From eaddf11df65ae996df46c388529bef09ac80a707 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sat, 15 Apr 2023 15:03:14 +1000 Subject: [PATCH] refactor: http verbs etc (#5248) Signed-off-by: James Elliott --- cmd/authelia-gen/cmd_docs_date.go | 3 +- internal/authorization/authorizer_test.go | 349 +++++++++--------- internal/authorization/types_test.go | 25 +- internal/commands/acl.go | 3 +- .../validator/access_control_test.go | 5 +- internal/configuration/validator/const.go | 3 +- internal/duo/duo.go | 5 +- .../handler_authz_impl_legacy_test.go | 10 +- ...dler_configuration_password_policy_test.go | 7 +- internal/handlers/handler_firstfactor_test.go | 7 +- internal/handlers/handler_health_test.go | 3 +- .../handler_register_duo_device_test.go | 3 +- internal/handlers/handler_sign_duo_test.go | 11 +- internal/handlers/handler_state_test.go | 5 +- internal/handlers/handler_user_info_test.go | 11 +- internal/handlers/webauthn_test.go | 7 +- internal/middlewares/authelia_context_test.go | 8 +- internal/middlewares/cors_test.go | 28 +- .../middlewares/identity_verification_test.go | 10 +- internal/mocks/authelia_ctx.go | 8 +- internal/server/server_test.go | 10 +- internal/suites/action_http.go | 5 +- internal/suites/duo.go | 9 +- .../scenario_backend_protection_test.go | 34 +- .../suites/suite_high_availability_test.go | 9 +- internal/suites/suite_standalone_test.go | 67 ++-- internal/suites/utils.go | 5 +- 27 files changed, 335 insertions(+), 315 deletions(-) diff --git a/cmd/authelia-gen/cmd_docs_date.go b/cmd/authelia-gen/cmd_docs_date.go index 9eea8ccad..fb2883492 100644 --- a/cmd/authelia-gen/cmd_docs_date.go +++ b/cmd/authelia-gen/cmd_docs_date.go @@ -12,6 +12,7 @@ import ( "time" "github.com/spf13/cobra" + "github.com/valyala/fasthttp" "gopkg.in/yaml.v3" ) @@ -24,7 +25,7 @@ func newDocsDateCmd() *cobra.Command { DisableAutoGenTag: true, } - cmd.Flags().String("commit-until", "HEAD", "The commit to check the logs until") + cmd.Flags().String("commit-until", fasthttp.MethodHead, "The commit to check the logs until") cmd.Flags().String("commit-since", "", "The commit to check the logs since") return cmd diff --git a/internal/authorization/authorizer_test.go b/internal/authorization/authorizer_test.go index 0a829b2bf..8d470a4ef 100644 --- a/internal/authorization/authorizer_test.go +++ b/internal/authorization/authorizer_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/configuration/schema" ) @@ -113,20 +114,20 @@ func (s *AuthorizerSuite) TestShouldCheckDefaultBypassConfig() { tester := NewAuthorizerBuilder(). WithDefaultPolicy(bypass).Build() - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass) } func (s *AuthorizerSuite) TestShouldCheckDefaultDeniedConfig() { tester := NewAuthorizerBuilder(). WithDefaultPolicy(deny).Build() - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() { @@ -138,12 +139,12 @@ func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() { }). Build() - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() { @@ -159,10 +160,10 @@ func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() { }). Build() - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() { @@ -174,15 +175,15 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() { }). Build() - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() { @@ -202,10 +203,10 @@ func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() { }). Build() - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() { @@ -326,7 +327,7 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() { for _, tc := range testCases { s.T().Run(tc.name, func(t *testing.T) { - tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, "GET", tc.expected) + tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, fasthttp.MethodGet, tc.expected) }) } } @@ -349,9 +350,9 @@ func (s *AuthorizerSuite) TestShouldCheckRulePrecedence() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", "GET", TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", fasthttp.MethodGet, TwoFactor) } func (s *AuthorizerSuite) TestShouldCheckDomainMatching() { @@ -379,23 +380,23 @@ func (s *AuthorizerSuite) TestShouldCheckDomainMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", "GET", TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://x.example.com", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://x.example.com", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", fasthttp.MethodGet, OneFactor) s.Require().Len(tester.rules, 5) @@ -487,12 +488,12 @@ func (s *AuthorizerSuite) TestShouldCheckDomainRegexMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", "GET", Denied) - tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", fasthttp.MethodGet, Denied) s.Require().Len(tester.rules, 5) @@ -564,43 +565,43 @@ func (s *AuthorizerSuite) TestShouldCheckResourceSubjectMatching() { Build() // Accessing the unprotected root. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", "GET", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", fasthttp.MethodGet, Bypass) // Accessing Personal page. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor) // Accessing an invalid users Personal page. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, OneFactor) // Accessing another users Personal page. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor) // Accessing a Group page. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", "GET", Denied) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor) // Accessing an invalid group's Group page. - tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", "GET", Denied) - tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, OneFactor) s.Require().Len(tester.rules, 3) @@ -635,8 +636,8 @@ func (s *AuthorizerSuite) TestShouldCheckUserMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckGroupMatching() { @@ -649,8 +650,8 @@ func (s *AuthorizerSuite) TestShouldCheckGroupMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied) } func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() { @@ -663,10 +664,10 @@ func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) } func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() { @@ -679,9 +680,9 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) } func (s *AuthorizerSuite) TestShouldCheckIPMatching() { @@ -714,18 +715,18 @@ func (s *AuthorizerSuite) TestShouldCheckIPMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, Denied) - tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", fasthttp.MethodGet, Denied) - tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", "GET", Denied) - tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", "GET", TwoFactor) + tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor) } func (s *AuthorizerSuite) TestShouldCheckMethodMatching() { @@ -734,31 +735,31 @@ func (s *AuthorizerSuite) TestShouldCheckMethodMatching() { WithRule(schema.ACLRule{ Domains: []string{"protected.example.com"}, Policy: bypass, - Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"}, + Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace}, }). WithRule(schema.ACLRule{ Domains: []string{"protected.example.com"}, Policy: oneFactor, - Methods: []string{"PUT", "PATCH", "POST"}, + Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodPost}, }). WithRule(schema.ACLRule{ Domains: []string{"protected.example.com"}, Policy: twoFactor, - Methods: []string{"DELETE"}, + Methods: []string{fasthttp.MethodDelete}, }). Build() - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "OPTIONS", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "HEAD", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "CONNECT", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "TRACE", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodOptions, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodHead, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodConnect, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodTrace, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "PUT", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "PATCH", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "POST", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodPut, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodPatch, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodPost, OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "DELETE", TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodDelete, TwoFactor) } func (s *AuthorizerSuite) TestShouldCheckResourceMatching() { @@ -799,34 +800,34 @@ func (s *AuthorizerSuite) TestShouldCheckResourceMatching() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", "GET", Bypass) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", "GET", Denied) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", "GET", TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", fasthttp.MethodGet, TwoFactor) } // This test assures that rules without domains (not allowed by schema validator at this time) will pass validation correctly. @@ -834,33 +835,33 @@ func (s *AuthorizerSuite) TestShouldMatchAnyDomainIfBlank() { tester := NewAuthorizerBuilder(). WithRule(schema.ACLRule{ Policy: bypass, - Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"}, + Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace}, }). WithRule(schema.ACLRule{ Policy: oneFactor, - Methods: []string{"PUT", "PATCH"}, + Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch}, }). WithRule(schema.ACLRule{ Policy: twoFactor, - Methods: []string{"DELETE"}, + Methods: []string{fasthttp.MethodDelete}, }). Build() - tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "OPTIONS", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodOptions, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "PUT", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "PATCH", OneFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "PUT", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPut, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPatch, OneFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPut, OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "DELETE", TwoFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "DELETE", TwoFactor) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "DELETE", TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodDelete, TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodDelete, TwoFactor) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodDelete, TwoFactor) - tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "POST", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "POST", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "POST", Denied) + tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPost, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPost, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPost, Denied) } func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() { @@ -911,29 +912,29 @@ func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() { }). Build() - tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", "GET", OneFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", "GET", OneFactor) + tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor) - tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", "GET", Bypass) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", "GET", Bypass) + tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", fasthttp.MethodGet, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", "GET", Bypass) - tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", "GET", Denied) + tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass) + tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Denied) // This test returns this result since we validate the schema instead of validating it in code. - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", "GET", Bypass) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass) - tester.CheckAuthorizations(s.T(), John, "https://private.example.com", "GET", TwoFactor) - tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", "GET", Denied) - tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", "GET", TwoFactor) + tester.CheckAuthorizations(s.T(), John, "https://private.example.com", fasthttp.MethodGet, TwoFactor) + tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", fasthttp.MethodGet, Denied) + tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", fasthttp.MethodGet, TwoFactor) - results := tester.GetRuleMatchResults(John, "https://private.example.com", "GET") + results := tester.GetRuleMatchResults(John, "https://private.example.com", fasthttp.MethodGet) s.Require().Len(results, 7) diff --git a/internal/authorization/types_test.go b/internal/authorization/types_test.go index c598af59a..00ced8aef 100644 --- a/internal/authorization/types_test.go +++ b/internal/authorization/types_test.go @@ -6,6 +6,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/valyala/fasthttp" ) func TestShouldAppendQueryParamToURL(t *testing.T) { @@ -13,12 +14,12 @@ func TestShouldAppendQueryParamToURL(t *testing.T) { require.NoError(t, err) - object := NewObject(targetURL, "GET") + object := NewObject(targetURL, fasthttp.MethodGet) assert.Equal(t, "https", object.URL.Scheme) assert.Equal(t, "domain.example.com", object.Domain) assert.Equal(t, "/api?type=none", object.Path) - assert.Equal(t, "GET", object.Method) + assert.Equal(t, fasthttp.MethodGet, object.Method) } func TestShouldCreateNewObjectFromRaw(t *testing.T) { @@ -26,13 +27,13 @@ func TestShouldCreateNewObjectFromRaw(t *testing.T) { require.NoError(t, err) - object := NewObjectRaw(targetURL, []byte("GET")) + object := NewObjectRaw(targetURL, []byte(fasthttp.MethodGet)) assert.Equal(t, "https", object.URL.Scheme) assert.Equal(t, "domain.example.com", object.Domain) assert.Equal(t, "/api", object.URL.Path) assert.Equal(t, "/api", object.Path) - assert.Equal(t, "GET", object.Method) + assert.Equal(t, fasthttp.MethodGet, object.Method) } func TestShouldCleanURL(t *testing.T) { @@ -43,14 +44,14 @@ func TestShouldCleanURL(t *testing.T) { expectedScheme, expectedDomain, expectedPath, expectedPathClean string }{ - {"https://a.com", "/a/../t", "GET", "https", "a.com", "/a/../t", "/t"}, - {"https://a.com", "/a/..%2f/t", "GET", "https", "a.com", "/a/..//t", "/t"}, - {"https://a.com", "/a/..%2ft", "GET", "https", "a.com", "/a/../t", "/t"}, - {"https://a.com", "/a/..%2F/t", "GET", "https", "a.com", "/a/..//t", "/t"}, - {"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"}, - {"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"}, - {"https://a.com", "/a/%2F..%2Ft", "GET", "https", "a.com", "/a//../t", "/t"}, - {"https://a.com", "/a/%2F%2e%2e%2Ft", "GET", "https", "a.com", "/a//../t", "/t"}, + {"https://a.com", "/a/../t", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"}, + {"https://a.com", "/a/..%2f/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"}, + {"https://a.com", "/a/..%2ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"}, + {"https://a.com", "/a/..%2F/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"}, + {"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"}, + {"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"}, + {"https://a.com", "/a/%2F..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"}, + {"https://a.com", "/a/%2F%2e%2e%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"}, } for _, tc := range testCases { diff --git a/internal/commands/acl.go b/internal/commands/acl.go index 7f573a73b..66ea2e3c6 100644 --- a/internal/commands/acl.go +++ b/internal/commands/acl.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/spf13/cobra" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/authorization" "github.com/authelia/authelia/v4/internal/configuration/validator" @@ -45,7 +46,7 @@ func newAccessControlCheckCommand(ctx *CmdCtx) (cmd *cobra.Command) { } cmd.Flags().String("url", "", "the url of the object") - cmd.Flags().String("method", "GET", "the HTTP method of the object") + cmd.Flags().String("method", fasthttp.MethodGet, "the HTTP method of the object") cmd.Flags().String("username", "", "the username of the subject") cmd.Flags().StringSlice("groups", nil, "the groups of the subject") cmd.Flags().String("ip", "", "the ip of the subject") diff --git a/internal/configuration/validator/access_control_test.go b/internal/configuration/validator/access_control_test.go index 1543959e0..4859909c3 100644 --- a/internal/configuration/validator/access_control_test.go +++ b/internal/configuration/validator/access_control_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/configuration/schema" ) @@ -185,7 +186,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() { { Domains: []string{"public.example.com"}, Policy: "bypass", - Methods: []string{"GET", "HOP"}, + Methods: []string{fasthttp.MethodGet, "HOP"}, }, } @@ -202,7 +203,7 @@ func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() { { Domains: []string{"public.example.com"}, Policy: "bypass", - Methods: []string{"GET", "GET"}, + Methods: []string{fasthttp.MethodGet, fasthttp.MethodGet}, }, } diff --git a/internal/configuration/validator/const.go b/internal/configuration/validator/const.go index 3fbaa8ded..29922efe7 100644 --- a/internal/configuration/validator/const.go +++ b/internal/configuration/validator/const.go @@ -4,6 +4,7 @@ import ( "regexp" "github.com/go-webauthn/webauthn/protocol" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/oidc" @@ -380,7 +381,7 @@ var ( validLogLevels = []string{"trace", "debug", "info", "warn", "error"} validWebAuthnConveyancePreferences = []string{string(protocol.PreferNoAttestation), string(protocol.PreferIndirectAttestation), string(protocol.PreferDirectAttestation)} validWebAuthnUserVerificationRequirement = []string{string(protocol.VerificationDiscouraged), string(protocol.VerificationPreferred), string(protocol.VerificationRequired)} - validRFC7231HTTPMethodVerbs = []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "TRACE", "CONNECT", "OPTIONS"} + validRFC7231HTTPMethodVerbs = []string{fasthttp.MethodGet, fasthttp.MethodHead, fasthttp.MethodPost, fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodDelete, fasthttp.MethodTrace, fasthttp.MethodConnect, fasthttp.MethodOptions} validRFC4918HTTPMethodVerbs = []string{"COPY", "LOCK", "MKCOL", "MOVE", "PROPFIND", "PROPPATCH", "UNLOCK"} ) diff --git a/internal/duo/duo.go b/internal/duo/duo.go index b34290c7b..1a70674ad 100644 --- a/internal/duo/duo.go +++ b/internal/duo/duo.go @@ -5,6 +5,7 @@ import ( "net/url" duoapi "github.com/duosecurity/duo_api_golang" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/middlewares" "github.com/authelia/authelia/v4/internal/session" @@ -47,7 +48,7 @@ func (d *APIImpl) Call(ctx *middlewares.AutheliaCtx, userSession *session.UserSe func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*PreAuthResponse, error) { var preAuthResponse PreAuthResponse - response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/preauth") + response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/preauth") if err != nil { return nil, err } @@ -64,7 +65,7 @@ func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session func (d *APIImpl) AuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*AuthResponse, error) { var authResponse AuthResponse - response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/auth") + response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/auth") if err != nil { return nil, err } diff --git a/internal/handlers/handler_authz_impl_legacy_test.go b/internal/handlers/handler_authz_impl_legacy_test.go index 82d798d84..3b5238072 100644 --- a/internal/handlers/handler_authz_impl_legacy_test.go +++ b/internal/handlers/handler_authz_impl_legacy_test.go @@ -477,7 +477,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuth() { // TestShouldVeri s.ConfigureMockSessionProviderWithAutomaticAutheliaURLs(mock) mock.Ctx.QueryArgs().Add("auth", "basic") - mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==") + mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==") mock.Ctx.Request.Header.Set("X-Original-URL", "https://one-factor.example.com") gomock.InOrder( @@ -510,19 +510,19 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() { { "HeaderEmpty", // TestShouldVerifyAuthBasicArgFailingEmptyHeader. func(mock *mocks.MockAutheliaCtx) { - mock.Ctx.Request.Header.Set("Authorization", "") + mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "") }, }, { "HeaderIncorrect", // TestShouldVerifyAuthBasicArgFailingWrongHeader. func(mock *mocks.MockAutheliaCtx) { - mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==") + mock.Ctx.Request.Header.Set(fasthttp.HeaderProxyAuthorization, "Basic am9objpwYXNzd29yZA==") }, }, { "IncorrectPassword", // TestShouldVerifyAuthBasicArgFailingWrongPassword. func(mock *mocks.MockAutheliaCtx) { - mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==") + mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==") mock.UserProviderMock.EXPECT(). CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")). @@ -532,7 +532,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() { { "NoAccess", // TestShouldVerifyAuthBasicArgFailingWrongPassword. func(mock *mocks.MockAutheliaCtx) { - mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==") + mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==") mock.Ctx.Request.Header.Set("X-Original-URL", "https://admin.example.com/") gomock.InOrder( diff --git a/internal/handlers/handler_configuration_password_policy_test.go b/internal/handlers/handler_configuration_password_policy_test.go index 600c89dfd..a9a5b2fb7 100644 --- a/internal/handlers/handler_configuration_password_policy_test.go +++ b/internal/handlers/handler_configuration_password_policy_test.go @@ -8,6 +8,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/mocks" ) @@ -41,7 +42,7 @@ func (s *PasswordPolicySuite) TestShouldBeDisabled() { err := json.Unmarshal(s.mock.Ctx.Response.Body(), response) require.NoError(s.T(), err) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), "disabled", response.Data.Mode) } @@ -57,7 +58,7 @@ func (s *PasswordPolicySuite) TestShouldBeStandard() { err := json.Unmarshal(s.mock.Ctx.Response.Body(), response) require.NoError(s.T(), err) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), "standard", response.Data.Mode) assert.Equal(s.T(), 4, response.Data.MinLength) assert.Equal(s.T(), 8, response.Data.MaxLength) @@ -73,7 +74,7 @@ func (s *PasswordPolicySuite) TestShouldBeZXCVBN() { err := json.Unmarshal(s.mock.Ctx.Response.Body(), response) require.NoError(s.T(), err) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), "zxcvbn", response.Data.Mode) } diff --git a/internal/handlers/handler_firstfactor_test.go b/internal/handlers/handler_firstfactor_test.go index d6f8082ad..7c59857e7 100644 --- a/internal/handlers/handler_firstfactor_test.go +++ b/internal/handlers/handler_firstfactor_test.go @@ -7,6 +7,7 @@ import ( "github.com/golang/mock/gomock" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/authentication" "github.com/authelia/authelia/v4/internal/authorization" @@ -206,7 +207,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeChecked() { FirstFactorPOST(nil)(s.mock.Ctx) // Respond with 200. - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body()) userSession, err := s.mock.Ctx.GetSession() @@ -248,7 +249,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeUnchecked() { FirstFactorPOST(nil)(s.mock.Ctx) // Respond with 200. - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body()) userSession, err := s.mock.Ctx.GetSession() @@ -293,7 +294,7 @@ func (s *FirstFactorSuite) TestShouldSaveUsernameFromAuthenticationBackendInSess FirstFactorPOST(nil)(s.mock.Ctx) // Respond with 200. - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body()) userSession, err := s.mock.Ctx.GetSession() diff --git a/internal/handlers/handler_health_test.go b/internal/handlers/handler_health_test.go index f268fccf7..2b2857c04 100644 --- a/internal/handlers/handler_health_test.go +++ b/internal/handlers/handler_health_test.go @@ -4,6 +4,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/authentication" "github.com/authelia/authelia/v4/internal/mocks" @@ -21,6 +22,6 @@ func TestHealthOk(t *testing.T) { HealthGET(mock.Ctx) - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) assert.Equal(t, okMessageBytes, mock.Ctx.Response.Body()) } diff --git a/internal/handlers/handler_register_duo_device_test.go b/internal/handlers/handler_register_duo_device_test.go index f16eead9d..6258c389c 100644 --- a/internal/handlers/handler_register_duo_device_test.go +++ b/internal/handlers/handler_register_duo_device_test.go @@ -9,6 +9,7 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/duo" "github.com/authelia/authelia/v4/internal/mocks" @@ -136,7 +137,7 @@ func (s *RegisterDuoDeviceSuite) TestShouldRespondOK() { DuoDevicePOST(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func (s *RegisterDuoDeviceSuite) TestShouldRespondKOOnInvalidMethod() { diff --git a/internal/handlers/handler_sign_duo_test.go b/internal/handlers/handler_sign_duo_test.go index 284dac9ef..d02933177 100644 --- a/internal/handlers/handler_sign_duo_test.go +++ b/internal/handlers/handler_sign_duo_test.go @@ -11,6 +11,7 @@ import ( "github.com/golang/mock/gomock" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/duo" @@ -122,7 +123,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldAutoSelect() { s.mock.Ctx.Request.SetBody(bodyBytes) DuoPOST(duoMock)(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func (s *SecondFactorDuoPostSuite) TestShouldDenyAutoSelect() { @@ -328,7 +329,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldUseInvalidMethodAndAutoSelect() { s.mock.Ctx.Request.SetBody(bodyBytes) DuoPOST(duoMock)(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() { @@ -352,7 +353,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() { DuoPOST(duoMock)(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() { @@ -382,7 +383,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() { DuoPOST(duoMock)(s.mock.Ctx) - assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode()) } func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndFail() { @@ -452,7 +453,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndDenyAccess() { DuoPOST(duoMock)(s.mock.Ctx) - assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode()) } func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndFail() { diff --git a/internal/handlers/handler_state_test.go b/internal/handlers/handler_state_test.go index 20baf25ce..793668374 100644 --- a/internal/handlers/handler_state_test.go +++ b/internal/handlers/handler_state_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/authentication" "github.com/authelia/authelia/v4/internal/mocks" @@ -52,7 +53,7 @@ func (s *StateGetSuite) TestShouldReturnUsernameFromSession() { err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody) require.NoError(s.T(), err) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType()) assert.Equal(s.T(), expectedBody, actualBody) } @@ -84,7 +85,7 @@ func (s *StateGetSuite) TestShouldReturnAuthenticationLevelFromSession() { err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody) require.NoError(s.T(), err) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType()) assert.Equal(s.T(), expectedBody, actualBody) } diff --git a/internal/handlers/handler_user_info_test.go b/internal/handlers/handler_user_info_test.go index 30eff7cf0..8da334dad 100644 --- a/internal/handlers/handler_user_info_test.go +++ b/internal/handlers/handler_user_info_test.go @@ -10,6 +10,7 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/mocks" @@ -116,7 +117,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) { if resp.err == nil { t.Run("expected status code", func(t *testing.T) { - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) }) actualPreferences := model.UserInfo{} @@ -140,7 +141,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) { }) } else { t.Run("expected status code", func(t *testing.T) { - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) }) errResponse := mock.GetResponseError(t) @@ -310,7 +311,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) { if resp.loadErr == nil && resp.saveErr == nil { t.Run(fmt.Sprintf("%s/%s", resp.description, "expected status code"), func(t *testing.T) { - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) }) actualPreferences := model.UserInfo{} @@ -334,7 +335,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) { }) } else { t.Run("expected status code", func(t *testing.T) { - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) }) errResponse := mock.GetResponseError(t) @@ -440,7 +441,7 @@ func (s *SaveSuite) TestShouldReturn200WhenMethodIsSuccessfullySaved() { MethodPreferencePOST(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func TestSaveSuite(t *testing.T) { diff --git a/internal/handlers/webauthn_test.go b/internal/handlers/webauthn_test.go index 9678ff389..fcfa831a9 100644 --- a/internal/handlers/webauthn_test.go +++ b/internal/handlers/webauthn_test.go @@ -7,6 +7,7 @@ import ( "github.com/go-webauthn/webauthn/protocol" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/mocks" "github.com/authelia/authelia/v4/internal/model" @@ -146,7 +147,7 @@ func TestWebAuthnGetUserWithErr(t *testing.T) { func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T) { ctx := mocks.NewMockAutheliaCtx(t) - ctx.Ctx.Request.Header.Del("X-Forwarded-Host") + ctx.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost) w, err := newWebAuthn(ctx.Ctx) @@ -157,9 +158,9 @@ func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T) func TestWebAuthnNewWebAuthnShouldReturnErrWhenWebAuthnNotConfigured(t *testing.T) { ctx := mocks.NewMockAutheliaCtx(t) - ctx.Ctx.Request.Header.Set("X-Forwarded-Host", "example.com") + ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com") ctx.Ctx.Request.Header.Set("X-Forwarded-URI", "/") - ctx.Ctx.Request.Header.Set("X-Forwarded-Proto", "https") + ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https") w, err := newWebAuthn(ctx.Ctx) diff --git a/internal/middlewares/authelia_context_test.go b/internal/middlewares/authelia_context_test.go index 448113191..6b263a46b 100644 --- a/internal/middlewares/authelia_context_test.go +++ b/internal/middlewares/authelia_context_test.go @@ -182,7 +182,7 @@ func TestShouldGetOriginalURLFromForwardedHeadersWithURI(t *testing.T) { func TestShouldFallbackToNonXForwardedHeaders(t *testing.T) { mock := mocks.NewMockAutheliaCtx(t) - mock.Ctx.Request.Header.Del("X-Forwarded-Host") + mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost) defer mock.Close() @@ -198,19 +198,19 @@ func TestShouldOnlyFallbackToNonXForwardedHeadersWhenNil(t *testing.T) { mock := mocks.NewMockAutheliaCtx(t) defer mock.Close() - mock.Ctx.Request.Header.Del("X-Forwarded-Host") + mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost) mock.Ctx.RequestCtx.Request.SetRequestURI("/2fa/one-time-password") mock.Ctx.RequestCtx.Request.SetHost("localhost") mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "auth.example.com:1234") mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-URI", "/base/2fa/one-time-password") mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https") - mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", "GET") + mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", fasthttp.MethodGet) assert.Equal(t, []byte("https"), mock.Ctx.XForwardedProto()) assert.Equal(t, []byte("auth.example.com:1234"), mock.Ctx.GetXForwardedHost()) assert.Equal(t, []byte("/base/2fa/one-time-password"), mock.Ctx.GetXForwardedURI()) - assert.Equal(t, []byte("GET"), mock.Ctx.XForwardedMethod()) + assert.Equal(t, []byte(fasthttp.MethodGet), mock.Ctx.XForwardedMethod()) } func TestShouldDetectXHR(t *testing.T) { diff --git a/internal/middlewares/cors_test.go b/internal/middlewares/cors_test.go index 0273eb69d..b7ba40b77 100644 --- a/internal/middlewares/cors_test.go +++ b/internal/middlewares/cors_test.go @@ -56,13 +56,13 @@ func TestCORSPolicyBuilder_WithAllowedMethods(t *testing.T) { assert.Nil(t, cors.methods) - cors.WithAllowedMethods("GET") + cors.WithAllowedMethods(fasthttp.MethodGet) - assert.Equal(t, []string{"GET"}, cors.methods) + assert.Equal(t, []string{fasthttp.MethodGet}, cors.methods) - cors.WithAllowedMethods("POST", "PATCH") + cors.WithAllowedMethods(fasthttp.MethodPost, fasthttp.MethodPatch) - assert.Equal(t, []string{"POST", "PATCH"}, cors.methods) + assert.Equal(t, []string{fasthttp.MethodPost, fasthttp.MethodPatch}, cors.methods) cors.WithAllowedMethods() @@ -167,7 +167,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS(t *testing.T) { ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") ctx.Request.Header.SetBytesKV(headerOrigin, origin) - cors.WithAllowedMethods("GET", "OPTIONS") + cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy = cors.Build() policy.HandleOPTIONS(ctx) @@ -245,7 +245,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS_WithoutOrigin(t *testing.T) { ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") - cors.WithAllowedMethods("GET", "OPTIONS") + cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy = cors.Build() policy.HandleOPTIONS(ctx) @@ -311,7 +311,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedOrigins(t *testing.T) { ctx.Request.Header.SetBytesKV(headerOrigin, origin) cors.WithAllowedOrigins("*") - cors.WithAllowedMethods("GET", "OPTIONS") + cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy = cors.Build() policy.HandleOPTIONS(ctx) @@ -383,7 +383,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithVaryOnly(t *testing.T) { ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") ctx.Request.Header.SetBytesKV(headerOrigin, origin) - cors.WithAllowedMethods("GET", "OPTIONS") + cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy = cors.Build() policy.HandleOPTIONS(ctx) @@ -429,7 +429,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedHeaders(t *testing.T) { ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") ctx.Request.Header.SetBytesKV(headerOrigin, origin) - cors.WithAllowedMethods("GET", "OPTIONS") + cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy = cors.Build() policy.HandleOPTIONS(ctx) @@ -516,7 +516,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) { ctx.Request.Header.SetBytesKV(headerOrigin, origin) ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") - ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET") + ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet) cors := NewCORSPolicyBuilder() @@ -528,7 +528,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) { assert.Equal(t, headerValueFalse, ctx.Response.Header.PeekBytes(headerAccessControlAllowCredentials)) assert.Equal(t, headerValueMaxAge, ctx.Response.Header.PeekBytes(headerAccessControlMaxAge)) assert.Equal(t, []byte("X-Example-Header"), ctx.Response.Header.PeekBytes(headerAccessControlAllowHeaders)) - assert.Equal(t, []byte("GET"), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods)) + assert.Equal(t, []byte(fasthttp.MethodGet), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods)) } func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t *testing.T) { @@ -538,7 +538,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t ctx.Request.Header.SetBytesKV(headerOrigin, origin) ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") - ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET") + ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet) cors := NewCORSPolicyBuilder().WithVary() @@ -560,11 +560,11 @@ func Test_CORSMiddleware_AsMiddleware(t *testing.T) { ctx.Request.Header.SetBytesKV(headerOrigin, origin) ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header") - ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET") + ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet) middleware := NewBridgeBuilder(schema.Configuration{}, Providers{}).Build() - cors := NewCORSPolicyBuilder().WithAllowedMethods("GET", "OPTIONS") + cors := NewCORSPolicyBuilder().WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions) policy := cors.Build() diff --git a/internal/middlewares/identity_verification_test.go b/internal/middlewares/identity_verification_test.go index 2831eef3b..205de70f0 100644 --- a/internal/middlewares/identity_verification_test.go +++ b/internal/middlewares/identity_verification_test.go @@ -48,7 +48,7 @@ func TestShouldFailStartingProcessIfUserHasNoEmailAddress(t *testing.T) { middlewares.IdentityVerificationStart(newArgs(retriever), nil)(mock.Ctx) - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) assert.Equal(t, "User does not have any email", mock.Hook.LastEntry().Message) } @@ -65,7 +65,7 @@ func TestShouldFailIfJWTCannotBeSaved(t *testing.T) { args := newArgs(defaultRetriever) middlewares.IdentityVerificationStart(args, nil)(mock.Ctx) - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) assert.Equal(t, "cannot save", mock.Hook.LastEntry().Message) } @@ -88,7 +88,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) { args := newArgs(defaultRetriever) middlewares.IdentityVerificationStart(args, nil)(mock.Ctx) - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) assert.Equal(t, "no notif", mock.Hook.LastEntry().Message) } @@ -110,7 +110,7 @@ func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) { args := newArgs(defaultRetriever) middlewares.IdentityVerificationStart(args, nil)(mock.Ctx) - assert.Equal(t, 200, mock.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) defer mock.Close() } @@ -272,7 +272,7 @@ func (s *IdentityVerificationFinishProcess) TestShouldReturn200OnFinishComplete( middlewares.IdentityVerificationFinish(newFinishArgs(), next)(s.mock.Ctx) - assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode()) + assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode()) } func TestRunIdentityVerificationFinish(t *testing.T) { diff --git a/internal/mocks/authelia_ctx.go b/internal/mocks/authelia_ctx.go index 486beeac9..cd6947673 100644 --- a/internal/mocks/authelia_ctx.go +++ b/internal/mocks/authelia_ctx.go @@ -219,7 +219,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx { // request.Request.Header.SetCookie("authelia_session", "client_cookie"). // Set X-Forwarded-Host for compatibility with multi-root-domain implementation. - request.Request.Header.Set("X-Forwarded-Host", "example.com") + request.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com") ctx := middlewares.NewAutheliaCtx(request, config, providers) mockAuthelia.Ctx = ctx @@ -256,19 +256,19 @@ func (m *MockAutheliaCtx) SetRequestBody(t *testing.T, body interface{}) { // Assert401KO assert an error response from the service. func (m *MockAutheliaCtx) Assert401KO(t *testing.T, message string) { - assert.Equal(t, 401, m.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusUnauthorized, m.Ctx.Response.StatusCode()) assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body())) } // Assert200KO assert an error response from the service. func (m *MockAutheliaCtx) Assert200KO(t *testing.T, message string) { - assert.Equal(t, 200, m.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode()) assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body())) } // Assert200OK assert a successful response from the service. func (m *MockAutheliaCtx) Assert200OK(t *testing.T, data interface{}) { - assert.Equal(t, 200, m.Ctx.Response.StatusCode()) + assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode()) response := middlewares.OKResponse{ Status: "OK", diff --git a/internal/server/server_test.go b/internal/server/server_test.go index 4514f5619..18e506a4b 100644 --- a/internal/server/server_test.go +++ b/internal/server/server_test.go @@ -200,7 +200,7 @@ func TestShouldRaiseErrorWhenClientDoesNotSkipVerify(t *testing.T) { defer tlsServerContext.Close() - req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil) require.NoError(t, err) _, err = http.DefaultClient.Do(req) @@ -228,7 +228,7 @@ func TestShouldServeOverTLSWhenClientDoesSkipVerify(t *testing.T) { defer tlsServerContext.Close() - req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) require.NoError(t, err) tr := &http.Transport{ @@ -265,7 +265,7 @@ func TestShouldServeOverTLSWhenClientHasProperRootCA(t *testing.T) { defer tlsServerContext.Close() - req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) require.NoError(t, err) block, _ := pem.Decode(certificateContext.Certificates[0].CertificatePEM) @@ -317,7 +317,7 @@ func TestShouldRaiseWhenMutualTLSIsConfiguredAndClientIsNotAuthenticated(t *test defer tlsServerContext.Close() - req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) require.NoError(t, err) // Create a root CA for the client to properly validate server cert. @@ -360,7 +360,7 @@ func TestShouldServeProperlyWhenMutualTLSIsConfiguredAndClientIsAuthenticated(t defer tlsServerContext.Close() - req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil) require.NoError(t, err) // Create a root CA for the client to properly validate server cert. diff --git a/internal/suites/action_http.go b/internal/suites/action_http.go index 2be335e2a..215c99df5 100644 --- a/internal/suites/action_http.go +++ b/internal/suites/action_http.go @@ -6,14 +6,15 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/valyala/fasthttp" ) func doHTTPGetQuery(t *testing.T, url string) []byte { client := NewHTTPClient() - req, err := http.NewRequest("GET", url, nil) + req, err := http.NewRequest(fasthttp.MethodGet, url, nil) assert.NoError(t, err) - req.Header.Add("Accept", "application/json") + req.Header.Add(fasthttp.HeaderAccept, "application/json") resp, err := client.Do(req) assert.NoError(t, err) diff --git a/internal/suites/duo.go b/internal/suites/duo.go index 544c5a095..73c4bad43 100644 --- a/internal/suites/duo.go +++ b/internal/suites/duo.go @@ -8,6 +8,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/duo" ) @@ -29,13 +30,13 @@ func ConfigureDuo(t *testing.T, allowDeny DuoPolicy) { url = fmt.Sprintf("%s/deny", DuoBaseURL) } - req, err := http.NewRequest("POST", url, nil) + req, err := http.NewRequest(fasthttp.MethodPost, url, nil) require.NoError(t, err) client := NewHTTPClient() res, err := client.Do(req) require.NoError(t, err) - require.Equal(t, 200, res.StatusCode) + require.Equal(t, fasthttp.StatusOK, res.StatusCode) } // ConfigureDuoPreAuth configure duo api to respond with available devices or enrollment Url. @@ -45,12 +46,12 @@ func ConfigureDuoPreAuth(t *testing.T, response duo.PreAuthResponse) { body, err := json.Marshal(response) require.NoError(t, err) - req, err := http.NewRequest("POST", url, bytes.NewReader(body)) + req, err := http.NewRequest(fasthttp.MethodPost, url, bytes.NewReader(body)) req.Header.Set("Content-Type", "application/json") require.NoError(t, err) client := NewHTTPClient() res, err := client.Do(req) require.NoError(t, err) - require.Equal(t, 200, res.StatusCode) + require.Equal(t, fasthttp.StatusOK, res.StatusCode) } diff --git a/internal/suites/scenario_backend_protection_test.go b/internal/suites/scenario_backend_protection_test.go index 1f71b5c0d..cfbdbfb89 100644 --- a/internal/suites/scenario_backend_protection_test.go +++ b/internal/suites/scenario_backend_protection_test.go @@ -48,32 +48,32 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string, } func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() { - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), 403) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), fasthttp.StatusForbidden) - s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 403) + s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusForbidden) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), 403) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), 403) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden) } func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() { - s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404) - s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404) + s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound) + s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound) - s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404) - s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404) - s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404) + s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound) + s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound) + s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound) } func (s *BackendProtectionScenario) TestInvalidEndpointsReturn405() { - s.AssertRequestStatusCode("PUT", fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 405) + s.AssertRequestStatusCode(fasthttp.MethodPut, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusMethodNotAllowed) } func TestRunBackendProtection(t *testing.T) { diff --git a/internal/suites/suite_high_availability_test.go b/internal/suites/suite_high_availability_test.go index d8077d28e..e2133a4e1 100644 --- a/internal/suites/suite_high_availability_test.go +++ b/internal/suites/suite_high_availability_test.go @@ -10,6 +10,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" ) type HighAvailabilityWebDriverSuite struct { @@ -282,7 +283,7 @@ func NewHighAvailabilitySuite() *HighAvailabilitySuite { func DoGetWithAuth(t *testing.T, username, password string) int { client := NewHTTPClient() - req, err := http.NewRequest("GET", fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil) assert.NoError(t, err) req.SetBasicAuth(username, password) @@ -293,9 +294,9 @@ func DoGetWithAuth(t *testing.T, username, password string) int { } func (s *HighAvailabilitySuite) TestBasicAuth() { - s.Assert().Equal(DoGetWithAuth(s.T(), "john", "password"), 200) - s.Assert().Equal(DoGetWithAuth(s.T(), "john", "bad-password"), 302) - s.Assert().Equal(DoGetWithAuth(s.T(), "dontexist", "password"), 302) + s.Assert().Equal(fasthttp.StatusOK, DoGetWithAuth(s.T(), "john", "password")) + s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "john", "bad-password")) + s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "dontexist", "password")) } func (s *HighAvailabilitySuite) Test1FAScenario() { diff --git a/internal/suites/suite_standalone_test.go b/internal/suites/suite_standalone_test.go index be76d0730..6ff0d2775 100644 --- a/internal/suites/suite_standalone_test.go +++ b/internal/suites/suite_standalone_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/storage" "github.com/authelia/authelia/v4/internal/utils" @@ -185,55 +186,55 @@ func NewStandaloneSuite() *StandaloneSuite { } func (s *StandaloneSuite) TestShouldRespectMethodsACL() { - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) s.Assert().NoError(err) - req.Header.Set("X-Forwarded-Method", "GET") - req.Header.Set("X-Forwarded-Proto", "https") - req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain)) + req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet) + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") + req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain)) req.Header.Set("X-Forwarded-URI", "/") - req.Header.Set("Accept", "text/html; charset=utf8") + req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8") client := NewHTTPClient() res, err := client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 302) + s.Assert().Equal(fasthttp.StatusFound, res.StatusCode) body, err := io.ReadAll(res.Body) s.Assert().NoError(err) urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/") s.Assert().Equal(fmt.Sprintf("302 Found", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body)) - req.Header.Set("X-Forwarded-Method", "OPTIONS") + req.Header.Set("X-Forwarded-Method", fasthttp.MethodOptions) res, err = client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 200) + s.Assert().Equal(fasthttp.StatusOK, res.StatusCode) } func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() { - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) s.Assert().NoError(err) - req.Header.Set("X-Forwarded-Method", "GET") - req.Header.Set("X-Forwarded-Proto", "https") - req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain)) + req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet) + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") + req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain)) req.Header.Set("X-Forwarded-URI", "/") - req.Header.Set("Accept", "text/html; charset=utf8") + req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8") client := NewHTTPClient() res, err := client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 302) + s.Assert().Equal(fasthttp.StatusFound, res.StatusCode) body, err := io.ReadAll(res.Body) s.Assert().NoError(err) urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/") s.Assert().Equal(fmt.Sprintf("302 Found", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body)) - req.Header.Set("X-Forwarded-Method", "POST") + req.Header.Set("X-Forwarded-Method", fasthttp.MethodPost) res, err = client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 303) + s.Assert().Equal(fasthttp.StatusSeeOther, res.StatusCode) body, err = io.ReadAll(res.Body) s.Assert().NoError(err) @@ -243,16 +244,16 @@ func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() { // Standard case using nginx. func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() { - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil) s.Assert().NoError(err) - req.Header.Set("X-Forwarded-Proto", "https") + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") req.Header.Set("X-Original-URL", AdminBaseURL) - req.Header.Set("Accept", "text/html; charset=utf8") + req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8") client := NewHTTPClient() res, err := client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 401) + s.Assert().Equal(fasthttp.StatusUnauthorized, res.StatusCode) body, err := io.ReadAll(res.Body) s.Assert().NoError(err) s.Assert().Equal("401 Unauthorized", string(body)) @@ -260,16 +261,16 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() { // Standard case using Kubernetes. func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() { - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) s.Assert().NoError(err) - req.Header.Set("X-Forwarded-Proto", "https") + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") req.Header.Set("X-Original-URL", AdminBaseURL) - req.Header.Set("Accept", "text/html; charset=utf8") + req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8") client := NewHTTPClient() res, err := client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 302) + s.Assert().Equal(fasthttp.StatusFound, res.StatusCode) body, err := io.ReadAll(res.Body) s.Assert().NoError(err) @@ -278,17 +279,17 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() { } func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI() { - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil) s.Assert().NoError(err) - req.Header.Set("X-Forwarded-Proto", "https") - req.Header.Set("X-Forwarded-Host", "secure.example.com:8080") + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") + req.Header.Set(fasthttp.HeaderXForwardedHost, "secure.example.com:8080") req.Header.Set("X-Forwarded-URI", "/") - req.Header.Set("Accept", "text/html; charset=utf8") + req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8") client := NewHTTPClient() res, err := client.Do(req) s.Assert().NoError(err) - s.Assert().Equal(res.StatusCode, 302) + s.Assert().Equal(fasthttp.StatusFound, res.StatusCode) body, err := io.ReadAll(res.Body) s.Assert().NoError(err) @@ -299,19 +300,19 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI( func (s *StandaloneSuite) TestShouldRecordMetrics() { client := NewHTTPClient() - req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/health", LoginBaseURL), nil) + req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/health", LoginBaseURL), nil) s.Require().NoError(err) res, err := client.Do(req) s.Require().NoError(err) - s.Assert().Equal(res.StatusCode, 200) + s.Assert().Equal(fasthttp.StatusOK, fasthttp.StatusOK, res.StatusCode) - req, err = http.NewRequest("GET", fmt.Sprintf("%s/metrics", LoginBaseURL), nil) + req, err = http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/metrics", LoginBaseURL), nil) s.Require().NoError(err) res, err = client.Do(req) s.Require().NoError(err) - s.Assert().Equal(res.StatusCode, 200) + s.Assert().Equal(fasthttp.StatusOK, res.StatusCode) body, err := io.ReadAll(res.Body) s.Require().NoError(err) diff --git a/internal/suites/utils.go b/internal/suites/utils.go index c7491e0c7..bb9d12ddb 100644 --- a/internal/suites/utils.go +++ b/internal/suites/utils.go @@ -17,6 +17,7 @@ import ( "github.com/go-rod/rod" "github.com/google/uuid" log "github.com/sirupsen/logrus" + "github.com/valyala/fasthttp" ) var browserPaths = []string{"/usr/bin/chromium-browser", "/usr/bin/chromium"} @@ -264,8 +265,8 @@ func getDomainEnvInfo(domain string) (info map[string]string, err error) { return info, err } - req.Header.Set("X-Forwarded-Proto", "https") - req.Header.Set("X-Forwarded-Host", domain) + req.Header.Set(fasthttp.HeaderXForwardedProto, "https") + req.Header.Set(fasthttp.HeaderXForwardedHost, domain) if resp, err = client.Do(req); err != nil { return info, err