github.com/ncw/rclone@v1.48.1-0.20190724201158-a35aa1360e3e/cmd/serve/restic/restic_privaterepos_test.go (about)

     1  // +build go1.9
     2  
     3  package restic
     4  
     5  import (
     6  	"context"
     7  	"crypto/rand"
     8  	"io"
     9  	"io/ioutil"
    10  	"net/http"
    11  	"os"
    12  	"strings"
    13  	"testing"
    14  
    15  	"github.com/ncw/rclone/cmd/serve/httplib"
    16  
    17  	"github.com/ncw/rclone/cmd"
    18  	"github.com/ncw/rclone/cmd/serve/httplib/httpflags"
    19  	"github.com/stretchr/testify/require"
    20  )
    21  
    22  // newAuthenticatedRequest returns a new HTTP request with the given params.
    23  func newAuthenticatedRequest(t testing.TB, method, path string, body io.Reader) *http.Request {
    24  	req := newRequest(t, method, path, body)
    25  	req = req.WithContext(context.WithValue(req.Context(), httplib.ContextUserKey, "test"))
    26  	req.Header.Add("Accept", resticAPIV2)
    27  	return req
    28  }
    29  
    30  // TestResticPrivateRepositories runs tests on the restic handler code for private repositories
    31  func TestResticPrivateRepositories(t *testing.T) {
    32  	buf := make([]byte, 32)
    33  	_, err := io.ReadFull(rand.Reader, buf)
    34  	require.NoError(t, err)
    35  
    36  	// setup rclone with a local backend in a temporary directory
    37  	tempdir, err := ioutil.TempDir("", "rclone-restic-test-")
    38  	require.NoError(t, err)
    39  
    40  	// make sure the tempdir is properly removed
    41  	defer func() {
    42  		err := os.RemoveAll(tempdir)
    43  		require.NoError(t, err)
    44  	}()
    45  
    46  	// globally set private-repos mode & test user
    47  	prev := privateRepos
    48  	prevUser := httpflags.Opt.BasicUser
    49  	prevPassword := httpflags.Opt.BasicPass
    50  	privateRepos = true
    51  	httpflags.Opt.BasicUser = "test"
    52  	httpflags.Opt.BasicPass = "password"
    53  	// reset when done
    54  	defer func() {
    55  		privateRepos = prev
    56  		httpflags.Opt.BasicUser = prevUser
    57  		httpflags.Opt.BasicPass = prevPassword
    58  	}()
    59  
    60  	// make a new file system in the temp dir
    61  	f := cmd.NewFsSrc([]string{tempdir})
    62  	srv := newServer(f, &httpflags.Opt)
    63  
    64  	// Requesting /test/ should allow access
    65  	reqs := []*http.Request{
    66  		newAuthenticatedRequest(t, "POST", "/test/?create=true", nil),
    67  		newAuthenticatedRequest(t, "POST", "/test/config", strings.NewReader("foobar test config")),
    68  		newAuthenticatedRequest(t, "GET", "/test/config", nil),
    69  	}
    70  	for _, req := range reqs {
    71  		checkRequest(t, srv.handler, req, []wantFunc{wantCode(http.StatusOK)})
    72  	}
    73  
    74  	// Requesting everything else should raise forbidden errors
    75  	reqs = []*http.Request{
    76  		newAuthenticatedRequest(t, "GET", "/", nil),
    77  		newAuthenticatedRequest(t, "POST", "/other_user", nil),
    78  		newAuthenticatedRequest(t, "GET", "/other_user/config", nil),
    79  	}
    80  	for _, req := range reqs {
    81  		checkRequest(t, srv.handler, req, []wantFunc{wantCode(http.StatusForbidden)})
    82  	}
    83  
    84  }