Merge branch 'PatrikSteuer-master'

pivotal-cf · Jul 20, 2020 · b956a39 · b956a39
2 parents 447a19e + 4bbbb20
commit b956a39
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 8 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -22,14 +22,26 @@ import (
 )
 
 type Wrapper struct {
+ credentials []Credential
+}
+
+type Credential struct {
  username []byte
  password []byte
 }
 
+func NewWrapperMultiple(users map[string]string) *Wrapper {
+ var cs []Credential
+ for k, v := range users {
+ u := sha256.Sum256([]byte(k))
+ p := sha256.Sum256([]byte(v))
+ cs = append(cs, Credential{username: u[:], password: p[:]})
+ }
+ return &Wrapper{credentials: cs}
+}
+
 func NewWrapper(username, password string) *Wrapper {
- u := sha256.Sum256([]byte(username))
- p := sha256.Sum256([]byte(password))
- return &Wrapper{username: u[:], password: p[:]}
+ return NewWrapperMultiple(map[string]string{username: password})
 }
 
 const notAuthorized = "Not Authorized"
@@ -58,9 +70,19 @@ func (wrapper *Wrapper) WrapFunc(handlerFunc http.HandlerFunc) http.HandlerFunc
 
 func authorized(wrapper *Wrapper, r *http.Request) bool {
  username, password, isOk := r.BasicAuth()
- u := sha256.Sum256([]byte(username))
- p := sha256.Sum256([]byte(password))
- return isOk &&
- subtle.ConstantTimeCompare(wrapper.username, u[:]) == 1 &&
- subtle.ConstantTimeCompare(wrapper.password, p[:]) == 1
+ if isOk {
+ u := sha256.Sum256([]byte(username))
+ p := sha256.Sum256([]byte(password))
+ for _, c := range wrapper.credentials {
+ if c.isAuthorized(u, p) {
+ return true
+ }
+ }
+ }
+ return false
+}
+
+func (c Credential) isAuthorized(uChecksum [32]byte, pChecksum [32]byte) bool {
+ return subtle.ConstantTimeCompare(c.username, uChecksum[:]) == 1 &&
+ subtle.ConstantTimeCompare(c.password, pChecksum[:]) == 1
 }
diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -80,6 +80,57 @@ var _ = Describe("Auth Wrapper", func() {
  })
  })
 
+ Describe("wrapped multiple handler", func() {
+ var (
+ username2 string
+ password2 string
+ credentials map[string]string
+ wrappedHandler http.Handler
+ )
+ BeforeEach(func() {
+ username2 = "username2"
+ password2 = "password2"
+ credentials = make(map[string]string)
+ credentials[username] = password
+ credentials[username2] = password2
+ })
+
+ BeforeEach(func() {
+ handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ w.WriteHeader(http.StatusCreated)
+ })
+ wrappedHandler = auth.NewWrapperMultiple(credentials).Wrap(handler)
+ })
+
+ It("works when the credentials are correct", func() {
+ request := newRequest(username, password)
+ wrappedHandler.ServeHTTP(httpRecorder, request)
+ Expect(httpRecorder.Code).To(Equal(http.StatusCreated))
+
+ request = newRequest(username2, password2)
+ wrappedHandler.ServeHTTP(httpRecorder, request)
+ Expect(httpRecorder.Code).To(Equal(http.StatusCreated))
+ })
+
+ It("fails when the username is empty", func() {
+ request := newRequest("", password)
+ wrappedHandler.ServeHTTP(httpRecorder, request)
+ Expect(httpRecorder.Code).To(Equal(http.StatusUnauthorized))
+ })
+
+ It("fails when the password is empty", func() {
+ request := newRequest(username, "")
+ wrappedHandler.ServeHTTP(httpRecorder, request)
+ Expect(httpRecorder.Code).To(Equal(http.StatusUnauthorized))
+ })
+
+ It("fails when the credentials are wrong", func() {
+ request := newRequest("thats", "apar")
+ wrappedHandler.ServeHTTP(httpRecorder, request)
+ Expect(httpRecorder.Code).To(Equal(http.StatusUnauthorized))
+ })
+ })
+
  Describe("wrapped handlerFunc", func() {
  var wrappedHandlerFunc http.HandlerFunc