mirror of
https://github.com/ferdzo/fs.git
synced 2026-06-04 05:26:46 +00:00
Andrej Mickov
2425cd524e
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
76 lines
2.1 KiB
Go
76 lines
2.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"errors"
|
|
"io"
|
|
"net/http"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestPayloadHashVerifierAllowsMatchingBody(t *testing.T) {
|
|
body := "payload"
|
|
req := newPayloadHashRequest(t, body, body)
|
|
|
|
if err := wrapPayloadHashVerifier(req); err != nil {
|
|
t.Fatalf("wrapPayloadHashVerifier returned error: %v", err)
|
|
}
|
|
got, err := io.ReadAll(req.Body)
|
|
if err != nil {
|
|
t.Fatalf("ReadAll returned error: %v", err)
|
|
}
|
|
if string(got) != body {
|
|
t.Fatalf("unexpected body: got %q want %q", string(got), body)
|
|
}
|
|
}
|
|
|
|
func TestPayloadHashVerifierRejectsMismatchedBody(t *testing.T) {
|
|
req := newPayloadHashRequest(t, "signed-payload", "actual-payload")
|
|
|
|
if err := wrapPayloadHashVerifier(req); err != nil {
|
|
t.Fatalf("wrapPayloadHashVerifier returned error: %v", err)
|
|
}
|
|
_, err := io.ReadAll(req.Body)
|
|
if !errors.Is(err, ErrSignatureDoesNotMatch) {
|
|
t.Fatalf("ReadAll error = %v, want ErrSignatureDoesNotMatch", err)
|
|
}
|
|
}
|
|
|
|
func TestPayloadSigningRejectsSignedStreamingMode(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodPut, "http://example.com/b/k", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
req.Header.Set("x-amz-content-sha256", "STREAMING-AWS4-HMAC-SHA256-PAYLOAD")
|
|
|
|
err = validatePayloadSigningMode(req, &sigV4Input{})
|
|
if !errors.Is(err, ErrAuthorizationHeaderMalformed) {
|
|
t.Fatalf("validatePayloadSigningMode error = %v, want ErrAuthorizationHeaderMalformed", err)
|
|
}
|
|
}
|
|
|
|
func TestPayloadSigningAllowsUnsignedStreamingMode(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodPut, "http://example.com/b/k", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
req.Header.Set("x-amz-content-sha256", "STREAMING-UNSIGNED-PAYLOAD-TRAILER")
|
|
|
|
if err := validatePayloadSigningMode(req, &sigV4Input{}); err != nil {
|
|
t.Fatalf("validatePayloadSigningMode returned error: %v", err)
|
|
}
|
|
}
|
|
|
|
func newPayloadHashRequest(t *testing.T, signedBody, actualBody string) *http.Request {
|
|
t.Helper()
|
|
req, err := http.NewRequest(http.MethodPut, "http://example.com/b/k", strings.NewReader(actualBody))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
sum := sha256.Sum256([]byte(signedBody))
|
|
req.Header.Set("x-amz-content-sha256", hex.EncodeToString(sum[:]))
|
|
return req
|
|
}
|