
+
+ resp = requestPath(t, authlessClient, server, "/two")
+ assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status)
+
+ resp = requestPath(t, authClient, server, "/three")
+ assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status)
+
+ resp = requestPath(t, authlessClient, server, "/four")
+ assert.Equal(t, gemini.StatusClientCertificateRequired, resp.Status)
+}
+
+func TestGeminiOptionalAuth(t *testing.T) {
+ pathHandler := func(path string) gus.Handler {
+ return func(_ context.Context, request *gus.Request) *gus.Response {
+ if !strings.HasPrefix(request.Path, path) {
+ return nil
+ }
+ return gemini.Success("", &bytes.Buffer{})
+ }
+ }
+
+ handler := gus.FallthroughHandler(
+ tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/one")),
+ tlsauth.GeminiOptionalAuth(tlsauth.Allow)(pathHandler("/two")),
+ tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/three")),
+ tlsauth.GeminiOptionalAuth(tlsauth.Reject)(pathHandler("/four")),
+ )
+
+ server, authClient, _ := setup(t,
+ "testdata/server.crt", "testdata/server.key",
+ "testdata/client1.crt", "testdata/client1.key",
+ handler,
+ )
+ authlessClient, _ := clientFor(t, server, "", "")
+
+ go server.Serve()
+ defer server.Close()
+
+ resp := requestPath(t, authClient, server, "/one")
+ assert.Equal(t, gemini.StatusSuccess, resp.Status)
+
+ resp = requestPath(t, authlessClient, server, "/two")
+ assert.Equal(t, gemini.StatusSuccess, resp.Status)
+
+ resp = requestPath(t, authClient, server, "/three")
+ assert.Equal(t, gemini.StatusCertificateNotAuthorized, resp.Status)
+
+ resp = requestPath(t, authlessClient, server, "/four")
+ assert.Equal(t, gemini.StatusSuccess, resp.Status)
+}