Skip to content

Commit 1b2abe0

Browse files
tietie
committed
caddyauth: Allow user-configurable headers and status code
1 parent f5f25d8 commit 1b2abe0

File tree

12 files changed

+636
-17
lines changed

12 files changed

+636
-17
lines changed

caddytest/integration/authenticate_test.go

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
package integration
2+
3+
import (
4+
"encoding/base64"
5+
"net/http"
6+
"testing"
7+
8+
"github.com/caddyserver/caddy/v2/caddytest"
9+
)
10+
11+
func TestAuthentication(t *testing.T) {
12+
tester := caddytest.NewTester(t)
13+
tester.InitServer(`
14+
{
15+
"admin": {
16+
"listen": "localhost:2999"
17+
},
18+
"apps": {
19+
"pki": {
20+
"certificate_authorities": {
21+
"local": {
22+
"install_trust": false
23+
}
24+
}
25+
},
26+
"http": {
27+
"http_port": 9080,
28+
"https_port": 9443,
29+
"servers": {
30+
"srv0": {
31+
"listen": [
32+
":9080"
33+
],
34+
"routes": [
35+
{
36+
"match": [
37+
{
38+
"path": [
39+
"/basic"
40+
]
41+
}
42+
],
43+
"handle": [
44+
{
45+
"handler": "authentication",
46+
"providers": {
47+
"http_basic": {
48+
"hash_cache": {},
49+
"accounts": [
50+
{
51+
"username": "Aladdin",
52+
"password": "$2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa"
53+
}
54+
]
55+
}
56+
}
57+
}
58+
]
59+
},
60+
{
61+
"match": [
62+
{
63+
"path": [
64+
"/proxy"
65+
]
66+
}
67+
],
68+
"handle": [
69+
{
70+
"handler": "authentication",
71+
"status_code": 407,
72+
"providers": {
73+
"http_basic": {
74+
"hash_cache": {},
75+
"authorization_header": "Proxy-Authorization",
76+
"authenticate_header": "Proxy-Authenticate",
77+
"realm": "HTTP proxy",
78+
"accounts": [
79+
{
80+
"username": "Aladdin",
81+
"password": "$2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa"
82+
}
83+
]
84+
}
85+
}
86+
}
87+
]
88+
}
89+
]
90+
}
91+
}
92+
}
93+
}
94+
}
95+
`, "json")
96+
97+
assertHeader := func(tb testing.TB, resp *http.Response, header, want string) {
98+
if actual := resp.Header.Get(header); actual != want {
99+
tb.Errorf("expected %s header to be %s, but was %s", header, want, actual)
100+
}
101+
}
102+
103+
resp, _ := tester.AssertGetResponse("http://localhost:9080/basic", http.StatusUnauthorized, "")
104+
assertHeader(t, resp, "WWW-Authenticate", `Basic realm="restricted"`)
105+
106+
tester.AssertGetResponse("http://Aladdin:open%20sesame@localhost:9080/basic", http.StatusOK, "")
107+
108+
tester.AssertGetResponse("http://localhost:9080/proxy", http.StatusProxyAuthRequired, "")
109+
110+
resp, _ = tester.AssertGetResponse("http://Aladdin:open%20sesame@localhost:9080/proxy", http.StatusProxyAuthRequired, "")
111+
assertHeader(t, resp, "Proxy-Authenticate", `Basic realm="HTTP proxy"`)
112+
113+
req, err := http.NewRequest(http.MethodGet, "http://localhost:9080/proxy", nil)
114+
if err != nil {
115+
t.Fatalf("unable to create request %v", err)
116+
}
117+
req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("Aladdin:open sesame")))
118+
tester.AssertResponseCode(req, http.StatusOK)
119+
}

caddytest/integration/caddyfile_adapt/basic_auth_algorithm.caddyfiletest

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
https://example.com
2+
basic_auth bcrypt {
3+
Aladdin $2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa
4+
}
5+
6+
----------
7+
{
8+
"apps": {
9+
"http": {
10+
"servers": {
11+
"srv0": {
12+
"listen": [
13+
":443"
14+
],
15+
"routes": [
16+
{
17+
"match": [
18+
{
19+
"host": [
20+
"example.com"
21+
]
22+
}
23+
],
24+
"handle": [
25+
{
26+
"handler": "subroute",
27+
"routes": [
28+
{
29+
"handle": [
30+
{
31+
"handler": "authentication",
32+
"providers": {
33+
"http_basic": {
34+
"accounts": [
35+
{
36+
"password": "$2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa",
37+
"username": "Aladdin"
38+
}
39+
],
40+
"hash": {
41+
"algorithm": "bcrypt"
42+
},
43+
"hash_cache": {}
44+
}
45+
}
46+
}
47+
]
48+
}
49+
]
50+
}
51+
],
52+
"terminal": true
53+
}
54+
]
55+
}
56+
}
57+
}
58+
}
59+
}

caddytest/integration/caddyfile_adapt/basic_auth_empty.caddyfiletest

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
https://example.com
2+
basic_auth
3+
4+
----------
5+
{
6+
"apps": {
7+
"http": {
8+
"servers": {
9+
"srv0": {
10+
"listen": [
11+
":443"
12+
],
13+
"routes": [
14+
{
15+
"match": [
16+
{
17+
"host": [
18+
"example.com"
19+
]
20+
}
21+
],
22+
"handle": [
23+
{
24+
"handler": "subroute",
25+
"routes": [
26+
{
27+
"handle": [
28+
{
29+
"handler": "authentication",
30+
"providers": {
31+
"http_basic": {
32+
"hash": {
33+
"algorithm": "bcrypt"
34+
},
35+
"hash_cache": {}
36+
}
37+
}
38+
}
39+
]
40+
}
41+
]
42+
}
43+
],
44+
"terminal": true
45+
}
46+
]
47+
}
48+
}
49+
}
50+
}
51+
}

caddytest/integration/caddyfile_adapt/basic_auth_proxy.caddyfiletest

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
https://example.com {
2+
basic_auth proxy bcrypt {
3+
Aladdin $2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa
4+
}
5+
# Alternatively, use https://github.com/caddyserver/forwardproxy instead
6+
# of external forward proxy.
7+
reverse_proxy https://localhost:54321
8+
}
9+
10+
----------
11+
{
12+
"apps": {
13+
"http": {
14+
"servers": {
15+
"srv0": {
16+
"listen": [
17+
":443"
18+
],
19+
"routes": [
20+
{
21+
"match": [
22+
{
23+
"host": [
24+
"example.com"
25+
]
26+
}
27+
],
28+
"handle": [
29+
{
30+
"handler": "subroute",
31+
"routes": [
32+
{
33+
"handle": [
34+
{
35+
"handler": "authentication",
36+
"providers": {
37+
"http_basic": {
38+
"accounts": [
39+
{
40+
"password": "$2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa",
41+
"username": "Aladdin"
42+
}
43+
],
44+
"authenticate_header": "Proxy-Authenticate",
45+
"authorization_header": "Proxy-Authorization",
46+
"hash": {
47+
"algorithm": "bcrypt"
48+
},
49+
"hash_cache": {}
50+
}
51+
},
52+
"status_code": 407
53+
},
54+
{
55+
"handler": "reverse_proxy",
56+
"transport": {
57+
"protocol": "http",
58+
"tls": {}
59+
},
60+
"upstreams": [
61+
{
62+
"dial": "localhost:54321"
63+
}
64+
]
65+
}
66+
]
67+
}
68+
]
69+
}
70+
],
71+
"terminal": true
72+
}
73+
]
74+
}
75+
}
76+
}
77+
}
78+
}

caddytest/integration/caddyfile_adapt/basic_auth_realm.caddyfiletest

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
https://example.com
2+
basic_auth bcrypt "my realm" {
3+
Aladdin $2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa
4+
}
5+
6+
----------
7+
{
8+
"apps": {
9+
"http": {
10+
"servers": {
11+
"srv0": {
12+
"listen": [
13+
":443"
14+
],
15+
"routes": [
16+
{
17+
"match": [
18+
{
19+
"host": [
20+
"example.com"
21+
]
22+
}
23+
],
24+
"handle": [
25+
{
26+
"handler": "subroute",
27+
"routes": [
28+
{
29+
"handle": [
30+
{
31+
"handler": "authentication",
32+
"providers": {
33+
"http_basic": {
34+
"accounts": [
35+
{
36+
"password": "$2a$14$U5nG2p.Ac09gzn9oo5aRe.YnsXn30UdXA6pRUn45KFqADG636dRHa",
37+
"username": "Aladdin"
38+
}
39+
],
40+
"hash": {
41+
"algorithm": "bcrypt"
42+
},
43+
"hash_cache": {},
44+
"realm": "my realm"
45+
}
46+
}
47+
}
48+
]
49+
}
50+
]
51+
}
52+
],
53+
"terminal": true
54+
}
55+
]
56+
}
57+
}
58+
}
59+
}
60+
}

0 commit comments

Comments
 (0)