Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / fe44eb0b4b46fa3a96f445df05e962e15e5d337d / . / src / token_authorization_middleware_test.cpp
blob: 3ac7947b948275b16a44119b77455cbb1c1116ec [file] [log] [blame]
Ed Tanous9140a672017-04-24 17:01:32 -0700[diff] [blame]1#include "token_authorization_middleware.hpp"
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]2#include "webserver_common.hpp"
3
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]4#include <condition_variable>
5#include <future>
6#include <mutex>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]7
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]8#include "gmock/gmock.h"
Ed Tanous1ff48782017-04-18 12:45:08 -0700[diff] [blame]9#include "gtest/gtest.h"
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]10
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]11using namespace crow;
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]12
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]13class TokenAuth : public ::testing::Test
14{
15 public:
16 TokenAuth() :
17 lk(std::unique_lock<std::mutex>(m)),
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]18 io(std::make_shared<boost::asio::io_context>())
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]19 {}
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]20
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]21 std::mutex m;
22 std::condition_variable cv;
23 std::unique_lock<std::mutex> lk;
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]24 std::shared_ptr<boost::asio::io_context> io;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]25 int testPort = 45451;
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]26};
27
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]28TEST_F(TokenAuth, SpecialResourcesAreAcceptedWithoutAuth)
29{
30 CrowApp app(io);
31 crow::token_authorization::requestRoutes(app);
32 BMCWEB_ROUTE(app, "/redfish/v1")
33 ([]() { return boost::beast::http::status::ok; });
34 auto _ = std::async(std::launch::async, [&] {
35 app.port(testPort).run();
36 cv.notify_one();
37 io->run();
38 });
Borawski.Lukasz4b1b8682018-04-04 12:50:16 +0200[diff] [blame]39
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]40 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]41 std::string sendmsg;
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]42
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]43 static char buf[2048];
Ed Tanousf9273472017-02-28 16:05:13 -0800[diff] [blame]44
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]45 // Homepage should be passed with no credentials
46 sendmsg = "GET /\r\n\r\n";
47 {
48 asio::ip::tcp::socket c(is);
49 c.connect(asio::ip::tcp::endpoint(
50 asio::ip::address::from_string("127.0.0.1"), 45451));
51 c.send(asio::buffer(sendmsg));
52 c.receive(asio::buffer(buf, 2048));
53 c.close();
54 EXPECT_EQ("200", std::string(buf + 9, buf + 12));
55 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]56
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]57 // static should be passed with no credentials
58 sendmsg = "GET /static/index.html\r\n\r\n";
59 {
60 asio::ip::tcp::socket c(is);
61 c.connect(asio::ip::tcp::endpoint(
62 asio::ip::address::from_string("127.0.0.1"), 45451));
63 c.send(asio::buffer(sendmsg));
64 c.receive(asio::buffer(buf, 2048));
65 c.close();
66 EXPECT_EQ("404", std::string(buf + 9, buf + 12));
67 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]68
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]69 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]70}
71
72// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]73TEST(TokenAuthentication, TestRejectedResource)
74{
75 App<crow::persistent_data::Middleware,
76 crow::token_authorization::Middleware>
77 app;
78 app.bindaddr("127.0.0.1").port(45451);
79 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
80 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]81
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]82 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]83 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]84
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]85 // Other resources should not be passed
86 std::string sendmsg = "GET /foo\r\n\r\n";
87 asio::ip::tcp::socket c(is);
88 for (int i = 0; i < 200; i++)
89 {
90 try
91 {
92 c.connect(asio::ip::tcp::endpoint(
93 asio::ip::address::from_string("127.0.0.1"), 45451));
94 }
95 catch (std::exception e)
96 {
97 // do nothing
98 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]99 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]100 c.send(asio::buffer(sendmsg));
101 c.receive(asio::buffer(buf, 2048));
102 c.close();
103 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]104
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]105 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]106}
107
108// Tests that Base64 basic strings work
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]109TEST(TokenAuthentication, TestGetLoginUrl)
110{
111 App<crow::persistent_data::Middleware,
112 crow::token_authorization::Middleware>
113 app;
114 app.bindaddr("127.0.0.1").port(45451);
115 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
116 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]117
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]118 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]119 static char buf[2048];
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]120
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]121 // Other resources should not be passed
122 std::string sendmsg = "GET /login\r\n\r\n";
123 asio::ip::tcp::socket c(is);
124 for (int i = 0; i < 200; i++)
125 {
126 try
127 {
128 c.connect(asio::ip::tcp::endpoint(
129 asio::ip::address::from_string("127.0.0.1"), 45451));
130 }
131 catch (std::exception e)
132 {
133 // do nothing
134 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]135 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]136 c.send(asio::buffer(sendmsg));
137 c.receive(asio::buffer(buf, 2048));
138 c.close();
139 EXPECT_EQ("401", std::string(buf + 9, buf + 12));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]140
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]141 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]142}
143
144// Tests boundary conditions on login
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]145TEST(TokenAuthentication, TestPostBadLoginUrl)
146{
147 App<crow::persistent_data::Middleware,
148 crow::token_authorization::Middleware>
149 app;
150 app.bindaddr("127.0.0.1").port(45451);
151 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
152 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]153
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]154 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]155 std::array<char, 2048> buf;
156 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]157
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]158 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
159 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]160 c.connect(asio::ip::tcp::endpoint(
161 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]162 c.send(asio::buffer(sendmsg));
163 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]164 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]165 };
166
167 {
168 // Retry a couple of times waiting for the server to come up
169 asio::ip::tcp::socket c(is);
170 for (int i = 0; i < 200; i++)
171 {
172 try
173 {
174 c.connect(asio::ip::tcp::endpoint(
175 asio::ip::address::from_string("127.0.0.1"), 45451));
176 c.close();
177 break;
178 }
179 catch (std::exception e)
180 {
181 // do nothing. We expect this to fail while the server is
182 // starting up
183 }
184 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]185 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]186
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]187 // Test blank login credentials
188 sendmsg = "POST /login\r\nContent-Length:0\r\n\r\n\r\n";
189 {
190 send_to_localhost(sendmsg);
191 auto return_code = std::string(&buf[9], &buf[12]);
192 EXPECT_EQ("400", return_code);
193 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]194
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]195 // Test wrong login credentials
196 sendmsg = "POST /login\r\nContent-Length:38\r\n\r\n{\"username\": \"foo\", "
197 "\"password\": \"bar\"}\r\n";
198 {
199 send_to_localhost(sendmsg);
200 auto return_code = std::string(&buf[9], &buf[12]);
201 EXPECT_EQ("401", return_code);
202 // TODO(ed) need to test more here. Response string?
203 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]204
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]205 // Test only sending a username
206 sendmsg =
207 "POST /login\r\nContent-Length:19\r\n\r\n{\"username\": \"foo\"}\r\n";
208 {
209 send_to_localhost(sendmsg);
210 auto return_code = std::string(&buf[9], &buf[12]);
211 EXPECT_EQ("400", return_code);
212 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]213
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]214 // Test only sending a password
215 sendmsg =
216 "POST /login\r\nContent-Length:19\r\n\r\n{\"password\": \"foo\"}\r\n";
217 {
218 send_to_localhost(sendmsg);
219 auto return_code = std::string(&buf[9], &buf[12]);
220 EXPECT_EQ("400", return_code);
221 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]222
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]223 app.stop();
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]224}
225
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]226// Test class that allows login for a fixed password.
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]227class KnownLoginAuthenticator
228{
229 public:
230 inline bool authenticate(const std::string& username,
231 const std::string& password)
232 {
233 return (username == "dude") && (password == "foo");
234 }
Ed Tanous4d92cbf2017-06-22 15:41:02 -0700[diff] [blame]235};
236
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]237TEST(TokenAuthentication, TestSuccessfulLogin)
238{
239 App<crow::persistent_data::Middleware,
240 crow::token_authorization::Middleware>
241 app;
242 app.bindaddr("127.0.0.1").port(45451);
243 BMCWEB_ROUTE(app, "/")([]() { return boost::beast::http::status::ok; });
244 auto _ = async(std::launch::async, [&] { app.run(); });
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]245
Ed Tanous8f626352018-12-19 14:51:54 -0800[diff] [blame]246 asio::io_context is;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]247 std::array<char, 2048> buf;
248 std::string sendmsg;
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]249
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]250 auto send_to_localhost = [&is, &buf](std::string sendmsg) {
251 asio::ip::tcp::socket c(is);
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]252 c.connect(asio::ip::tcp::endpoint(
253 asio::ip::address::from_string("127.0.0.1"), 45451));
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]254 c.send(asio::buffer(sendmsg));
255 c.receive(asio::buffer(buf));
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]256 c.close();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]257 };
258
259 {
260 // Retry a couple of times waiting for the server to come up
261 asio::ip::tcp::socket c(is);
262 for (int i = 0; i < 200; i++)
263 {
264 try
265 {
266 c.connect(asio::ip::tcp::endpoint(
267 asio::ip::address::from_string("127.0.0.1"), 45451));
268 c.close();
269 break;
270 }
271 catch (std::exception e)
272 {
273 // do nothing. We expect this to fail while the server is
274 // starting up
275 }
276 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]277 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]278
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]279 // Test correct login credentials
280 sendmsg =
281 "POST /login\r\nContent-Length:40\r\n\r\n{\"username\": \"dude\", "
282 "\"password\": \"foo\"}\r\n";
283 {
284 send_to_localhost(sendmsg);
285 std::string response(std::begin(buf), std::end(buf));
286 // This is a routine to split strings until a newline is hit
287 // TODO(ed) this should really use the HTTP parser
288 std::vector<std::string> headers;
289 std::string::size_type pos = 0;
290 std::string::size_type prev = 0;
291 int content_length = 0;
292 std::string content_encoding("");
293 while ((pos = response.find("\r\n", prev)) != std::string::npos)
294 {
295 auto this_string = response.substr(prev, pos - prev);
296 if (this_string == "")
297 {
298 prev = pos + 2;
299 break;
300 }
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]301
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]302 headers.push_back(this_string);
303 prev = pos + 2;
304 }
305 EXPECT_EQ(headers[0], "HTTP/1.1 200 OK");
306 EXPECT_THAT(headers,
307 testing::Contains("Content-Type: application/json"));
308 auto http_content = response.substr(prev);
Ed Tanousb4a7bfa2017-04-04 17:23:00 -0700[diff] [blame]309 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]310
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]311 // Try to use those login credentials to access a resource
312 sendmsg = "GET /\r\nAuthorization: token\r\n\r\n{\"username\": \"dude\", "
313 "\"password\": \"dude\"}\r\n";
314 {
315 send_to_localhost(sendmsg);
316 auto return_code = std::string(&buf[9], &buf[12]);
317 EXPECT_EQ("200", return_code);
318 }
Ed Tanous1e94fa42017-04-03 13:41:19 -0700[diff] [blame]319
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]320 app.stop();
Ed Tanous8041f312017-04-03 09:47:01 -0700[diff] [blame]321}