Test: auth middleware for WebDAV

2026-01-26 09:34:57 +08:00 · 2019-12-23 11:22:46 +08:00
parent cf90ab5a9a
commit fd7b6e33c8
4 changed files with 114 additions and 4 deletions
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@@ -90,3 +90,107 @@ func TestSignRequired(t *testing.T) {
 	SignRequiredFunc(c)
 	asserts.NotNil(c)
 }
+
+func TestWebDAVAuth(t *testing.T) {
+	asserts := assert.New(t)
+	rec := httptest.NewRecorder()
+	AuthFunc := WebDAVAuth()
+
+	// options请求跳过验证
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("OPTIONS", "/test", nil)
+		AuthFunc(c)
+	}
+
+	// 请求HTTP Basic Auth
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/test", nil)
+		AuthFunc(c)
+		asserts.NotEmpty(c.Writer.Header()["WWW-Authenticate"])
+	}
+
+	// 用户名不存在
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/test", nil)
+		c.Request.Header = map[string][]string{
+			"Authorization": {"Basic d2hvQGNsb3VkcmV2ZS5vcmc6YWRtaW4="},
+		}
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(
+				sqlmock.NewRows([]string{"id", "password", "email"}),
+			)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.Equal(c.Writer.Status(), http.StatusUnauthorized)
+	}
+
+	// 密码错误
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/test", nil)
+		c.Request.Header = map[string][]string{
+			"Authorization": {"Basic d2hvQGNsb3VkcmV2ZS5vcmc6YWRtaW4="},
+		}
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(
+				sqlmock.NewRows([]string{"id", "password", "email", "options"}).AddRow(1, "123", "who@cloudreve.org", "{}"),
+			)
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.Equal(c.Writer.Status(), http.StatusUnauthorized)
+	}
+
+	//未启用 WebDAV
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/test", nil)
+		c.Request.Header = map[string][]string{
+			"Authorization": {"Basic d2hvQGNsb3VkcmV2ZS5vcmc6YWRtaW4="},
+		}
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(
+				sqlmock.NewRows(
+					[]string{"id", "password", "email", "group_id", "options"}).
+					AddRow(1,
+						"rfBd67ti3SMtYvSg:ce6dc7bca4f17f2660e18e7608686673eae0fdf3",
+						"who@cloudreve.org",
+						1,
+						"{}",
+					),
+			)
+		mock.ExpectQuery("SELECT(.+)groups(.+)").WillReturnRows(sqlmock.NewRows([]string{"id", "web_dav_enabled"}).AddRow(1, false))
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.Equal(c.Writer.Status(), http.StatusForbidden)
+	}
+
+	//正常
+	{
+		c, _ := gin.CreateTestContext(rec)
+		c.Request, _ = http.NewRequest("POST", "/test", nil)
+		c.Request.Header = map[string][]string{
+			"Authorization": {"Basic d2hvQGNsb3VkcmV2ZS5vcmc6YWRtaW4="},
+		}
+		mock.ExpectQuery("SELECT(.+)users(.+)").
+			WillReturnRows(
+				sqlmock.NewRows(
+					[]string{"id", "password", "email", "group_id", "options"}).
+					AddRow(1,
+						"rfBd67ti3SMtYvSg:ce6dc7bca4f17f2660e18e7608686673eae0fdf3",
+						"who@cloudreve.org",
+						1,
+						"{}",
+					),
+			)
+		mock.ExpectQuery("SELECT(.+)groups(.+)").WillReturnRows(sqlmock.NewRows([]string{"id", "web_dav_enabled"}).AddRow(1, true))
+		AuthFunc(c)
+		asserts.NoError(mock.ExpectationsWereMet())
+		asserts.Equal(c.Writer.Status(), 200)
+		_, ok := c.Get("user")
+		asserts.True(ok)
+	}
+
+}