Auth: You can now authenicate against api with username / password using basic auth, Closes #2218

2025-08-06 03:09:26 +08:00 · 2015-06-30 09:37:52 +02:00
parent d0e7d53c69
commit ae0f8c77d1
8 changed files with 126 additions and 0 deletions
--- a/pkg/middleware/middleware_test.go
+++ b/pkg/middleware/middleware_test.go
@ -48,6 +48,32 @@ func TestMiddlewareContext(t *testing.T) {
 			})
 		})

+		middlewareScenario("Using basic auth", func(sc *scenarioContext) {
+
+			bus.AddHandler("test", func(query *m.GetUserByLoginQuery) error {
+				query.Result = &m.User{
+					Password: util.EncodePassword("myPass", "salt"),
+					Salt:     "salt",
+				}
+				return nil
+			})
+
+			bus.AddHandler("test", func(query *m.GetSignedInUserQuery) error {
+				query.Result = &m.SignedInUser{OrgId: 2, UserId: 12}
+				return nil
+			})
+
+			setting.BasicAuthEnabled = true
+			authHeader := util.GetBasicAuthHeader("myUser", "myPass")
+			sc.fakeReq("GET", "/").withAuthoriziationHeader(authHeader).exec()
+
+			Convey("Should init middleware context with user", func() {
+				So(sc.context.IsSignedIn, ShouldEqual, true)
+				So(sc.context.OrgId, ShouldEqual, 2)
+				So(sc.context.UserId, ShouldEqual, 12)
+			})
+		})
+
 		middlewareScenario("Valid api key", func(sc *scenarioContext) {
 			keyhash := util.EncodePassword("v5nAwpMafFP6znaS4urhdWDLS5511M42", "asd")

@ -223,6 +249,7 @@ type scenarioContext struct {
 	context        *Context
 	resp           *httptest.ResponseRecorder
 	apiKey         string
+	authHeader     string
 	respJson       map[string]interface{}
 	handlerFunc    handlerFunc
 	defaultHandler macaron.Handler
@ -240,6 +267,11 @@ func (sc *scenarioContext) withInvalidApiKey() *scenarioContext {
 	return sc
 }

+func (sc *scenarioContext) withAuthoriziationHeader(authHeader string) *scenarioContext {
+	sc.authHeader = authHeader
+	return sc
+}
+
 func (sc *scenarioContext) fakeReq(method, url string) *scenarioContext {
 	sc.resp = httptest.NewRecorder()
 	req, err := http.NewRequest(method, url, nil)
@ -266,6 +298,10 @@ func (sc *scenarioContext) exec() {
 		sc.req.Header.Add("Authorization", "Bearer "+sc.apiKey)
 	}

+	if sc.authHeader != "" {
+		sc.req.Header.Add("Authorization", sc.authHeader)
+	}
+
 	sc.m.ServeHTTP(sc.resp, sc.req)

 	if sc.resp.Header().Get("Content-Type") == "application/json; charset=UTF-8" {