more testcases for auth subsystem

auth/auth_test.go

@@ -27,8 +27,12 @@ package auth
 import (
 	"io/ioutil"
 	"log"
+	"net/http"
+	"net/http/httptest"
 	"os"
 	"testing"
+
+	"github.com/gorilla/mux"
 )
 
 func TestMain(m *testing.M) {
@@ -37,3 +41,59 @@ func TestMain(m *testing.M) {
 	auth.dbgLog = log.New(ioutil.Discard, "", 0)
 	os.Exit(m.Run())
 }
+
+//
+// Testing
+//
+
+func TestAuthDisabled(t *testing.T) {
+	if err := Init(nil, nil, nil, nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if auth.sessions != nil {
+		t.Fatalf("authentication should be disabled but Init created a session manager")
+	}
+
+	router := mux.NewRouter()
+	InstallHTTPHandler(router)
+
+	req, err := http.NewRequest("GET", "/backends", nil)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	rr := httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+	if rr.Code != http.StatusNotFound {
+		t.Fatalf("list backends should return 404 when authentication is disabled but returened: %d (%s)", rr.Code, http.StatusText(rr.Code))
+	}
+
+	if req, err = http.NewRequest("GET", "/session", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	rr = httptest.NewRecorder()
+	router.ServeHTTP(rr, req)
+	if rr.Code != http.StatusBadRequest {
+		t.Fatalf("get session should return 400 when authentication is disabled but returened: %d (%s)", rr.Code, http.StatusText(rr.Code))
+	}
+
+	var sOut *Session
+	protected := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		s, ok := SessionFromRequest(r)
+		if !ok {
+			t.Fatalf("protected handler did not get a valid session")
+		}
+		sOut = s
+	})
+	wrapped := Middleware(protected)
+
+	if req, err = http.NewRequest("GET", "/api/endpoint", nil); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	rr = httptest.NewRecorder()
+	wrapped.ServeHTTP(rr, req)
+
+	if sOut == anonAllowAll {
+		t.Fatalf("authentication middleware did not attach the correct session to the proteceted handler")
+	}
+}