Home Explore Help
Register Sign In
Apq
/
syncthing
mirror of https://github.com/syncthing/syncthing.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

refactor(api): deduplicate HTTP test helpers and allow session cookie access (#9977)

These refactorizations were made in [PR #9175][1] to accommodate a few
new variants of authentication method and body content. On request from
reviewers, this PR extracts it as a smaller refactorization to review in
isolation.

### Purpose

This extracts a shared `httpRequest` base function from `httpGet` and
`httpPost`, which will be used in PR #9175 for new helper functions
`httpGetCsrf` (hiding all optional parameters except the CSRF token),
`httpPostCsrf` (same) and `httpPostCsrfAuth` (hiding basic auth
parameters). A `getSessionCookie` function is also extracted from
`hasSessionCookie` and will be used to test that concurrent WebAuthn
authentications result in separate sessions (indicated by different
session cookies).
Emil Lundberg 7 months ago
parent
fb977dc61d
commit
8461ca539b
1 changed files with 39 additions and 25 deletions
Split View Show Diff Stats
  1. 39 25
      lib/api/api_test.go

+ 39 - 25
lib/api/api_test.go
View File 

@@ -492,13 +492,18 @@ func testHTTPRequest(t *testing.T, baseURL string, tc httpTestCase, apikey strin
 
 	}
 
 }
 
 
-func hasSessionCookie(cookies []*http.Cookie) bool {
 
+func getSessionCookie(cookies []*http.Cookie) (*http.Cookie, bool) {
 
 	for _, cookie := range cookies {
 
 		if cookie.MaxAge >= 0 && strings.HasPrefix(cookie.Name, "sessionid") {
 
-			return true
 
+			return cookie, true
 
 		}
 
 	}
 
-	return false
 
+	return nil, false
 
+}
 
+
 
+func hasSessionCookie(cookies []*http.Cookie) bool {
 
+	_, ok := getSessionCookie(cookies)
 
+	return ok
 
 }
 
 
 func hasDeleteSessionCookie(cookies []*http.Cookie) bool {
 
@@ -510,11 +515,19 @@ func hasDeleteSessionCookie(cookies []*http.Cookie) bool {
 
 	return false
 
 }
 
 
-func httpGet(url string, basicAuthUsername string, basicAuthPassword string, xapikeyHeader string, authorizationBearer string, cookies []*http.Cookie, t *testing.T) *http.Response {
 
-	req, err := http.NewRequest("GET", url, nil)
 
-	for _, cookie := range cookies {
 
-		req.AddCookie(cookie)
 
+func httpRequest(method string, url string, body any, basicAuthUsername, basicAuthPassword, xapikeyHeader, authorizationBearer, csrfTokenName, csrfTokenValue string, cookies []*http.Cookie, t *testing.T) *http.Response {
 
+	t.Helper()
 
+
 
+	var bodyReader io.Reader = nil
 
+	if body != nil {
 
+		bodyBytes, err := json.Marshal(body)
 
+		if err != nil {
 
+			t.Fatal(err)
 
+		}
 
+		bodyReader = bytes.NewReader(bodyBytes)
 
 	}
 
+
 
+	req, err := http.NewRequest(method, url, bodyReader)
 
 	if err != nil {
 
 		t.Fatal(err)
 
 	}
 
@@ -531,30 +544,16 @@ func httpGet(url string, basicAuthUsername string, basicAuthPassword string, xap
 
 		req.Header.Set("Authorization", "Bearer "+authorizationBearer)
 
 	}
 
 
-	resp, err := http.DefaultClient.Do(req)
 
-	if err != nil {
 
-		t.Fatal(err)
 
-	}
 
-
 
-	return resp
 
-}
 
-
 
-func httpPost(url string, body map[string]string, cookies []*http.Cookie, t *testing.T) *http.Response {
 
-	bodyBytes, err := json.Marshal(body)
 
-	if err != nil {
 
-		t.Fatal(err)
 
-	}
 
-
 
-	req, err := http.NewRequest("POST", url, bytes.NewReader(bodyBytes))
 
-	if err != nil {
 
-		t.Fatal(err)
 
+	if csrfTokenName != "" && csrfTokenValue != "" {
 
+		req.Header.Set("X-"+csrfTokenName, csrfTokenValue)
 
 	}
 
 
 	for _, cookie := range cookies {
 
 		req.AddCookie(cookie)
 
 	}
 
 
-	resp, err := http.DefaultClient.Do(req)
 
+	client := http.Client{Timeout: 15 * time.Second}
 
+	resp, err := client.Do(req)
 
 	if err != nil {
 
 		t.Fatal(err)
 
 	}
 
@@ -562,18 +561,31 @@ func httpPost(url string, body map[string]string, cookies []*http.Cookie, t *tes
 
 	return resp
 
 }
 
 
+func httpGet(url string, basicAuthUsername, basicAuthPassword, xapikeyHeader, authorizationBearer string, cookies []*http.Cookie, t *testing.T) *http.Response {
 
+	t.Helper()
 
+	return httpRequest(http.MethodGet, url, nil, basicAuthUsername, basicAuthPassword, xapikeyHeader, authorizationBearer, "", "", cookies, t)
 
+}
 
+
 
+func httpPost(url string, body map[string]string, cookies []*http.Cookie, t *testing.T) *http.Response {
 
+	t.Helper()
 
+	return httpRequest(http.MethodPost, url, body, "", "", "", "", "", "", cookies, t)
 
+}
 
+
 
 func TestHTTPLogin(t *testing.T) {
 
 	t.Parallel()
 
 
 	httpGetBasicAuth := func(url string, username string, password string) *http.Response {
 
+		t.Helper()
 
 		return httpGet(url, username, password, "", "", nil, t)
 
 	}
 
 
 	httpGetXapikey := func(url string, xapikeyHeader string) *http.Response {
 
+		t.Helper()
 
 		return httpGet(url, "", "", xapikeyHeader, "", nil, t)
 
 	}
 
 
 	httpGetAuthorizationBearer := func(url string, bearer string) *http.Response {
 
+		t.Helper()
 
 		return httpGet(url, "", "", "", bearer, nil, t)
 
 	}
 
 
@@ -761,10 +773,12 @@ func TestHtmlFormLogin(t *testing.T) {
 
 	resourceUrl404 := baseURL + "/any-path/that/does/nooooooot/match-any/noauth-pattern"
 
 
 	performLogin := func(username string, password string) *http.Response {
 
+		t.Helper()
 
 		return httpPost(loginUrl, map[string]string{"username": username, "password": password}, nil, t)
 
 	}
 
 
 	performResourceRequest := func(url string, cookies []*http.Cookie) *http.Response {
 
+		t.Helper()
 
 		return httpGet(url, "", "", "", "", cookies, t)
 
 	}