eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-27 02:05:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

rewrite the auth middleware

Browse Source 
The old approach of the authentication middlewares had the problem that when an authenticator could not authenticate a request it would still send it to the next handler, in case that the next one can authenticate it. But if no authenticator could successfully authenticate the request, it would still be handled, which leads to unauthorized access.
This commit is contained in:
David Christofas
2022-08-04 17:38:55 +02:00
parent 02adcbd92a
commit e96819bce8
8 changed files with 423 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
services/proxy/pkg/middleware/basic_auth_test.go
View File

@@ -23,8 +23,6 @@ func TestBasicAuth__isPublicLink(t *testing.T) {
{url: "/ocs/v1.php/cloud/capabilities", username: "public", expected: true},
{url: "/ocs/v1.php/cloud/users/admin", username: "public", expected: false},
}
ba := basicAuth{}
for _, tt := range tests {
req := httptest.NewRequest("", tt.url, nil)
@@ -32,7 +30,7 @@ func TestBasicAuth__isPublicLink(t *testing.T) {
req.SetBasicAuth(tt.username, "")
}
result := ba.isPublicLink(req)
result := isPublicPath(req.URL.Path)
if result != tt.expected {
t.Errorf("with %s expected %t got %t", tt.url, tt.expected, result)
}