gerrit/auth_test.go - build - Git at Google

 // Copyright 2016 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package gerrit

 import (
 	"context"
 	"crypto/md5"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"testing"
 )

 func md5str(text string) string {
 	h := md5.Sum([]byte(text))
 	return hex.EncodeToString(h[:])
 }

 func TestBasicAuth(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		expected := "User Password true"
 		u, p, ok := r.BasicAuth()
 		if expected != fmt.Sprintf("%s %s %t", u, p, ok) {
 			t.Errorf("Expected %s, got %s %s %t", expected, u, p, ok)
 			w.WriteHeader(http.StatusUnauthorized)
 		} else {
 			w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 			// The JSON response begins with an XSRF-defeating header ")]}\n"
 			fmt.Fprintln(w, ")]}")
 			json.NewEncoder(w).Encode(AccountInfo{})
 		}
 	}))
 	defer ts.Close()

 	_, err := NewClient(
 		ts.URL,
 		BasicAuth("User", "Password"),
 	).GetAccountInfo(context.Background(), "self")
 	if err != nil {
 		t.Error(err)
 	}
 }

 func TestDigestAuth(t *testing.T) {
 	const (
 		user   = "User"
 		pass   = "Password"
 		nonce  = "dcd98b7102dd2f0e8b11d0f600bfb0c093"
 		opaque = "5ccc069c403ebaf9f0171e9517f40e41"
 		realm  = "Gerrit Code Review"
 		qop    = "auth"
 	)

 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		header := r.Header.Get("Authorization")
 		if header == "" {
 			w.Header().Set("WWW-Authenticate", fmt.Sprintf(
 				`Digest realm="%s", qop="%s", nonce="%s", opaque="%s"`,
 				realm, qop, nonce, opaque,
 			))
 			w.WriteHeader(http.StatusUnauthorized)
 		} else {
 			parts := strings.SplitN(header, " ", 2)
 			parts = strings.Split(parts[1], ", ")
 			opts := make(map[string]string)

 			for _, part := range parts {
 				vals := strings.SplitN(part, "=", 2)
 				key := vals[0]
 				val := strings.Trim(vals[1], "\",")
 				opts[key] = val
 			}

 			// https://en.wikipedia.org/wiki/Digest_access_authentication#Example_with_explanation
 			// The "response" value is calculated in three steps, as follows.
 			//   Where values are combined, they are delimited by colons.
 			// 1. The MD5 hash of the combined username, authentication realm and password is calculated.
 			//    The result is referred to as HA1.
 			// 2. The MD5 hash of the combined method and digest URI is calculated, e.g. of "GET" and "/index.html".
 			//    The result is referred to as HA2.
 			// 3. The MD5 hash of the combined HA1 result, server nonce (nonce), request counter (nc),
 			//    client nonce (cnonce), quality of protection code (qop) and HA2 result is calculated.
 			//    The result is the "response" value provided by the client.
 			ha1 := md5str(fmt.Sprintf("%s:%s:%s", user, realm, pass))
 			ha2 := md5str("GET:/a/accounts/self")
 			expected := md5str(fmt.Sprintf("%s:%s:%s:%s:%s:%s", ha1, nonce, opts["nc"], opts["cnonce"], qop, ha2))

 			if expected != opts["response"] {
 				t.Errorf("Expected %s, got %s", expected, opts["response"])
 				w.WriteHeader(http.StatusUnauthorized)
 			} else {
 				w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 				// The JSON response begins with an XSRF-defeating header ")]}\n"
 				fmt.Fprintln(w, ")]}")
 				json.NewEncoder(w).Encode(AccountInfo{})
 			}
 		}
 	}))
 	defer ts.Close()

 	_, err := NewClient(
 		ts.URL,
 		DigestAuth(user, pass),
 	).GetAccountInfo(context.Background(), "self")
 	if err != nil {
 		t.Error(err)
 	}
 }
	// Copyright 2016 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package gerrit

	import (
	"context"
	"crypto/md5"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
	)

	func md5str(text string) string {
	h := md5.Sum([]byte(text))
	return hex.EncodeToString(h[:])
	}

	func TestBasicAuth(t *testing.T) {
	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	expected := "User Password true"
	u, p, ok := r.BasicAuth()
	if expected != fmt.Sprintf("%s %s %t", u, p, ok) {
	t.Errorf("Expected %s, got %s %s %t", expected, u, p, ok)
	w.WriteHeader(http.StatusUnauthorized)
	} else {
	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
	// The JSON response begins with an XSRF-defeating header ")]}\n"
	fmt.Fprintln(w, ")]}")
	json.NewEncoder(w).Encode(AccountInfo{})
	}
	}))
	defer ts.Close()

	_, err := NewClient(
	ts.URL,
	BasicAuth("User", "Password"),
	).GetAccountInfo(context.Background(), "self")
	if err != nil {
	t.Error(err)
	}
	}

	func TestDigestAuth(t *testing.T) {
	const (
	user = "User"
	pass = "Password"
	nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093"
	opaque = "5ccc069c403ebaf9f0171e9517f40e41"
	realm = "Gerrit Code Review"
	qop = "auth"
	)

	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	header := r.Header.Get("Authorization")
	if header == "" {
	w.Header().Set("WWW-Authenticate", fmt.Sprintf(
	`Digest realm="%s", qop="%s", nonce="%s", opaque="%s"`,
	realm, qop, nonce, opaque,
	))
	w.WriteHeader(http.StatusUnauthorized)
	} else {
	parts := strings.SplitN(header, " ", 2)
	parts = strings.Split(parts[1], ", ")
	opts := make(map[string]string)

	for _, part := range parts {
	vals := strings.SplitN(part, "=", 2)
	key := vals[0]
	val := strings.Trim(vals[1], "\",")
	opts[key] = val
	}

	// https://en.wikipedia.org/wiki/Digest_access_authentication#Example_with_explanation
	// The "response" value is calculated in three steps, as follows.
	// Where values are combined, they are delimited by colons.
	// 1. The MD5 hash of the combined username, authentication realm and password is calculated.
	// The result is referred to as HA1.
	// 2. The MD5 hash of the combined method and digest URI is calculated, e.g. of "GET" and "/index.html".
	// The result is referred to as HA2.
	// 3. The MD5 hash of the combined HA1 result, server nonce (nonce), request counter (nc),
	// client nonce (cnonce), quality of protection code (qop) and HA2 result is calculated.
	// The result is the "response" value provided by the client.
	ha1 := md5str(fmt.Sprintf("%s:%s:%s", user, realm, pass))
	ha2 := md5str("GET:/a/accounts/self")
	expected := md5str(fmt.Sprintf("%s:%s:%s:%s:%s:%s", ha1, nonce, opts["nc"], opts["cnonce"], qop, ha2))

	if expected != opts["response"] {
	t.Errorf("Expected %s, got %s", expected, opts["response"])
	w.WriteHeader(http.StatusUnauthorized)
	} else {
	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
	// The JSON response begins with an XSRF-defeating header ")]}\n"
	fmt.Fprintln(w, ")]}")
	json.NewEncoder(w).Encode(AccountInfo{})
	}
	}
	}))
	defer ts.Close()

	_, err := NewClient(
	ts.URL,
	DigestAuth(user, pass),
	).GetAccountInfo(context.Background(), "self")
	if err != nil {
	t.Error(err)
	}
	}