Skip to content

Commit

Permalink
Merge pull request #216 from vania-pooh/master
Browse files Browse the repository at this point in the history 
Fixed panic in authentication logic (fixes #191)
  • Loading branch information
@aandryashin
aandryashin authored Jun 1, 2018
2 parents be41021 + b62304c commit 0f1ada3
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 3 deletions.
8 changes: 6 additions & 2 deletions proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -565,13 +565,17 @@ func WithSuitableAuthentication(authenticator *auth.BasicAuth, handler func(http
_, ok := quota[guestUserName]
confLock.RUnlock()
if !ok {
reply(w, errMsg("Guest access is unavailable."), http.StatusUnauthorized)
reply(w, errMsg("Guest access is unavailable"), http.StatusUnauthorized)
} else {
handler(w, r)
}
} else {
//Run the handler using basic authentication
requireBasicAuth(authenticator, handler)(w, r)
if fileExists(users) {
requireBasicAuth(authenticator, handler)(w, r)
} else {
handler(w, r)
}
}
}
}
Expand Down
27 changes: 26 additions & 1 deletion proxy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

. "github.com/aandryashin/matchers"
. "github.com/aandryashin/matchers/httpresp"
"github.com/abbot/go-http-auth"
. "github.com/aerokube/ggr/config"
"golang.org/x/net/websocket"
"log"
Expand Down Expand Up @@ -1382,7 +1383,7 @@ func TestStartSessionGuestFailNoQuota(t *testing.T) {

rsp, err := createSessionWithoutAuthentication(`{"desiredCapabilities":{"browserName":"{browser}", "version":"1.0"}}`)
AssertThat(t, err, Is{nil})
AssertThat(t, rsp, AllOf{Code{http.StatusUnauthorized}, Message{"Guest access is unavailable."}})
AssertThat(t, rsp, AllOf{Code{http.StatusUnauthorized}, Message{"Guest access is unavailable"}})

}

Expand Down Expand Up @@ -1543,3 +1544,27 @@ func recordingMux(region string, storage *[]string) http.Handler {
})
return mux
}

func TestPanicGuestQuotaMissingUsersFileAuthPresent(t *testing.T) {
guestAccessAllowed = true
users = "missing-file"
defer func() {
users = ".htpasswd"
}()
authenticator := auth.NewBasicAuthenticator(
"Some Realm",
auth.HtpasswdFileProvider(users),
)

mux := http.NewServeMux()
mux.HandleFunc("/", WithSuitableAuthentication(authenticator, func(_ http.ResponseWriter, _ *http.Request) {}))

srv := httptest.NewServer(mux)
defer srv.Close()

req, _ := http.NewRequest(http.MethodGet, srv.URL+"/", nil)
req.SetBasicAuth("test", "test")
resp, err := http.DefaultClient.Do(req)
AssertThat(t, err, Is{nil})
AssertThat(t, resp, Code{http.StatusOK})
}

0 comments on commit 0f1ada3

Please sign in to comment.