Spaces:
Running
Running
| // _ _ | |
| // __ _____ __ ___ ___ __ _| |_ ___ | |
| // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \ | |
| // \ V V / __/ (_| |\ V /| | (_| | || __/ | |
| // \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___| | |
| // | |
| // Copyright © 2016 - 2024 Weaviate B.V. All rights reserved. | |
| // | |
| // CONTACT: [email protected] | |
| // | |
| package anonymous | |
| import ( | |
| "net/http" | |
| "net/http/httptest" | |
| "testing" | |
| "github.com/stretchr/testify/assert" | |
| "github.com/weaviate/weaviate/usecases/config" | |
| ) | |
| func Test_AnonymousMiddleware_Enabled(t *testing.T) { | |
| // when anonymous access is enabled, we don't need to do anything and can | |
| // safely call the next next handler | |
| r := httptest.NewRequest("GET", "/foo", nil) | |
| w := httptest.NewRecorder() | |
| next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | |
| w.WriteHeader(900) | |
| }) | |
| cfg := config.Config{ | |
| Authentication: config.Authentication{ | |
| AnonymousAccess: config.AnonymousAccess{ | |
| Enabled: true, | |
| }, | |
| }, | |
| } | |
| New(cfg).Middleware(next).ServeHTTP(w, r) | |
| response := w.Result() | |
| defer response.Body.Close() | |
| assert.Equal(t, response.StatusCode, 900) | |
| } | |
| func Test_AnonymousMiddleware_Disabled(t *testing.T) { | |
| t.Run("when OIDC is enabled, but no token provided", func(t *testing.T) { | |
| r := httptest.NewRequest("GET", "/foo", nil) | |
| w := httptest.NewRecorder() | |
| next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | |
| w.WriteHeader(900) | |
| }) | |
| cfg := config.Config{ | |
| Authentication: config.Authentication{ | |
| AnonymousAccess: config.AnonymousAccess{ | |
| Enabled: false, | |
| }, | |
| OIDC: config.OIDC{ | |
| Enabled: true, | |
| }, | |
| }, | |
| } | |
| New(cfg).Middleware(next).ServeHTTP(w, r) | |
| response := w.Result() | |
| defer response.Body.Close() | |
| assert.Equal(t, response.StatusCode, 401) | |
| }) | |
| t.Run("when OIDC is enabled, and a Bearer Header provided", func(t *testing.T) { | |
| r := httptest.NewRequest("GET", "/foo", nil) | |
| r.Header.Add("Authorization", "Bearer foo") | |
| w := httptest.NewRecorder() | |
| next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | |
| w.WriteHeader(900) | |
| }) | |
| cfg := config.Config{ | |
| Authentication: config.Authentication{ | |
| AnonymousAccess: config.AnonymousAccess{ | |
| Enabled: false, | |
| }, | |
| OIDC: config.OIDC{ | |
| Enabled: true, | |
| }, | |
| }, | |
| } | |
| New(cfg).Middleware(next).ServeHTTP(w, r) | |
| response := w.Result() | |
| defer response.Body.Close() | |
| assert.Equal(t, response.StatusCode, 900) | |
| }) | |
| } | |