github.com/weaviate/weaviate@v1.24.6/usecases/auth/authentication/anonymous/middleware_test.go

github.com/weaviate/weaviate@v1.24.6/usecases/auth/authentication/anonymous/middleware_test.go (about)

     1  //                           _       _
     2  // __      _____  __ ___   ___  __ _| |_ ___
     3  // \ \ /\ / / _ \/ _` \ \ / / |/ _` | __/ _ \
     4  //  \ V  V /  __/ (_| |\ V /| | (_| | ||  __/
     5  //   \_/\_/ \___|\__,_| \_/ |_|\__,_|\__\___|
     6  //
     7  //  Copyright © 2016 - 2024 Weaviate B.V. All rights reserved.
     8  //
     9  //  CONTACT: hello@weaviate.io
    10  //
    11  
    12  package anonymous
    13  
    14  import (
    15  	"net/http"
    16  	"net/http/httptest"
    17  	"testing"
    18  
    19  	"github.com/stretchr/testify/assert"
    20  	"github.com/weaviate/weaviate/usecases/config"
    21  )
    22  
    23  func Test_AnonymousMiddleware_Enabled(t *testing.T) {
    24  	// when anonymous access is enabled, we don't need to do anything and can
    25  	// safely call the next next handler
    26  
    27  	r := httptest.NewRequest("GET", "/foo", nil)
    28  	w := httptest.NewRecorder()
    29  
    30  	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    31  		w.WriteHeader(900)
    32  	})
    33  
    34  	cfg := config.Config{
    35  		Authentication: config.Authentication{
    36  			AnonymousAccess: config.AnonymousAccess{
    37  				Enabled: true,
    38  			},
    39  		},
    40  	}
    41  
    42  	New(cfg).Middleware(next).ServeHTTP(w, r)
    43  	response := w.Result()
    44  	defer response.Body.Close()
    45  
    46  	assert.Equal(t, response.StatusCode, 900)
    47  }
    48  
    49  func Test_AnonymousMiddleware_Disabled(t *testing.T) {
    50  	t.Run("when OIDC is enabled, but no token provided", func(t *testing.T) {
    51  		r := httptest.NewRequest("GET", "/foo", nil)
    52  		w := httptest.NewRecorder()
    53  
    54  		next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    55  			w.WriteHeader(900)
    56  		})
    57  
    58  		cfg := config.Config{
    59  			Authentication: config.Authentication{
    60  				AnonymousAccess: config.AnonymousAccess{
    61  					Enabled: false,
    62  				},
    63  				OIDC: config.OIDC{
    64  					Enabled: true,
    65  				},
    66  			},
    67  		}
    68  
    69  		New(cfg).Middleware(next).ServeHTTP(w, r)
    70  		response := w.Result()
    71  		defer response.Body.Close()
    72  
    73  		assert.Equal(t, response.StatusCode, 401)
    74  	})
    75  
    76  	t.Run("when OIDC is enabled, and a Bearer Header provided", func(t *testing.T) {
    77  		r := httptest.NewRequest("GET", "/foo", nil)
    78  		r.Header.Add("Authorization", "Bearer foo")
    79  		w := httptest.NewRecorder()
    80  
    81  		next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    82  			w.WriteHeader(900)
    83  		})
    84  
    85  		cfg := config.Config{
    86  			Authentication: config.Authentication{
    87  				AnonymousAccess: config.AnonymousAccess{
    88  					Enabled: false,
    89  				},
    90  				OIDC: config.OIDC{
    91  					Enabled: true,
    92  				},
    93  			},
    94  		}
    95  
    96  		New(cfg).Middleware(next).ServeHTTP(w, r)
    97  		response := w.Result()
    98  		defer response.Body.Close()
    99  
   100  		assert.Equal(t, response.StatusCode, 900)
   101  	})
   102  }