eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-30 19:47:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

rewrite the auth middleware

Browse Source 
The old approach of the authentication middlewares had the problem that when an authenticator could not authenticate a request it would still send it to the next handler, in case that the next one can authenticate it. But if no authenticator could successfully authenticate the request, it would still be handled, which leads to unauthorized access.
This commit is contained in:
David Christofas
2022-08-04 17:38:55 +02:00
parent 02adcbd92a
commit e96819bce8
8 changed files with 423 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
services/proxy/pkg/middleware/signed_url_auth_test.go
View File

@@ -7,7 +7,7 @@ import (
)
func TestSignedURLAuth_shouldServe(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
tests := []struct {
url string
enabled bool
@@ -31,7 +31,7 @@ func TestSignedURLAuth_shouldServe(t *testing.T) {
}
func TestSignedURLAuth_allRequiredParametersPresent(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
baseURL := "https://example.com/example.jpg?"
tests := []struct {
params string
@@ -54,7 +54,7 @@ func TestSignedURLAuth_allRequiredParametersPresent(t *testing.T) {
}
func TestSignedURLAuth_requestMethodMatches(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
tests := []struct {
method string
url string
@@ -75,7 +75,7 @@ func TestSignedURLAuth_requestMethodMatches(t *testing.T) {
}
func TestSignedURLAuth_requestMethodIsAllowed(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
tests := []struct {
method string
allowed []string
@@ -99,7 +99,7 @@ func TestSignedURLAuth_requestMethodIsAllowed(t *testing.T) {
}
func TestSignedURLAuth_urlIsExpired(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
nowFunc := func() time.Time {
t, _ := time.Parse(time.RFC3339, "2020-02-02T12:30:00.000Z")
return t
@@ -126,7 +126,7 @@ func TestSignedURLAuth_urlIsExpired(t *testing.T) {
}
func TestSignedURLAuth_createSignature(t *testing.T) {
pua := signedURLAuth{}
pua := SignedURLAuthenticator{}
expected := "27d2ebea381384af3179235114801dcd00f91e46f99fca72575301cf3948101d"
s := pua.createSignature("something", []byte("somerandomkey"))