summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRonny <ronny@apache.org>2022-08-08 16:56:26 +0200
committerGitHub <noreply@github.com>2022-08-08 16:56:26 +0200
commitf8dad2fe60b61fb1a5a5917b57cc646de237ba36 (patch)
treed68f55a2ece728e18c98e5e76a786fa560a57607
parentcfed4bb076401a224bee5c1f003ceceedecff0f0 (diff)
downloadcouchdb-f8dad2fe60b61fb1a5a5917b57cc646de237ba36.tar.gz
Fix proxyauth_test and remove it from skipping tests (#4129)
After reverting #4094, bringing this back as a seperate fix.
-rw-r--r--test/elixir/test/config/skip.elixir4
-rw-r--r--test/elixir/test/proxyauth_test.exs95
2 files changed, 31 insertions, 68 deletions
diff --git a/test/elixir/test/config/skip.elixir b/test/elixir/test/config/skip.elixir
index bb27f13cd..7fbcacef7 100644
--- a/test/elixir/test/config/skip.elixir
+++ b/test/elixir/test/config/skip.elixir
@@ -2,10 +2,6 @@
"CookieAuthTest": [
"cookie auth"
],
- "ProxyAuthTest": [
- "proxy auth with secret",
- "proxy auth without secret"
- ],
"ReaderACLTest": [
"unrestricted db can be read"
],
diff --git a/test/elixir/test/proxyauth_test.exs b/test/elixir/test/proxyauth_test.exs
index 6bf21920b..ea57c1a0e 100644
--- a/test/elixir/test/proxyauth_test.exs
+++ b/test/elixir/test/proxyauth_test.exs
@@ -4,27 +4,7 @@ defmodule ProxyAuthTest do
@moduletag :authentication
@tag :with_db
- test "proxy auth with secret", context do
- db_name = context[:db_name]
-
- design_doc = %{
- _id: "_design/test",
- language: "javascript",
- shows: %{
- welcome: """
- function(doc,req) {
- return "Welcome " + req.userCtx["name"];
- }
- """,
- role: """
- function(doc, req) {
- return req.userCtx['roles'][0];
- }
- """
- }
- }
-
- {:ok, _} = create_doc(db_name, design_doc)
+ test "proxy auth with secret" do
users_db_name = random_db_name()
create_db(users_db_name)
@@ -38,19 +18,19 @@ defmodule ProxyAuthTest do
:value => users_db_name
},
%{
- :section => "couch_httpd_auth",
+ :section => "chttpd_auth",
:key => "proxy_use_secret",
:value => "true"
},
%{
- :section => "couch_httpd_auth",
+ :section => "chttpd_auth",
:key => "secret",
:value => secret
}
]
run_on_modified_server(server_config, fn ->
- test_fun(db_name, users_db_name, secret)
+ test_fun(users_db_name, secret)
end)
delete_db(users_db_name)
end
@@ -63,15 +43,11 @@ defmodule ProxyAuthTest do
end
defp hex_hmac_sha1(secret, message) do
- signature = case :erlang.system_info(:otp_release) do
- '20' -> :crypto.hmac(:sha, secret, message)
- '21' -> :crypto.hmac(:sha, secret, message)
- _ -> :crypto.mac(:hmac, :sha, secret, message)
- end
+ signature = :crypto.mac(:hmac, :sha, secret, message)
Base.encode16(signature, case: :lower)
end
- def test_fun(db_name, users_db_name, secret) do
+ def test_fun(users_db_name, secret) do
user = prepare_user_doc(name: "couch@apache.org", password: "test")
create_doc(users_db_name, user)
@@ -85,38 +61,24 @@ defmodule ProxyAuthTest do
headers = [
"X-Auth-CouchDB-UserName": "couch@apache.org",
- "X-Auth-CouchDB-Roles": "test",
+ "X-Auth-CouchDB-Roles": "test_role",
"X-Auth-CouchDB-Token": hex_hmac_sha1(secret, "couch@apache.org")
]
- resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers)
- assert resp.body == "Welcome couch@apache.org"
- resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers)
- assert resp.body == "test"
+ resp2 =
+ Couch.get("/_session",
+ headers: headers
+ )
+
+ assert resp2.body["userCtx"]["name"] == "couch@apache.org"
+ assert resp2.body["userCtx"]["roles"] == ["test_role"]
+ assert resp2.body["info"]["authenticated"] == "proxy"
+ assert resp2.body["ok"] == true
+
end
@tag :with_db
- test "proxy auth without secret", context do
- db_name = context[:db_name]
-
- design_doc = %{
- _id: "_design/test",
- language: "javascript",
- shows: %{
- welcome: """
- function(doc,req) {
- return "Welcome " + req.userCtx["name"];
- }
- """,
- role: """
- function(doc, req) {
- return req.userCtx['roles'][0];
- }
- """
- }
- }
-
- {:ok, _} = create_doc(db_name, design_doc)
+ test "proxy auth without secret" do
users_db_name = random_db_name()
create_db(users_db_name)
@@ -128,20 +90,20 @@ defmodule ProxyAuthTest do
:value => users_db_name
},
%{
- :section => "couch_httpd_auth",
+ :section => "chttpd_auth",
:key => "proxy_use_secret",
:value => "false"
}
]
run_on_modified_server(server_config, fn ->
- test_fun_no_secret(db_name, users_db_name)
+ test_fun_no_secret(users_db_name)
end)
delete_db(users_db_name)
end
- def test_fun_no_secret(db_name, users_db_name) do
+ def test_fun_no_secret(users_db_name) do
user = prepare_user_doc(name: "couch@apache.org", password: "test")
create_doc(users_db_name, user)
@@ -155,13 +117,18 @@ defmodule ProxyAuthTest do
headers = [
"X-Auth-CouchDB-UserName": "couch@apache.org",
- "X-Auth-CouchDB-Roles": "test"
+ "X-Auth-CouchDB-Roles": "test_role_1,test_role_2"
]
- resp = Couch.get("/#{db_name}/_design/test/_show/welcome", headers: headers)
- assert resp.body == "Welcome couch@apache.org"
+ resp2 =
+ Couch.get("/_session",
+ headers: headers
+ )
+
+ assert resp2.body["userCtx"]["name"] == "couch@apache.org"
+ assert resp2.body["userCtx"]["roles"] == ["test_role_1", "test_role_2"]
+ assert resp2.body["info"]["authenticated"] == "proxy"
+ assert resp2.body["ok"] == true
- resp = Couch.get("/#{db_name}/_design/test/_show/role", headers: headers)
- assert resp.body == "test"
end
end