github.com/crowdsecurity/crowdsec@v1.6.1/pkg/apiserver/api_key_test.go

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/apiserver/api_key_test.go (about)

     1  package apiserver
     2  
     3  import (
     4  	"net/http"
     5  	"net/http/httptest"
     6  	"strings"
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  )
    11  
    12  func TestAPIKey(t *testing.T) {
    13  	router, config := NewAPITest(t)
    14  
    15  	APIKey := CreateTestBouncer(t, config.API.Server.DbConfig)
    16  
    17  	// Login with empty token
    18  	w := httptest.NewRecorder()
    19  	req, _ := http.NewRequest(http.MethodGet, "/v1/decisions", strings.NewReader(""))
    20  	req.Header.Add("User-Agent", UserAgent)
    21  	router.ServeHTTP(w, req)
    22  
    23  	assert.Equal(t, 403, w.Code)
    24  	assert.Equal(t, `{"message":"access forbidden"}`, w.Body.String())
    25  
    26  	// Login with invalid token
    27  	w = httptest.NewRecorder()
    28  	req, _ = http.NewRequest(http.MethodGet, "/v1/decisions", strings.NewReader(""))
    29  	req.Header.Add("User-Agent", UserAgent)
    30  	req.Header.Add("X-Api-Key", "a1b2c3d4e5f6")
    31  	router.ServeHTTP(w, req)
    32  
    33  	assert.Equal(t, 403, w.Code)
    34  	assert.Equal(t, `{"message":"access forbidden"}`, w.Body.String())
    35  
    36  	// Login with valid token
    37  	w = httptest.NewRecorder()
    38  	req, _ = http.NewRequest(http.MethodGet, "/v1/decisions", strings.NewReader(""))
    39  	req.Header.Add("User-Agent", UserAgent)
    40  	req.Header.Add("X-Api-Key", APIKey)
    41  	router.ServeHTTP(w, req)
    42  
    43  	assert.Equal(t, 200, w.Code)
    44  	assert.Equal(t, "null", w.Body.String())
    45  }