istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/server/ca/authenticate/common_test.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/server/ca/authenticate/common_test.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package authenticate
    16  
    17  import (
    18  	"context"
    19  	"testing"
    20  
    21  	"google.golang.org/grpc/metadata"
    22  
    23  	"istio.io/istio/pkg/security"
    24  )
    25  
    26  func TestExtractBearerToken(t *testing.T) {
    27  	testCases := map[string]struct {
    28  		metadata                 metadata.MD
    29  		expectedToken            string
    30  		extractBearerTokenErrMsg string
    31  	}{
    32  		"No metadata": {
    33  			expectedToken:            "",
    34  			extractBearerTokenErrMsg: "no metadata is attached",
    35  		},
    36  		"No auth header": {
    37  			metadata: metadata.MD{
    38  				"random": []string{},
    39  			},
    40  			expectedToken:            "",
    41  			extractBearerTokenErrMsg: "no HTTP authorization header exists",
    42  		},
    43  		"No bearer token": {
    44  			metadata: metadata.MD{
    45  				"random": []string{},
    46  				"authorization": []string{
    47  					"Basic callername",
    48  				},
    49  			},
    50  			expectedToken:            "",
    51  			extractBearerTokenErrMsg: "no bearer token exists in HTTP authorization header",
    52  		},
    53  		"With bearer token": {
    54  			metadata: metadata.MD{
    55  				"random": []string{},
    56  				"authorization": []string{
    57  					"Basic callername",
    58  					"Bearer bearer-token",
    59  				},
    60  			},
    61  			expectedToken: "bearer-token",
    62  		},
    63  	}
    64  
    65  	for id, tc := range testCases {
    66  		ctx := context.Background()
    67  		if tc.metadata != nil {
    68  			ctx = metadata.NewIncomingContext(ctx, tc.metadata)
    69  		}
    70  
    71  		actual, err := security.ExtractBearerToken(ctx)
    72  		if len(tc.extractBearerTokenErrMsg) > 0 {
    73  			if err == nil {
    74  				t.Errorf("Case %s: Succeeded. Error expected: %v", id, err)
    75  			} else if err.Error() != tc.extractBearerTokenErrMsg {
    76  				t.Errorf("Case %s: Incorrect error message: %s VS %s",
    77  					id, err.Error(), tc.extractBearerTokenErrMsg)
    78  			}
    79  			continue
    80  		} else if err != nil {
    81  			t.Fatalf("Case %s: Unexpected Error: %v", id, err)
    82  		}
    83  
    84  		if actual != tc.expectedToken {
    85  			t.Errorf("Case %q: Unexpected token: want %s but got %s", id, tc.expectedToken, actual)
    86  		}
    87  	}
    88  }