[GitHub] rabbah commented on a change in pull request #3388: Update require-whisk-auth behavior to secure web action

Tue, 06 Mar 2018 04:29:02 -0800 

rabbah commented on a change in pull request #3388: Update require-whisk-auth 
behavior to secure web action
URL: 
https://github.com/apache/incubator-openwhisk/pull/3388#discussion_r172500051
 
 

 ##########
 File path: 
tests/src/test/scala/whisk/core/controller/test/WebActionsApiTests.scala
 ##########
 @@ -379,21 +386,51 @@ trait WebActionsApiBaseTests extends 
ControllerTestCommon with BeforeAndAfterEac
 
       Seq(s"$systemId/proxy/export_auth").foreach { path =>
         allowedMethods.foreach { m =>
-          if (creds.isDefined)
-            invocationsAllowed += 1
           requireAuthentication = true
+          Seq(true, false).foreach { useReqWhiskAuthBool =>
+            requireAuthenticationAsBoolean = useReqWhiskAuthBool
+          }
 
-          m(s"$testRoutePath/${path}.json") ~> Route.seal(routes(creds)) ~> 
check {
-            creds match {
-              case None => status should be(Unauthorized)
-              case Some(user) =>
+          if (requireAuthenticationAsBoolean) {
+            if (creds.isDefined) {
+              val user = creds.get
+              invocationsAllowed += 1
+              m(s"$testRoutePath/${path}.json") ~> Route
+                .seal(routes(creds)) ~> check {
                 status should be(OK)
                 val response = responseAs[JsObject]
                 response shouldBe JsObject(
                   "pkg" -> s"$systemId/proxy".toJson,
                   "action" -> "export_auth".toJson,
                   "content" -> metaPayload(m.method.name.toLowerCase, 
JsObject(), creds, pkgName = "proxy"))
                 
response.fields("content").asJsObject.fields(webApiDirectives.namespace) 
shouldBe user.namespace.toJson
+              }
+            } else {
+              m(s"$testRoutePath/${path}.json") ~> Route.seal(routes(creds)) 
~> check {
+                status should be(Unauthorized)
+              }
+            }
+          } else if (creds.isDefined) {
+            val user = creds.get
+            invocationsAllowed += 1
+            m(s"$testRoutePath/${path}.json") ~> 
addHeader("X-Require-Whisk-Auth", requireAuthenticationKey) ~> Route
+              .seal(routes(creds)) ~> check {
+              status should be(OK)
+              val response = responseAs[JsObject]
+              response shouldBe JsObject(
+                "pkg" -> s"$systemId/proxy".toJson,
+                "action" -> "export_auth".toJson,
+                "content" -> metaPayload(
+                  m.method.name.toLowerCase,
+                  JsObject(),
+                  creds,
+                  pkgName = "proxy",
+                  headers = List(RawHeader("X-Require-Whisk-Auth", 
requireAuthenticationKey))))
+              
response.fields("content").asJsObject.fields(webApiDirectives.namespace) 
shouldBe user.namespace.toJson
+            }
+          } else {
+            m(s"$testRoutePath/${path}.json") ~> Route.seal(routes(creds)) ~> 
check {
 
 Review comment:
   can you add the expected header but with the wrong value as well.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to