mirror of
https://github.com/grafana/grafana.git
synced 2024-11-24 09:50:29 -06:00
d88fdc86fc
* Auth: Do not search for the user twice
Previously `initContextWithBasicAuth` did not use `LoginUserQuery`, doing
`GetUserByLoginQuery` only i.e. looking user in DB only, things changed when
this function started to check LDAP provider via `LoginUserQuery` (#6940),
however, this request was placed after `GetUserByLoginQuery`, so we first
looking in DB then in the LDAP - if LDAP user hasn't logged in we will
not find it in DB, so `LoginUserQuery` will never be reached.
`LoginUserQuery` request already performs `GetUserByLoginQuery`
request in correct sequence. So we can just remove redundant request.
* Correct sequence execution during authentification &
introduce tests for it
* Move basic auth tests to separate test file, since main test file already
pretty large
* Introduce `testing.go` for the middleware module
* Remove redundant test helper function
* Make handler names more explicit
Ref 5777f65d05
Fixes #18329
* Auth: address review comment
103 lines
2.5 KiB
Go
103 lines
2.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"gopkg.in/macaron.v1"
|
|
|
|
"github.com/grafana/grafana/pkg/infra/remotecache"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/auth"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
type scenarioContext struct {
|
|
m *macaron.Macaron
|
|
context *models.ReqContext
|
|
resp *httptest.ResponseRecorder
|
|
apiKey string
|
|
authHeader string
|
|
tokenSessionCookie string
|
|
respJson map[string]interface{}
|
|
handlerFunc handlerFunc
|
|
defaultHandler macaron.Handler
|
|
url string
|
|
userAuthTokenService *auth.FakeUserAuthTokenService
|
|
remoteCacheService *remotecache.RemoteCache
|
|
|
|
req *http.Request
|
|
}
|
|
|
|
func (sc *scenarioContext) withValidApiKey() *scenarioContext {
|
|
sc.apiKey = "eyJrIjoidjVuQXdwTWFmRlA2em5hUzR1cmhkV0RMUzU1MTFNNDIiLCJuIjoiYXNkIiwiaWQiOjF9"
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) withTokenSessionCookie(unhashedToken string) *scenarioContext {
|
|
sc.tokenSessionCookie = unhashedToken
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) withAuthorizationHeader(authHeader string) *scenarioContext {
|
|
sc.authHeader = authHeader
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) fakeReq(method, url string) *scenarioContext {
|
|
sc.resp = httptest.NewRecorder()
|
|
req, err := http.NewRequest(method, url, nil)
|
|
So(err, ShouldBeNil)
|
|
sc.req = req
|
|
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) fakeReqWithParams(method, url string, queryParams map[string]string) *scenarioContext {
|
|
sc.resp = httptest.NewRecorder()
|
|
req, err := http.NewRequest(method, url, nil)
|
|
q := req.URL.Query()
|
|
for k, v := range queryParams {
|
|
q.Add(k, v)
|
|
}
|
|
req.URL.RawQuery = q.Encode()
|
|
So(err, ShouldBeNil)
|
|
sc.req = req
|
|
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) handler(fn handlerFunc) *scenarioContext {
|
|
sc.handlerFunc = fn
|
|
return sc
|
|
}
|
|
|
|
func (sc *scenarioContext) exec() {
|
|
if sc.apiKey != "" {
|
|
sc.req.Header.Add("Authorization", "Bearer "+sc.apiKey)
|
|
}
|
|
|
|
if sc.authHeader != "" {
|
|
sc.req.Header.Add("Authorization", sc.authHeader)
|
|
}
|
|
|
|
if sc.tokenSessionCookie != "" {
|
|
sc.req.AddCookie(&http.Cookie{
|
|
Name: setting.LoginCookieName,
|
|
Value: sc.tokenSessionCookie,
|
|
})
|
|
}
|
|
|
|
sc.m.ServeHTTP(sc.resp, sc.req)
|
|
|
|
if sc.resp.Header().Get("Content-Type") == "application/json; charset=UTF-8" {
|
|
err := json.NewDecoder(sc.resp.Body).Decode(&sc.respJson)
|
|
So(err, ShouldBeNil)
|
|
}
|
|
}
|
|
|
|
type scenarioFunc func(c *scenarioContext)
|
|
type handlerFunc func(c *models.ReqContext)
|