loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

commit 51ca74373877d30928a3e17d64d50cbedd17ee58
parent cd718ade49acce53135107c302de94f75895c91f
Author: Sebastian Mancke <s.mancke@tarent.de>
Date:   Wed, 14 Mar 2018 09:08:16 +0100

Merge pull request #72 from magikstm/Issue-71

Adjust behavior on empty username and token refresh
Diffstat:
Mlogin/handler.go | 5+++++
Mlogin/handler_test.go | 17+++++++++++++++--
2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/login/handler.go b/login/handler.go @@ -172,6 +172,11 @@ func (h *Handler) handleLogin(w http.ResponseWriter, r *http.Request) { h.handleRefresh(w, r, userInfo) return } + if username == "" { + h.respondAuthFailure(w, r) + return + } + h.respondBadRequest(w, r) return } diff --git a/login/handler_test.go b/login/handler_test.go @@ -281,7 +281,7 @@ func TestHandler_Refresh_Expired(t *testing.T) { // refreshSuccess recorder := call(req("POST", "/context/login", "", AcceptHTML, cookieStr)) - Equal(t, 400, recorder.Code) + Equal(t, 403, recorder.Code) // verify the token from the cookie setCookieList := readSetCookies(recorder.Header()) @@ -295,7 +295,7 @@ func TestHandler_Refresh_Invalid_Token(t *testing.T) { // refreshSuccess recorder := call(req("POST", "/context/login", "", AcceptHTML, cookieStr)) - Equal(t, 400, recorder.Code) + Equal(t, 403, recorder.Code) // verify the token from the cookie setCookieList := readSetCookies(recorder.Header()) @@ -388,6 +388,19 @@ func TestHandler_LoginError(t *testing.T) { Contains(t, recorder.Body.String(), "Internal Error") } +func TestHandler_LoginWithEmptyUsername(t *testing.T) { + h := testHandler() + + // backend returning an error with result type == jwt + request := req("POST", "/context/login", `{"username": "", "password": ""}`, TypeJSON, AcceptJwt) + recorder := httptest.NewRecorder() + h.ServeHTTP(recorder, request) + + Equal(t, 403, recorder.Code) + Equal(t, recorder.Header().Get("Content-Type"), "text/plain") + Equal(t, recorder.Body.String(), "Wrong credentials") +} + func TestHandler_getToken_Valid(t *testing.T) { h := testHandler() input := model.UserInfo{Sub: "marvin", Expiry: time.Now().Add(time.Second).Unix()}