Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 883b311c7e33ce3bcfd4fb874267106b5d8757fa / . / src / token_authorization_middleware_test.cpp
blob: 812a6d193eed9df14ba084e5a2e4457a9dc7cb14 [file] [log] [blame]
Ed Tanous9140a672017-04-24 17:01:32 -0700[diff] [blame]1#include "token_authorization_middleware.hpp"
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]2#include "webserver_common.hpp"
3
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]4#include <condition_variable>
5#include <future>
6#include <mutex>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]7
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]8#include "gmock/gmock.h"
Ed Tanous1ff48782017-04-18 12:45:08 -0700[diff] [blame]9#include "gtest/gtest.h"
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]10
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]11using namespace crow;
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]12
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]13class TokenAuth : public ::testing::Test
14{
15 public:
16 TokenAuth() :
17 lk(std::unique_lock<std::mutex>(m)),
18 io(std::make_shared<boost::asio::io_service>())
19 {
20 }
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]21
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]22 std::mutex m;
23 std::condition_variable cv;
24 std::unique_lock<std::mutex> lk;
25 std::shared_ptr<boost::asio::io_service> io;
26 int testPort = 45451;
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]27};
28
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]29TEST_F(TokenAuth, SpecialResourcesAreAcceptedWithoutAuth)
30{
31 CrowApp app(io);
32 crow::token_authorization::requestRoutes(app);
33 BMCWEB_ROUTE(app, "/redfish/v1")
34 ([]() { return boost::beast::http::status::ok; });
35 auto _ = std::async(std::launch::async, [&] {
36 app.port(testPort).run();
37 cv.notify_one();
38 io->run();
39 });
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]40
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]41 asio::io_service is;
42 std::string sendmsg;
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]43
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]44 static char buf[2048];
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]45
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]46 // Homepage should be passed with no credentials
47 sendmsg = "GET /\r\n\r\n";
48 {
49 asio::ip::tcp::socket c(is);
50 c.connect(asio::ip::tcp::endpoint(
51 asio::ip::address::from_string("127.0.0.1"), 45451));
52 c.send(asio::buffer(sendmsg));
53 c.receive(asio::buffer(buf, 2048));
54 c.close();
55 EXPECT_EQ("200", std::string(buf + 9, buf + 12));
56 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]57
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]58 // static should be passed with no credentials
59 sendmsg = "GET /static/index.html\r\n\r\n";
60 {
61 asio::ip::tcp::socket c(is);
62 c.connect(asio::ip::tcp::endpoint(
63 asio::ip::address::from_string("127.0.0.1"), 45451));
64 c.send(asio::buffer(sendmsg));
65 c.receive(asio::buffer(buf, 2048));
66 c.close();
67 EXPECT_EQ("404", std::string(buf + 9, buf + 12));
68 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]69
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]70 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]71}
72
73// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]74TEST(TokenAuthentication, TestRejectedResource)
75{
76 App<crow::persistent_data::Middleware,
77 crow::token_authorization::Middleware>
78 app;
79 app.bindaddr("127.0.0.1").port(45451);
80 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
81 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]82
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]83 asio::io_service is;
84 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]85
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]86 // Other resources should not be passed
87 std::string sendmsg = "GET /foo\r\n\r\n";
88 asio::ip::tcp::socket c(is);
89 for (int i = 0; i < 200; i++)
90 {
91 try
92 {
93 c.connect(asio::ip::tcp::endpoint(
94 asio::ip::address::from_string("127.0.0.1"), 45451));
95 }
96 catch (std::exception e)
97 {
98 // do nothing
99 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]100 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]101 c.send(asio::buffer(sendmsg));
102 c.receive(asio::buffer(buf, 2048));
103 c.close();
104 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]105
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]106 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]107}
108
109// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]110TEST(TokenAuthentication, TestGetLoginUrl)
111{
112 App<crow::persistent_data::Middleware,
113 crow::token_authorization::Middleware>
114 app;
115 app.bindaddr("127.0.0.1").port(45451);
116 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
117 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]118
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]119 asio::io_service is;
120 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]121
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]122 // Other resources should not be passed
123 std::string sendmsg = "GET /login\r\n\r\n";
124 asio::ip::tcp::socket c(is);
125 for (int i = 0; i < 200; i++)
126 {
127 try
128 {
129 c.connect(asio::ip::tcp::endpoint(
130 asio::ip::address::from_string("127.0.0.1"), 45451));
131 }
132 catch (std::exception e)
133 {
134 // do nothing
135 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]136 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]137 c.send(asio::buffer(sendmsg));
138 c.receive(asio::buffer(buf, 2048));
139 c.close();
140 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]141
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]142 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]143}
144
145// Tests boundary conditions on login
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]146TEST(TokenAuthentication, TestPostBadLoginUrl)
147{
148 App<crow::persistent_data::Middleware,
149 crow::token_authorization::Middleware>
150 app;
151 app.bindaddr("127.0.0.1").port(45451);
152 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
153 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]154
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]155 asio::io_service is;
156 std::array<char, 2048> buf;
157 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]158
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]159 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
160 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]161 c.connect(asio::ip::tcp::endpoint(
162 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]163 c.send(asio::buffer(sendmsg));
164 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]165 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]166 };
167
168 {
169 // Retry a couple of times waiting for the server to come up
170 asio::ip::tcp::socket c(is);
171 for (int i = 0; i < 200; i++)
172 {
173 try
174 {
175 c.connect(asio::ip::tcp::endpoint(
176 asio::ip::address::from_string("127.0.0.1"), 45451));
177 c.close();
178 break;
179 }
180 catch (std::exception e)
181 {
182 // do nothing. We expect this to fail while the server is
183 // starting up
184 }
185 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]186 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]187
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]188 // Test blank login credentials
189 sendmsg = "POST /login\r\nContent-Length:0\r\n\r\n\r\n";
190 {
191 send_to_localhost(sendmsg);
192 auto return_code = std::string(&buf[9], &buf[12]);
193 EXPECT_EQ("400", return_code);
194 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]195
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]196 // Test wrong login credentials
197 sendmsg = "POST /login\r\nContent-Length:38\r\n\r\n{\"username\": \"foo\", "
198 "\"password\": \"bar\"}\r\n";
199 {
200 send_to_localhost(sendmsg);
201 auto return_code = std::string(&buf[9], &buf[12]);
202 EXPECT_EQ("401", return_code);
203 // TODO(ed) need to test more here. Response string?
204 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]205
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]206 // Test only sending a username
207 sendmsg =
208 "POST /login\r\nContent-Length:19\r\n\r\n{\"username\": \"foo\"}\r\n";
209 {
210 send_to_localhost(sendmsg);
211 auto return_code = std::string(&buf[9], &buf[12]);
212 EXPECT_EQ("400", return_code);
213 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]214
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]215 // Test only sending a password
216 sendmsg =
217 "POST /login\r\nContent-Length:19\r\n\r\n{\"password\": \"foo\"}\r\n";
218 {
219 send_to_localhost(sendmsg);
220 auto return_code = std::string(&buf[9], &buf[12]);
221 EXPECT_EQ("400", return_code);
222 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]223
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]224 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]225}
226
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]227// Test class that allows login for a fixed password.
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]228class KnownLoginAuthenticator
229{
230 public:
231 inline bool authenticate(const std::string& username,
232 const std::string& password)
233 {
234 return (username == "dude") && (password == "foo");
235 }
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]236};
237
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]238TEST(TokenAuthentication, TestSuccessfulLogin)
239{
240 App<crow::persistent_data::Middleware,
241 crow::token_authorization::Middleware>
242 app;
243 app.bindaddr("127.0.0.1").port(45451);
244 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
245 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]246
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]247 asio::io_service is;
248 std::array<char, 2048> buf;
249 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]250
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]251 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
252 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]253 c.connect(asio::ip::tcp::endpoint(
254 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]255 c.send(asio::buffer(sendmsg));
256 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]257 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]258 };
259
260 {
261 // Retry a couple of times waiting for the server to come up
262 asio::ip::tcp::socket c(is);
263 for (int i = 0; i < 200; i++)
264 {
265 try
266 {
267 c.connect(asio::ip::tcp::endpoint(
268 asio::ip::address::from_string("127.0.0.1"), 45451));
269 c.close();
270 break;
271 }
272 catch (std::exception e)
273 {
274 // do nothing. We expect this to fail while the server is
275 // starting up
276 }
277 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]278 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]279
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]280 // Test correct login credentials
281 sendmsg =
282 "POST /login\r\nContent-Length:40\r\n\r\n{\"username\": \"dude\", "
283 "\"password\": \"foo\"}\r\n";
284 {
285 send_to_localhost(sendmsg);
286 std::string response(std::begin(buf), std::end(buf));
287 // This is a routine to split strings until a newline is hit
288 // TODO(ed) this should really use the HTTP parser
289 std::vector<std::string> headers;
290 std::string::size_type pos = 0;
291 std::string::size_type prev = 0;
292 int content_length = 0;
293 std::string content_encoding("");
294 while ((pos = response.find("\r\n", prev)) != std::string::npos)
295 {
296 auto this_string = response.substr(prev, pos - prev);
297 if (this_string == "")
298 {
299 prev = pos + 2;
300 break;
301 }
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]302
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]303 headers.push_back(this_string);
304 prev = pos + 2;
305 }
306 EXPECT_EQ(headers[0], "HTTP/1.1 200 OK");
307 EXPECT_THAT(headers,
308 testing::Contains("Content-Type: application/json"));
309 auto http_content = response.substr(prev);
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]310 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]311
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]312 // Try to use those login credentials to access a resource
313 sendmsg = "GET /\r\nAuthorization: token\r\n\r\n{\"username\": \"dude\", "
314 "\"password\": \"dude\"}\r\n";
315 {
316 send_to_localhost(sendmsg);
317 auto return_code = std::string(&buf[9], &buf[12]);
318 EXPECT_EQ("200", return_code);
319 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]320
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]321 app.stop();
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]322}