110 lines
3.2 KiB
Go
110 lines
3.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
portainer "github.com/portainer/portainer/api"
|
|
"github.com/portainer/portainer/api/dataservices"
|
|
"github.com/portainer/portainer/api/datastore"
|
|
"github.com/portainer/portainer/api/http/proxy/factory/kubernetes"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/internal/testhelpers"
|
|
"github.com/portainer/portainer/api/kubernetes/cli"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
type mockBouncer struct {
|
|
security.BouncerService
|
|
}
|
|
|
|
func NewMockBouncer() *mockBouncer {
|
|
return &mockBouncer{BouncerService: testhelpers.NewTestRequestBouncer()}
|
|
}
|
|
|
|
func (*mockBouncer) CookieAuthLookup(r *http.Request) (*portainer.TokenData, error) {
|
|
return &portainer.TokenData{
|
|
ID: 1,
|
|
Username: "testuser",
|
|
Token: "valid-token",
|
|
}, nil
|
|
}
|
|
|
|
func TestLogout(t *testing.T) {
|
|
t.Parallel()
|
|
h := NewHandler(NewMockBouncer(), nil, nil, nil)
|
|
h.KubernetesTokenCacheManager = kubernetes.NewTokenCacheManager()
|
|
_, h.DataStore = datastore.MustNewTestStore(t, true, false)
|
|
k, err := cli.NewClientFactory(nil, nil, nil, "", "", "")
|
|
require.NoError(t, err)
|
|
h.KubernetesClientFactory = k
|
|
|
|
rr := httptest.NewRecorder()
|
|
req := httptest.NewRequest("POST", "/auth/logout", nil)
|
|
|
|
h.ServeHTTP(rr, req)
|
|
require.Equal(t, http.StatusNoContent, rr.Code)
|
|
}
|
|
|
|
func TestLogoutNoPanic(t *testing.T) {
|
|
t.Parallel()
|
|
h := NewHandler(testhelpers.NewTestRequestBouncer(), nil, nil, nil)
|
|
_, h.DataStore = datastore.MustNewTestStore(t, true, false)
|
|
|
|
rr := httptest.NewRecorder()
|
|
req := httptest.NewRequest("POST", "/auth/logout", nil)
|
|
|
|
h.ServeHTTP(rr, req)
|
|
require.Equal(t, http.StatusNoContent, rr.Code)
|
|
}
|
|
|
|
func TestLogout_ClearsCookie(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
forceSecureCookies bool
|
|
wantSecure bool
|
|
}{
|
|
{name: "clears cookie without secure flag", forceSecureCookies: false, wantSecure: false},
|
|
{name: "clears cookie with secure flag when ForceSecureCookies is set", forceSecureCookies: true, wantSecure: true},
|
|
}
|
|
|
|
for _, tc := range tests {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
h := NewHandler(NewMockBouncer(), nil, nil, nil)
|
|
h.KubernetesTokenCacheManager = kubernetes.NewTokenCacheManager()
|
|
_, h.DataStore = datastore.MustNewTestStore(t, true, false)
|
|
k, err := cli.NewClientFactory(nil, nil, nil, "", "", "")
|
|
require.NoError(t, err)
|
|
h.KubernetesClientFactory = k
|
|
|
|
err = h.DataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
|
return tx.Settings().UpdateSettings(&portainer.Settings{ForceSecureCookies: tc.forceSecureCookies})
|
|
})
|
|
require.NoError(t, err)
|
|
|
|
rr := httptest.NewRecorder()
|
|
req := httptest.NewRequest("POST", "/auth/logout", nil)
|
|
|
|
h.ServeHTTP(rr, req)
|
|
require.Equal(t, http.StatusNoContent, rr.Code)
|
|
|
|
cookies := rr.Result().Cookies()
|
|
var authCookie *http.Cookie
|
|
for _, c := range cookies {
|
|
if c.Name == portainer.AuthCookieKey {
|
|
authCookie = c
|
|
break
|
|
}
|
|
}
|
|
require.NotNil(t, authCookie, "expected auth cookie to be present in response so the browser can clear it")
|
|
require.Empty(t, authCookie.Value)
|
|
require.Equal(t, -1, authCookie.MaxAge)
|
|
require.Equal(t, tc.wantSecure, authCookie.Secure)
|
|
})
|
|
}
|
|
}
|