|
|
|
@ -5,6 +5,8 @@ import (
|
|
|
|
|
"github.com/DATA-DOG/go-sqlmock"
|
|
|
|
|
"github.com/HFO4/cloudreve/models"
|
|
|
|
|
"github.com/HFO4/cloudreve/pkg/auth"
|
|
|
|
|
"github.com/HFO4/cloudreve/pkg/cache"
|
|
|
|
|
"github.com/HFO4/cloudreve/pkg/serializer"
|
|
|
|
|
"github.com/HFO4/cloudreve/pkg/util"
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"github.com/jinzhu/gorm"
|
|
|
|
@ -198,3 +200,145 @@ func TestWebDAVAuth(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestRemoteCallbackAuth(t *testing.T) {
|
|
|
|
|
asserts := assert.New(t)
|
|
|
|
|
rec := httptest.NewRecorder()
|
|
|
|
|
AuthFunc := RemoteCallbackAuth()
|
|
|
|
|
|
|
|
|
|
// 成功
|
|
|
|
|
{
|
|
|
|
|
cache.Set(
|
|
|
|
|
"callback_testCallBackRemote",
|
|
|
|
|
serializer.UploadSession{
|
|
|
|
|
UID: 1,
|
|
|
|
|
PolicyID: 2,
|
|
|
|
|
VirtualPath: "/",
|
|
|
|
|
},
|
|
|
|
|
0,
|
|
|
|
|
)
|
|
|
|
|
cache.Deletes([]string{"1"}, "policy_")
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)users(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[2]"))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Params = []gin.Param{
|
|
|
|
|
{"key", "testCallBackRemote"},
|
|
|
|
|
}
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
|
|
|
|
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
|
|
|
|
auth.SignRequest(authInstance, c.Request, 0)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.NoError(mock.ExpectationsWereMet())
|
|
|
|
|
asserts.False(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Callback Key 不存在
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Params = []gin.Param{
|
|
|
|
|
{"key", "testCallBackRemote"},
|
|
|
|
|
}
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
|
|
|
|
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
|
|
|
|
auth.SignRequest(authInstance, c.Request, 0)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.True(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 用户不存在
|
|
|
|
|
{
|
|
|
|
|
cache.Set(
|
|
|
|
|
"callback_testCallBackRemote",
|
|
|
|
|
serializer.UploadSession{
|
|
|
|
|
UID: 1,
|
|
|
|
|
PolicyID: 2,
|
|
|
|
|
VirtualPath: "/",
|
|
|
|
|
},
|
|
|
|
|
0,
|
|
|
|
|
)
|
|
|
|
|
cache.Deletes([]string{"1"}, "policy_")
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)users(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}))
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Params = []gin.Param{
|
|
|
|
|
{"key", "testCallBackRemote"},
|
|
|
|
|
}
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
|
|
|
|
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
|
|
|
|
auth.SignRequest(authInstance, c.Request, 0)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.NoError(mock.ExpectationsWereMet())
|
|
|
|
|
asserts.True(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 存储策略不一致
|
|
|
|
|
{
|
|
|
|
|
cache.Set(
|
|
|
|
|
"callback_testCallBackRemote",
|
|
|
|
|
serializer.UploadSession{
|
|
|
|
|
UID: 1,
|
|
|
|
|
PolicyID: 2,
|
|
|
|
|
VirtualPath: "/",
|
|
|
|
|
},
|
|
|
|
|
0,
|
|
|
|
|
)
|
|
|
|
|
cache.Deletes([]string{"1"}, "policy_")
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)users(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[3]"))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(3, "123"))
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Params = []gin.Param{
|
|
|
|
|
{"key", "testCallBackRemote"},
|
|
|
|
|
}
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
|
|
|
|
authInstance := auth.HMACAuth{SecretKey: []byte("123")}
|
|
|
|
|
auth.SignRequest(authInstance, c.Request, 0)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.NoError(mock.ExpectationsWereMet())
|
|
|
|
|
asserts.True(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 签名错误
|
|
|
|
|
{
|
|
|
|
|
cache.Set(
|
|
|
|
|
"callback_testCallBackRemote",
|
|
|
|
|
serializer.UploadSession{
|
|
|
|
|
UID: 1,
|
|
|
|
|
PolicyID: 2,
|
|
|
|
|
VirtualPath: "/",
|
|
|
|
|
},
|
|
|
|
|
0,
|
|
|
|
|
)
|
|
|
|
|
cache.Deletes([]string{"1"}, "policy_")
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)users(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "group_id"}).AddRow(1, 1))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)groups(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "policies"}).AddRow(1, "[2]"))
|
|
|
|
|
mock.ExpectQuery("SELECT(.+)policies(.+)").
|
|
|
|
|
WillReturnRows(sqlmock.NewRows([]string{"id", "secret_key"}).AddRow(2, "123"))
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Params = []gin.Param{
|
|
|
|
|
{"key", "testCallBackRemote"},
|
|
|
|
|
}
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote/testCallBackRemote", nil)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.NoError(mock.ExpectationsWereMet())
|
|
|
|
|
asserts.True(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Callback Key 为空
|
|
|
|
|
{
|
|
|
|
|
c, _ := gin.CreateTestContext(rec)
|
|
|
|
|
c.Request, _ = http.NewRequest("POST", "/api/v3/callback/remote", nil)
|
|
|
|
|
AuthFunc(c)
|
|
|
|
|
asserts.True(c.IsAborted())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|