agent-company
feae2e19a1
Update Auth middleware to accept a fallbackToken parameter. When no per-user cookie token is present and GITEA_TOKEN is set in the environment, the middleware uses the env token instead of redirecting to /settings. Cookie tokens still take precedence over the fallback. Add three new unit tests covering: fallback used when no cookie, cookie takes precedence over fallback, and redirect when neither is set. Closes leeworks-agents/gitea-mobile#125 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
155 lines
4.3 KiB
Go
155 lines
4.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"gitea.leeworks.dev/0xwheatyz/gitea-mobile/internal/auth"
|
|
)
|
|
|
|
const testSecret = "test-secret-that-is-at-least-32-chars-long"
|
|
|
|
func TestAuth_HealthBypass(t *testing.T) {
|
|
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/health", nil)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAuth_SettingsBypass(t *testing.T) {
|
|
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/settings", nil)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAuth_RedirectWithoutToken(t *testing.T) {
|
|
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusSeeOther {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusSeeOther)
|
|
}
|
|
if loc := w.Header().Get("Location"); loc != "/settings" {
|
|
t.Errorf("Location = %q, want %q", loc, "/settings")
|
|
}
|
|
}
|
|
|
|
func TestAuth_PassWithToken(t *testing.T) {
|
|
called := false
|
|
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
called = true
|
|
token := TokenFromContext(r.Context())
|
|
if token != "my-token" {
|
|
t.Errorf("token = %q, want %q", token, "my-token")
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
// Set a token cookie.
|
|
cookieW := httptest.NewRecorder()
|
|
auth.SetTokenCookie(cookieW, "my-token", testSecret, false)
|
|
cookie := cookieW.Result().Cookies()[0]
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req.AddCookie(cookie)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if !called {
|
|
t.Error("next handler was not called")
|
|
}
|
|
if w.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAuth_FallbackToken_UsedWhenNoCookie(t *testing.T) {
|
|
called := false
|
|
handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
called = true
|
|
token := TokenFromContext(r.Context())
|
|
if token != "env-fallback-token" {
|
|
t.Errorf("token = %q, want %q", token, "env-fallback-token")
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if !called {
|
|
t.Error("next handler was not called with fallback token")
|
|
}
|
|
if w.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAuth_FallbackToken_CookieTakesPrecedence(t *testing.T) {
|
|
called := false
|
|
handler := Auth(testSecret, "env-fallback-token")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
called = true
|
|
token := TokenFromContext(r.Context())
|
|
if token != "cookie-token" {
|
|
t.Errorf("token = %q, want %q (cookie should take precedence over fallback)", token, "cookie-token")
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
// Set a cookie token.
|
|
cookieW := httptest.NewRecorder()
|
|
auth.SetTokenCookie(cookieW, "cookie-token", testSecret, false)
|
|
cookie := cookieW.Result().Cookies()[0]
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/", nil)
|
|
req.AddCookie(cookie)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if !called {
|
|
t.Error("next handler was not called")
|
|
}
|
|
if w.Code != http.StatusOK {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusOK)
|
|
}
|
|
}
|
|
|
|
func TestAuth_NoFallbackToken_RedirectsWithoutCookie(t *testing.T) {
|
|
handler := Auth(testSecret, "")(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/issues", nil)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusSeeOther {
|
|
t.Errorf("status = %d, want %d", w.Code, http.StatusSeeOther)
|
|
}
|
|
if loc := w.Header().Get("Location"); loc != "/settings" {
|
|
t.Errorf("Location = %q, want %q", loc, "/settings")
|
|
}
|
|
}
|