Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 244b6d5b9779ef09d5b359befaa2180acb4afd4a / . / src / token_authorization_middleware_test.cpp
blob: fcb5b65e80c3d7d072faed1f30f6844378e47c89 [file] [log] [blame]
Ed Tanous9140a672017-04-24 17:01:32 -0700[diff] [blame]1#include "token_authorization_middleware.hpp"
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]2
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]3#include <condition_variable>
4#include <future>
5#include <mutex>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]6
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]7#include "gmock/gmock.h"
Ed Tanous1ff48782017-04-18 12:45:08 -0700[diff] [blame]8#include "gtest/gtest.h"
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]9
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]10using namespace crow;
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]11
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]12class TokenAuth : public ::testing::Test
13{
14 public:
15 TokenAuth() :
16 lk(std::unique_lock<std::mutex>(m)),
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]17 io(std::make_shared<boost::asio::io_context>())
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]18 {}
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]19
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]20 std::mutex m;
21 std::condition_variable cv;
22 std::unique_lock<std::mutex> lk;
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]23 std::shared_ptr<boost::asio::io_context> io;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]24 int testPort = 45451;
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]25};
26
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27TEST_F(TokenAuth, SpecialResourcesAreAcceptedWithoutAuth)
28{
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]29 App app(io);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]30 crow::token_authorization::requestRoutes(app);
31 BMCWEB_ROUTE(app, "/redfish/v1")
32 ([]() { return boost::beast::http::status::ok; });
33 auto _ = std::async(std::launch::async, [&] {
34 app.port(testPort).run();
35 cv.notify_one();
36 io->run();
37 });
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]38
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]39 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]40 std::string sendmsg;
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]41
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]42 static char buf[2048];
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]43
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]44 // Homepage should be passed with no credentials
45 sendmsg = "GET /\r\n\r\n";
46 {
47 asio::ip::tcp::socket c(is);
48 c.connect(asio::ip::tcp::endpoint(
49 asio::ip::address::from_string("127.0.0.1"), 45451));
50 c.send(asio::buffer(sendmsg));
51 c.receive(asio::buffer(buf, 2048));
52 c.close();
53 EXPECT_EQ("200", std::string(buf + 9, buf + 12));
54 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]55
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]56 // static should be passed with no credentials
57 sendmsg = "GET /static/index.html\r\n\r\n";
58 {
59 asio::ip::tcp::socket c(is);
60 c.connect(asio::ip::tcp::endpoint(
61 asio::ip::address::from_string("127.0.0.1"), 45451));
62 c.send(asio::buffer(sendmsg));
63 c.receive(asio::buffer(buf, 2048));
64 c.close();
65 EXPECT_EQ("404", std::string(buf + 9, buf + 12));
66 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]67
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]68 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]69}
70
71// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]72TEST(TokenAuthentication, TestRejectedResource)
73{
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]74 App app;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]75 app.bindaddr("127.0.0.1").port(45451);
76 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
77 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]78
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]79 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]80 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]81
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]82 // Other resources should not be passed
83 std::string sendmsg = "GET /foo\r\n\r\n";
84 asio::ip::tcp::socket c(is);
85 for (int i = 0; i < 200; i++)
86 {
87 try
88 {
89 c.connect(asio::ip::tcp::endpoint(
90 asio::ip::address::from_string("127.0.0.1"), 45451));
91 }
92 catch (std::exception e)
93 {
94 // do nothing
95 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]96 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]97 c.send(asio::buffer(sendmsg));
98 c.receive(asio::buffer(buf, 2048));
99 c.close();
100 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]101
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]102 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]103}
104
105// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]106TEST(TokenAuthentication, TestGetLoginUrl)
107{
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]108 App app;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]109 app.bindaddr("127.0.0.1").port(45451);
110 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
111 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]112
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]113 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]114 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]115
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]116 // Other resources should not be passed
117 std::string sendmsg = "GET /login\r\n\r\n";
118 asio::ip::tcp::socket c(is);
119 for (int i = 0; i < 200; i++)
120 {
121 try
122 {
123 c.connect(asio::ip::tcp::endpoint(
124 asio::ip::address::from_string("127.0.0.1"), 45451));
125 }
126 catch (std::exception e)
127 {
128 // do nothing
129 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]130 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]131 c.send(asio::buffer(sendmsg));
132 c.receive(asio::buffer(buf, 2048));
133 c.close();
134 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]135
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]136 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]137}
138
139// Tests boundary conditions on login
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]140TEST(TokenAuthentication, TestPostBadLoginUrl)
141{
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]142 App app;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]143 app.bindaddr("127.0.0.1").port(45451);
144 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
145 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]146
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]147 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]148 std::array<char, 2048> buf;
149 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]150
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]151 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
152 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]153 c.connect(asio::ip::tcp::endpoint(
154 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]155 c.send(asio::buffer(sendmsg));
156 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]157 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]158 };
159
160 {
161 // Retry a couple of times waiting for the server to come up
162 asio::ip::tcp::socket c(is);
163 for (int i = 0; i < 200; i++)
164 {
165 try
166 {
167 c.connect(asio::ip::tcp::endpoint(
168 asio::ip::address::from_string("127.0.0.1"), 45451));
169 c.close();
170 break;
171 }
172 catch (std::exception e)
173 {
174 // do nothing. We expect this to fail while the server is
175 // starting up
176 }
177 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]178 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]179
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]180 // Test blank login credentials
181 sendmsg = "POST /login\r\nContent-Length:0\r\n\r\n\r\n";
182 {
183 send_to_localhost(sendmsg);
184 auto return_code = std::string(&buf[9], &buf[12]);
185 EXPECT_EQ("400", return_code);
186 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]187
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]188 // Test wrong login credentials
189 sendmsg = "POST /login\r\nContent-Length:38\r\n\r\n{\"username\": \"foo\", "
190 "\"password\": \"bar\"}\r\n";
191 {
192 send_to_localhost(sendmsg);
193 auto return_code = std::string(&buf[9], &buf[12]);
194 EXPECT_EQ("401", return_code);
195 // TODO(ed) need to test more here. Response string?
196 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]197
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]198 // Test only sending a username
199 sendmsg =
200 "POST /login\r\nContent-Length:19\r\n\r\n{\"username\": \"foo\"}\r\n";
201 {
202 send_to_localhost(sendmsg);
203 auto return_code = std::string(&buf[9], &buf[12]);
204 EXPECT_EQ("400", return_code);
205 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]206
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]207 // Test only sending a password
208 sendmsg =
209 "POST /login\r\nContent-Length:19\r\n\r\n{\"password\": \"foo\"}\r\n";
210 {
211 send_to_localhost(sendmsg);
212 auto return_code = std::string(&buf[9], &buf[12]);
213 EXPECT_EQ("400", return_code);
214 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]215
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]216 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]217}
218
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]219// Test class that allows login for a fixed password.
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]220class KnownLoginAuthenticator
221{
222 public:
223 inline bool authenticate(const std::string& username,
224 const std::string& password)
225 {
226 return (username == "dude") && (password == "foo");
227 }
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]228};
229
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]230TEST(TokenAuthentication, TestSuccessfulLogin)
231{
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]232 App app;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]233 app.bindaddr("127.0.0.1").port(45451);
234 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
235 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]236
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]237 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]238 std::array<char, 2048> buf;
239 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]240
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]241 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
242 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]243 c.connect(asio::ip::tcp::endpoint(
244 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]245 c.send(asio::buffer(sendmsg));
246 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]247 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]248 };
249
250 {
251 // Retry a couple of times waiting for the server to come up
252 asio::ip::tcp::socket c(is);
253 for (int i = 0; i < 200; i++)
254 {
255 try
256 {
257 c.connect(asio::ip::tcp::endpoint(
258 asio::ip::address::from_string("127.0.0.1"), 45451));
259 c.close();
260 break;
261 }
262 catch (std::exception e)
263 {
264 // do nothing. We expect this to fail while the server is
265 // starting up
266 }
267 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]268 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]269
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]270 // Test correct login credentials
271 sendmsg =
272 "POST /login\r\nContent-Length:40\r\n\r\n{\"username\": \"dude\", "
273 "\"password\": \"foo\"}\r\n";
274 {
275 send_to_localhost(sendmsg);
276 std::string response(std::begin(buf), std::end(buf));
277 // This is a routine to split strings until a newline is hit
278 // TODO(ed) this should really use the HTTP parser
279 std::vector<std::string> headers;
280 std::string::size_type pos = 0;
281 std::string::size_type prev = 0;
282 int content_length = 0;
283 std::string content_encoding("");
284 while ((pos = response.find("\r\n", prev)) != std::string::npos)
285 {
286 auto this_string = response.substr(prev, pos - prev);
287 if (this_string == "")
288 {
289 prev = pos + 2;
290 break;
291 }
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]292
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]293 headers.push_back(this_string);
294 prev = pos + 2;
295 }
296 EXPECT_EQ(headers[0], "HTTP/1.1 200 OK");
297 EXPECT_THAT(headers,
298 testing::Contains("Content-Type: application/json"));
299 auto http_content = response.substr(prev);
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]300 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]301
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]302 // Try to use those login credentials to access a resource
303 sendmsg = "GET /\r\nAuthorization: token\r\n\r\n{\"username\": \"dude\", "
304 "\"password\": \"dude\"}\r\n";
305 {
306 send_to_localhost(sendmsg);
307 auto return_code = std::string(&buf[9], &buf[12]);
308 EXPECT_EQ("200", return_code);
309 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]310
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]311 app.stop();
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame]312}