Skip to content

Commit

Permalink
[Dembo] Security middleware authentication auth failed case
Browse files Browse the repository at this point in the history
  • Loading branch information
@walbertus
walbertus committed Aug 30, 2019
1 parent 14c41b4 commit 2eb2fae
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 1 deletion.
7 changes: 7 additions & 0 deletions internal/app/service/security/middleware/authentication.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package middleware
import (
"net/http"

"proctor/internal/app/service/infra/logger"
"proctor/internal/app/service/security/service"
"proctor/internal/pkg/constant"
)
Expand All @@ -19,6 +20,12 @@ func (middleware *authenticationMiddleware) MiddlewareFunc(next http.Handler) ht
w.WriteHeader(http.StatusUnauthorized)
return
}
userDetail, err := middleware.service.Auth(userEmail, token)
logger.LogErrors(err, "authentication user", userEmail)
if userDetail == nil {
w.WriteHeader(http.StatusUnauthorized)
return
}
next.ServeHTTP(w, r)
})
}
43 changes: 42 additions & 1 deletion internal/app/service/security/middleware/authentication_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package middleware

import (
"github.com/pkg/errors"
"net/http"
"net/http/httptest"
"proctor/pkg/auth"
"testing"

"github.com/stretchr/testify/assert"
Expand All @@ -19,7 +21,7 @@ type context interface {

type testContext struct {
authenticationMiddleware authenticationMiddleware
securityService service.SecurityService
securityService *service.SecurityServiceMock
testHandler http.HandlerFunc
}

Expand Down Expand Up @@ -48,6 +50,17 @@ func TestAuthenticationMiddleware_MiddlewareFuncSuccess(t *testing.T) {
ctx.setUp(t)
defer ctx.tearDown()

userDetail := &auth.UserDetail{
Name: "William Dembo",
Email: "email@gmail.com",
Active:true,
Groups: []string{"system", "proctor_maintainer"},
}
securityService := ctx.instance().securityService
securityService.
On("Auth", "email@gmail.com", "a-token").
Return(userDetail, nil)

authenticationMiddleware := ctx.instance().authenticationMiddleware
testHandler := ctx.instance().testHandler
ts := httptest.NewServer(authenticationMiddleware.MiddlewareFunc(testHandler))
Expand Down Expand Up @@ -106,3 +119,31 @@ func TestAuthenticationMiddleware_MiddlewareFuncWithoutEmail(t *testing.T) {

assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
}

func TestAuthenticationMiddleware_MiddlewareFuncAuthFailed(t *testing.T) {
ctx := newContext()
ctx.setUp(t)
defer ctx.tearDown()

var userDetail *auth.UserDetail
securityService := ctx.instance().securityService
securityService.
On("Auth", "email@gmail.com", "a-token").
Return(userDetail, errors.New("authentication failed, please check your access token"))

authenticationMiddleware := ctx.instance().authenticationMiddleware
testHandler := ctx.instance().testHandler
ts := httptest.NewServer(authenticationMiddleware.MiddlewareFunc(testHandler))
defer ts.Close()

client := &http.Client{}

req, _ := http.NewRequest("GET", ts.URL, nil)
req.Header.Add(constant.AccessTokenHeaderKey, "a-token")
req.Header.Add(constant.UserEmailHeaderKey, "email@gmail.com")

resp, _ := client.Do(req)
defer resp.Body.Close()

assert.Equal(t, http.StatusUnauthorized, resp.StatusCode)
}

0 comments on commit 2eb2fae

Please sign in to comment.