colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use custom header for authentication

This commit is contained in:
Jannis Mattheis 2018-02-15 19:40:27 +01:00 committed by Jannis Mattheis
parent 1e7e1a71f7
commit a5acb20d0e
3 changed files with 26 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
auth/authentication.go
View File

@ -2,15 +2,13 @@ package auth
import (
"errors"
"strings"
"github.com/gin-gonic/gin"
"github.com/gotify/server/model"
)
const (
headerName = "Authorization"
headerSchema = "ApiKey "
headerName = "X-Gotify-Key"
)
// The Database interface for encapsulating database access.
@ -83,10 +81,7 @@ func (a *Auth) tokenFromQuery(ctx *gin.Context) string {
}
func (a *Auth) tokenFromHeader(ctx *gin.Context) string {
if header := ctx.Request.Header.Get(headerName); header != "" && strings.HasPrefix(header, headerSchema) {
return strings.TrimPrefix(header, headerSchema)
}
return ""
return ctx.Request.Header.Get(headerName)
}
func (a *Auth) userFromBasicAuth(ctx *gin.Context) *model.User {

36
auth/authentication_test.go
View File

@ -90,9 +90,9 @@ func (s *AuthenticationSuite) TestNothingProvided() {
func (s *AuthenticationSuite) TestHeaderApiKeyToken() {
// not existing token
s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireClient, 401)
s.assertHeaderRequest("Authorization", "ApiKey ergerogerg", s.auth.RequireAdmin, 401)
s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireClient, 401)
s.assertHeaderRequest("X-Gotify-Key", "ergerogerg", s.auth.RequireAdmin, 401)
// no authentication schema
s.assertHeaderRequest("Authorization", "ergerogerg", s.auth.RequireApplicationToken, 401)
@ -105,25 +105,25 @@ func (s *AuthenticationSuite) TestHeaderApiKeyToken() {
s.assertHeaderRequest("Authorization", "ApiKeyx clienttoken", s.auth.RequireAdmin, 401)
// not existing key
s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireClient, 401)
s.assertHeaderRequest("Authorizationx", "ApiKey clienttoken", s.auth.RequireAdmin, 401)
s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireClient, 401)
s.assertHeaderRequest("X-Gotify-Keyx", "clienttoken", s.auth.RequireAdmin, 401)
// apptoken
s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireApplicationToken, 200)
s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireClient, 401)
s.assertHeaderRequest("Authorization", "ApiKey apptoken", s.auth.RequireAdmin, 401)
s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireApplicationToken, 200)
s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireClient, 401)
s.assertHeaderRequest("Authorization", "ApiKey apptoken_admin", s.auth.RequireAdmin, 401)
s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireApplicationToken, 200)
s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireClient, 401)
s.assertHeaderRequest("X-Gotify-Key", "apptoken", s.auth.RequireAdmin, 401)
s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireApplicationToken, 200)
s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireClient, 401)
s.assertHeaderRequest("X-Gotify-Key", "apptoken_admin", s.auth.RequireAdmin, 401)
// clienttoken
s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireClient, 200)
s.assertHeaderRequest("Authorization", "ApiKey clienttoken", s.auth.RequireAdmin, 403)
s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireClient, 200)
s.assertHeaderRequest("Authorization", "ApiKey clienttoken_admin", s.auth.RequireAdmin, 200)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireClient, 200)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken", s.auth.RequireAdmin, 403)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireApplicationToken, 401)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireClient, 200)
s.assertHeaderRequest("X-Gotify-Key", "clienttoken_admin", s.auth.RequireAdmin, 200)
}
func (s *AuthenticationSuite) TestBasicAuth() {

11
router/router_test.go
View File

@ -61,7 +61,7 @@ func (s *IntegrationSuite) TestSendMessage() {
assert.Equal(s.T(), "backup-server", token.Name)
req = s.newRequest("POST", "message", `{"message": "backup done", "title": "backup done"}`)
req.Header.Add("Authorization", fmt.Sprintf("ApiKey %s", token.ID))
req.Header.Add("X-Gotify-Key", token.ID)
res, err = client.Do(req)
assert.Nil(s.T(), err)
assert.Equal(s.T(), 200, res.StatusCode)
@ -71,10 +71,11 @@ func (s *IntegrationSuite) TestSendMessage() {
res, err = client.Do(req)
assert.Nil(s.T(), err)
assert.Equal(s.T(), 200, res.StatusCode)
msgs := &[]*model.Message{}
json.NewDecoder(res.Body).Decode(msgs)
assert.Len(s.T(), *msgs, 1)
msg := (*msgs)[0]
var msgs []model.Message
json.NewDecoder(res.Body).Decode(&msgs)
assert.Len(s.T(), msgs, 1)
msg := msgs[0]
assert.Equal(s.T(), "backup done", msg.Message)
assert.Equal(s.T(), "backup done", msg.Title)
assert.Equal(s.T(), uint(1), msg.ID)