From cedcf58ea7d729acb6ed1a9ab7aec1ae38aed102 Mon Sep 17 00:00:00 2001 From: tjpcc Date: Mon, 9 Oct 2023 08:56:53 -0600 Subject: more useful tlsauth.Approver type the predicate function should be able to see the whole context and request --- contrib/tlsauth/auth_test.go | 85 -------------------------------------------- 1 file changed, 85 deletions(-) (limited to 'contrib/tlsauth/auth_test.go') diff --git a/contrib/tlsauth/auth_test.go b/contrib/tlsauth/auth_test.go index 2a95e1c..df67159 100644 --- a/contrib/tlsauth/auth_test.go +++ b/contrib/tlsauth/auth_test.go @@ -1,12 +1,10 @@ package tlsauth_test import ( - "bytes" "context" "crypto/tls" "crypto/x509" "net/url" - "strings" "testing" "github.com/stretchr/testify/assert" @@ -47,89 +45,6 @@ func TestIdentify(t *testing.T) { assert.True(t, invoked) } -func TestRequiredAuth(t *testing.T) { - invoked1 := false - invoked2 := false - - handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response { - invoked1 = true - return gemini.Success("", &bytes.Buffer{}) - }) - - handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response { - invoked2 = true - return gemini.Success("", &bytes.Buffer{}) - }) - - authMiddleware := sr.Filter(tlsauth.RequiredAuth(tlsauth.Allow), nil) - - handler1 = sr.Filter( - func(_ context.Context, req *sr.Request) bool { - return strings.HasPrefix(req.Path, "/one") - }, - nil, - )(authMiddleware(handler1)) - handler2 = authMiddleware(handler2) - - server, client, _ := setup(t, - "testdata/server.crt", "testdata/server.key", - "testdata/client1.crt", "testdata/client1.key", - sr.FallthroughHandler(handler1, handler2), - ) - - go func() { - _ = server.Serve() - }() - defer server.Close() - - requestPath(t, client, server, "/one") - assert.True(t, invoked1) - - client, _ = clientFor(t, server, "", "") // no client cert this time - requestPath(t, client, server, "/two") - assert.False(t, invoked2) -} - -func TestOptionalAuth(t *testing.T) { - invoked1 := false - invoked2 := false - - handler1 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response { - if !strings.HasPrefix(request.Path, "/one") { - return nil - } - - invoked1 = true - return gemini.Success("", &bytes.Buffer{}) - }) - - handler2 := sr.HandlerFunc(func(_ context.Context, request *sr.Request) *sr.Response { - invoked2 = true - return gemini.Success("", &bytes.Buffer{}) - }) - - mw := sr.Filter(tlsauth.OptionalAuth(tlsauth.Reject), nil) - handler := sr.FallthroughHandler(mw(handler1), mw(handler2)) - - server, client, _ := setup(t, - "testdata/server.crt", "testdata/server.key", - "testdata/client1.crt", "testdata/client1.key", - handler, - ) - - go func() { - _ = server.Serve() - }() - defer server.Close() - - requestPath(t, client, server, "/one") - assert.False(t, invoked1) - - client, _ = clientFor(t, server, "", "") - requestPath(t, client, server, "/two") - assert.True(t, invoked2) -} - func setup( t *testing.T, serverCertPath string, -- cgit v1.2.3