forked from hush/hush3
Browse Source
A WWW-Authenticate header must be present in the 401 response to make clients know that they can authenticate, and how.metaverse
Jack Grigg
7 years ago
3 changed files with 72 additions and 6 deletions
@ -0,0 +1,62 @@ |
|||||
|
#include <gtest/gtest.h> |
||||
|
#include <gmock/gmock.h> |
||||
|
|
||||
|
#include "httprpc.cpp" |
||||
|
#include "httpserver.h" |
||||
|
|
||||
|
using ::testing::Return; |
||||
|
|
||||
|
class MockHTTPRequest : public HTTPRequest { |
||||
|
public: |
||||
|
MOCK_METHOD0(GetPeer, CService()); |
||||
|
MOCK_METHOD0(GetRequestMethod, HTTPRequest::RequestMethod()); |
||||
|
MOCK_METHOD1(GetHeader, std::pair<bool, std::string>(const std::string& hdr)); |
||||
|
MOCK_METHOD2(WriteHeader, void(const std::string& hdr, const std::string& value)); |
||||
|
MOCK_METHOD2(WriteReply, void(int nStatus, const std::string& strReply)); |
||||
|
|
||||
|
MockHTTPRequest() : HTTPRequest(nullptr) {} |
||||
|
void CleanUp() { |
||||
|
// So the parent destructor doesn't try to send a reply
|
||||
|
replySent = true; |
||||
|
} |
||||
|
}; |
||||
|
|
||||
|
TEST(HTTPRPC, FailsOnGET) { |
||||
|
MockHTTPRequest req; |
||||
|
EXPECT_CALL(req, GetRequestMethod()) |
||||
|
.WillRepeatedly(Return(HTTPRequest::GET)); |
||||
|
EXPECT_CALL(req, WriteReply(HTTP_BAD_METHOD, "JSONRPC server handles only POST requests")) |
||||
|
.Times(1); |
||||
|
EXPECT_FALSE(HTTPReq_JSONRPC(&req, "")); |
||||
|
req.CleanUp(); |
||||
|
} |
||||
|
|
||||
|
TEST(HTTPRPC, FailsWithoutAuthHeader) { |
||||
|
MockHTTPRequest req; |
||||
|
EXPECT_CALL(req, GetRequestMethod()) |
||||
|
.WillRepeatedly(Return(HTTPRequest::POST)); |
||||
|
EXPECT_CALL(req, GetHeader("authorization")) |
||||
|
.WillRepeatedly(Return(std::make_pair(false, ""))); |
||||
|
EXPECT_CALL(req, WriteHeader("WWW-Authenticate", "Basic realm=\"jsonrpc\"")) |
||||
|
.Times(1); |
||||
|
EXPECT_CALL(req, WriteReply(HTTP_UNAUTHORIZED, "")) |
||||
|
.Times(1); |
||||
|
EXPECT_FALSE(HTTPReq_JSONRPC(&req, "")); |
||||
|
req.CleanUp(); |
||||
|
} |
||||
|
|
||||
|
TEST(HTTPRPC, FailsWithBadAuth) { |
||||
|
MockHTTPRequest req; |
||||
|
EXPECT_CALL(req, GetRequestMethod()) |
||||
|
.WillRepeatedly(Return(HTTPRequest::POST)); |
||||
|
EXPECT_CALL(req, GetHeader("authorization")) |
||||
|
.WillRepeatedly(Return(std::make_pair(true, "Basic spam:eggs"))); |
||||
|
EXPECT_CALL(req, GetPeer()) |
||||
|
.WillRepeatedly(Return(CService("127.0.0.1:1337"))); |
||||
|
EXPECT_CALL(req, WriteHeader("WWW-Authenticate", "Basic realm=\"jsonrpc\"")) |
||||
|
.Times(1); |
||||
|
EXPECT_CALL(req, WriteReply(HTTP_UNAUTHORIZED, "")) |
||||
|
.Times(1); |
||||
|
EXPECT_FALSE(HTTPReq_JSONRPC(&req, "")); |
||||
|
req.CleanUp(); |
||||
|
} |
Loading…
Reference in new issue