2015-05-02 05:06:58 -05:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
import (
|
2020-11-20 12:30:37 -06:00
|
|
|
"fmt"
|
2015-05-02 05:06:58 -05:00
|
|
|
"testing"
|
|
|
|
|
|
2022-10-19 08:02:15 -05:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
2020-10-23 09:34:35 -05:00
|
|
|
"github.com/grafana/grafana/pkg/models"
|
2022-10-04 13:48:02 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/org"
|
2019-09-02 08:15:46 -05:00
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
2015-05-02 05:06:58 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestMiddlewareAuth(t *testing.T) {
|
2020-12-03 01:28:54 -06:00
|
|
|
reqSignIn := Auth(&AuthOptions{ReqSignedIn: true})
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and unauthenticated request", func(t *testing.T, sc *scenarioContext) {
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.m.Get("/secure", reqSignIn, sc.defaultHandler)
|
|
|
|
|
sc.fakeReq("GET", "/secure").exec()
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
assert.Equal(t, 302, sc.resp.Code)
|
|
|
|
|
})
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and unauthenticated API request", func(t *testing.T, sc *scenarioContext) {
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.m.Get("/api/secure", reqSignIn, sc.defaultHandler)
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.fakeReq("GET", "/api/secure").exec()
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
assert.Equal(t, 401, sc.resp.Code)
|
|
|
|
|
})
|
2015-05-02 05:06:58 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
t.Run("Anonymous auth enabled", func(t *testing.T) {
|
|
|
|
|
const orgID int64 = 1
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-11 04:44:44 -06:00
|
|
|
configure := func(cfg *setting.Cfg) {
|
|
|
|
|
cfg.AnonymousEnabled = true
|
|
|
|
|
cfg.AnonymousOrgName = "test"
|
|
|
|
|
}
|
2020-12-03 01:28:54 -06:00
|
|
|
|
2021-02-27 11:04:28 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and NoAnonynmous true", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2022-10-04 13:48:02 -05:00
|
|
|
sc.orgService.ExpectedOrg = &org.Org{ID: orgID, Name: "test"}
|
2021-02-27 11:04:28 -06:00
|
|
|
sc.m.Get("/api/secure", ReqSignedInNoAnonymous, sc.defaultHandler)
|
|
|
|
|
sc.fakeReq("GET", "/api/secure").exec()
|
|
|
|
|
|
|
|
|
|
assert.Equal(t, 401, sc.resp.Code)
|
|
|
|
|
}, configure)
|
|
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and request with forceLogin in query string", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2022-10-04 13:48:02 -05:00
|
|
|
sc.orgService.ExpectedOrg = &org.Org{ID: orgID, Name: "test"}
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.m.Get("/secure", reqSignIn, sc.defaultHandler)
|
|
|
|
|
|
|
|
|
|
sc.fakeReq("GET", "/secure?forceLogin=true").exec()
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.Equal(t, 302, sc.resp.Code)
|
2020-12-03 01:28:54 -06:00
|
|
|
location, ok := sc.resp.Header()["Location"]
|
|
|
|
|
assert.True(t, ok)
|
|
|
|
|
assert.Equal(t, "/login", location[0])
|
2020-12-11 04:44:44 -06:00
|
|
|
}, configure)
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and request with same org provided in query string", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2022-10-04 13:48:02 -05:00
|
|
|
sc.orgService.ExpectedOrg = &org.Org{ID: 1, Name: sc.cfg.AnonymousOrgName}
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.m.Get("/secure", reqSignIn, sc.defaultHandler)
|
|
|
|
|
|
2022-10-05 08:47:56 -05:00
|
|
|
sc.fakeReq("GET", fmt.Sprintf("/secure?orgId=%d", 1)).exec()
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.Equal(t, 200, sc.resp.Code)
|
2020-12-11 04:44:44 -06:00
|
|
|
}, configure)
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "ReqSignIn true and request with different org provided in query string", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2022-10-04 13:48:02 -05:00
|
|
|
sc.orgService.ExpectedOrg = &org.Org{ID: 1, Name: sc.cfg.AnonymousOrgName}
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.m.Get("/secure", reqSignIn, sc.defaultHandler)
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.fakeReq("GET", "/secure?orgId=2").exec()
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.Equal(t, 302, sc.resp.Code)
|
2020-12-03 01:28:54 -06:00
|
|
|
location, ok := sc.resp.Header()["Location"]
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.True(t, ok)
|
|
|
|
|
assert.Equal(t, "/login", location[0])
|
2020-12-11 04:44:44 -06:00
|
|
|
}, configure)
|
2020-12-03 01:28:54 -06:00
|
|
|
})
|
2020-10-23 09:34:35 -05:00
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "Snapshot public mode disabled and unauthenticated request should return 401", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2021-02-17 02:51:50 -06:00
|
|
|
sc.m.Get("/api/snapshot", func(c *models.ReqContext) {
|
|
|
|
|
c.IsSignedIn = false
|
|
|
|
|
}, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.fakeReq("GET", "/api/snapshot").exec()
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.Equal(t, 401, sc.resp.Code)
|
2020-12-03 01:28:54 -06:00
|
|
|
})
|
2019-09-02 08:15:46 -05:00
|
|
|
|
2021-02-17 02:51:50 -06:00
|
|
|
middlewareScenario(t, "Snapshot public mode disabled and authenticated request should return 200", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
|
|
|
|
sc.m.Get("/api/snapshot", func(c *models.ReqContext) {
|
|
|
|
|
c.IsSignedIn = true
|
|
|
|
|
}, SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
|
|
|
|
|
sc.fakeReq("GET", "/api/snapshot").exec()
|
|
|
|
|
assert.Equal(t, 200, sc.resp.Code)
|
|
|
|
|
})
|
|
|
|
|
|
2020-12-04 04:09:32 -06:00
|
|
|
middlewareScenario(t, "Snapshot public mode enabled and unauthenticated request should return 200", func(
|
|
|
|
|
t *testing.T, sc *scenarioContext) {
|
2020-12-11 04:44:44 -06:00
|
|
|
sc.cfg.SnapshotPublicMode = true
|
|
|
|
|
sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(sc.cfg), sc.defaultHandler)
|
2020-12-03 01:28:54 -06:00
|
|
|
sc.fakeReq("GET", "/api/snapshot").exec()
|
2020-12-04 04:09:32 -06:00
|
|
|
assert.Equal(t, 200, sc.resp.Code)
|
2015-05-02 05:06:58 -05:00
|
|
|
})
|
|
|
|
|
}
|
2020-11-20 12:30:37 -06:00
|
|
|
|
|
|
|
|
func TestRemoveForceLoginparams(t *testing.T) {
|
|
|
|
|
tcs := []struct {
|
|
|
|
|
inp string
|
|
|
|
|
exp string
|
|
|
|
|
}{
|
|
|
|
|
{inp: "/?forceLogin=true", exp: "/?"},
|
|
|
|
|
{inp: "/d/dash/dash-title?ordId=1&forceLogin=true", exp: "/d/dash/dash-title?ordId=1"},
|
|
|
|
|
{inp: "/?kiosk&forceLogin=true", exp: "/?kiosk"},
|
|
|
|
|
{inp: "/d/dash/dash-title?ordId=1&kiosk&forceLogin=true", exp: "/d/dash/dash-title?ordId=1&kiosk"},
|
|
|
|
|
{inp: "/d/dash/dash-title?ordId=1&forceLogin=true&kiosk", exp: "/d/dash/dash-title?ordId=1&kiosk"},
|
|
|
|
|
{inp: "/d/dash/dash-title?forceLogin=true&kiosk", exp: "/d/dash/dash-title?&kiosk"},
|
|
|
|
|
}
|
|
|
|
|
for i, tc := range tcs {
|
|
|
|
|
t.Run(fmt.Sprintf("testcase %d", i), func(t *testing.T) {
|
|
|
|
|
require.Equal(t, tc.exp, removeForceLoginParams(tc.inp))
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
