github.com/artpar/rclone@v1.67.3/cmd/serve/restic/restic_privaterepos_test.go (about) 1 package restic 2 3 import ( 4 "context" 5 "crypto/rand" 6 "io" 7 "net/http" 8 "strings" 9 "testing" 10 11 "github.com/artpar/rclone/cmd" 12 "github.com/stretchr/testify/require" 13 ) 14 15 // newAuthenticatedRequest returns a new HTTP request with the given params. 16 func newAuthenticatedRequest(t testing.TB, method, path string, body io.Reader, user, pass string) *http.Request { 17 req := newRequest(t, method, path, body) 18 req.SetBasicAuth(user, pass) 19 req.Header.Add("Accept", resticAPIV2) 20 return req 21 } 22 23 // TestResticPrivateRepositories runs tests on the restic handler code for private repositories 24 func TestResticPrivateRepositories(t *testing.T) { 25 ctx := context.Background() 26 buf := make([]byte, 32) 27 _, err := io.ReadFull(rand.Reader, buf) 28 require.NoError(t, err) 29 30 // setup rclone with a local backend in a temporary directory 31 tempdir := t.TempDir() 32 33 opt := newOpt() 34 35 // set private-repos mode & test user 36 opt.PrivateRepos = true 37 opt.Auth.BasicUser = "test" 38 opt.Auth.BasicPass = "password" 39 40 // make a new file system in the temp dir 41 f := cmd.NewFsSrc([]string{tempdir}) 42 s, err := newServer(ctx, f, &opt) 43 require.NoError(t, err) 44 router := s.Server.Router() 45 46 // Requesting /test/ should allow access 47 reqs := []*http.Request{ 48 newAuthenticatedRequest(t, "POST", "/test/?create=true", nil, opt.Auth.BasicUser, opt.Auth.BasicPass), 49 newAuthenticatedRequest(t, "POST", "/test/config", strings.NewReader("foobar test config"), opt.Auth.BasicUser, opt.Auth.BasicPass), 50 newAuthenticatedRequest(t, "GET", "/test/config", nil, opt.Auth.BasicUser, opt.Auth.BasicPass), 51 } 52 for _, req := range reqs { 53 checkRequest(t, router.ServeHTTP, req, []wantFunc{wantCode(http.StatusOK)}) 54 } 55 56 // Requesting with bad credentials should raise unauthorised errors 57 reqs = []*http.Request{ 58 newRequest(t, "GET", "/test/config", nil), 59 newAuthenticatedRequest(t, "GET", "/test/config", nil, opt.Auth.BasicUser, ""), 60 newAuthenticatedRequest(t, "GET", "/test/config", nil, "", opt.Auth.BasicPass), 61 newAuthenticatedRequest(t, "GET", "/test/config", nil, opt.Auth.BasicUser+"x", opt.Auth.BasicPass), 62 newAuthenticatedRequest(t, "GET", "/test/config", nil, opt.Auth.BasicUser, opt.Auth.BasicPass+"x"), 63 } 64 for _, req := range reqs { 65 checkRequest(t, router.ServeHTTP, req, []wantFunc{wantCode(http.StatusUnauthorized)}) 66 } 67 68 // Requesting everything else should raise forbidden errors 69 reqs = []*http.Request{ 70 newAuthenticatedRequest(t, "GET", "/", nil, opt.Auth.BasicUser, opt.Auth.BasicPass), 71 newAuthenticatedRequest(t, "POST", "/other_user", nil, opt.Auth.BasicUser, opt.Auth.BasicPass), 72 newAuthenticatedRequest(t, "GET", "/other_user/config", nil, opt.Auth.BasicUser, opt.Auth.BasicPass), 73 } 74 for _, req := range reqs { 75 checkRequest(t, router.ServeHTTP, req, []wantFunc{wantCode(http.StatusForbidden)}) 76 } 77 78 }