From 63e971059a75878ac315552108499cffa344eb35 Mon Sep 17 00:00:00 2001
From: Antoine Gersant <antoine.gersant@lesforges.org>
Date: Tue, 8 Nov 2022 02:01:20 -0800
Subject: [PATCH] Removed deprecated authentication methods
---
Cargo.lock | 16 ---
Cargo.toml | 1 -
docs/swagger/polaris-api.json | 140 +++++-----------------
src/service/actix/api.rs | 216 ++--------------------------------
src/service/actix/mod.rs | 5 +-
src/service/dto.rs | 3 -
src/service/error.rs | 2 +
src/service/test/auth.rs | 109 +----------------
8 files changed, 42 insertions(+), 450 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index f72a685..f119421 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -578,13 +578,7 @@ version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05"
dependencies = [
- "base64",
- "hkdf",
- "hmac",
"percent-encoding",
- "rand",
- "sha2",
- "subtle",
"time 0.3.14",
"version_check",
]
@@ -981,15 +975,6 @@ version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
-[[package]]
-name = "hkdf"
-version = "0.12.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437"
-dependencies = [
- "hmac",
-]
-
[[package]]
name = "hmac"
version = "0.12.1"
@@ -1524,7 +1509,6 @@ dependencies = [
"ape",
"base64",
"branca",
- "cookie 0.16.0",
"crossbeam-channel",
"daemonize",
"diesel",
diff --git a/Cargo.toml b/Cargo.toml
index 5708399..9d0653c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,6 @@ anyhow = "1.0.56"
ape = "0.4.0"
base64 = "0.13"
branca = "0.10.1"
-cookie = { version = "0.16", features = ["signed", "key-expansion"] }
crossbeam-channel = "0.5"
diesel_migrations = { version = "2.0", features = ["sqlite"] }
futures-util = { version = "0.3" }
diff --git a/docs/swagger/polaris-api.json b/docs/swagger/polaris-api.json
index a920ac5..ea7d2a0 100644
--- a/docs/swagger/polaris-api.json
+++ b/docs/swagger/polaris-api.json
@@ -93,10 +93,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -125,10 +123,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -155,10 +151,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
},
@@ -186,10 +180,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -215,10 +207,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
},
@@ -245,10 +235,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -277,10 +265,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -309,10 +295,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -351,10 +335,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
},
@@ -381,10 +363,8 @@
},
"security": [
{
- "admin_http_basic": [],
"admin_http_bearer": [],
- "admin_query_parameter": [],
- "admin_cookie": []
+ "admin_query_parameter": []
}
]
}
@@ -410,10 +390,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
},
@@ -440,10 +418,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -453,7 +429,7 @@
"tags": [
"Users"
],
- "summary": "Signs in a user. Response has Set-Cookie headers for the session, username and admin permission of the user.",
+ "summary": "Signs in a user.",
"operationId": "postAuth",
"requestBody": {
"required": true,
@@ -506,10 +482,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -548,10 +522,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -580,10 +552,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -622,10 +592,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -654,10 +622,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -686,10 +652,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -728,10 +692,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -767,10 +729,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -825,10 +785,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -857,10 +815,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -899,10 +855,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
},
@@ -939,10 +893,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
},
@@ -969,10 +921,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -1001,10 +951,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -1033,10 +981,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -1062,10 +1008,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -1134,10 +1078,8 @@
},
"security": [
{
- "auth_http_basic": [],
"auth_http_bearer": [],
- "auth_query_parameter": [],
- "auth_cookie": []
+ "auth_query_parameter": []
}
]
}
@@ -1490,28 +1432,6 @@
"in": "query",
"name": "auth_token",
"description": "Identical to the auth_query_parameter scheme but only for users recognized as admin by the Polaris server"
- },
- "auth_http_basic": {
- "type": "http",
- "scheme": "basic",
- "description": "[deprecated]"
- },
- "admin_http_basic": {
- "type": "http",
- "scheme": "basic",
- "description": "[deprecated] Identical to the auth_http_basic scheme but only for users recognized as admin by the Polaris server"
- },
- "auth_cookie": {
- "type": "apikey",
- "in": "cookie",
- "name": "session",
- "description": "[deprecated] A token obtained via the SET-COOKIE header in a response to a request via the auth_http_basic scheme, or a request to the `auth` endpoint."
- },
- "admin_cookie": {
- "type": "apikey",
- "in": "cookie",
- "name": "session",
- "description": "[deprecated] Identical to the auth_cookie scheme but only for users recognized as admin by the Polaris server"
}
},
"links": {},
diff --git a/src/service/actix/api.rs b/src/service/actix/api.rs
index 58dcf42..4279842 100644
--- a/src/service/actix/api.rs
+++ b/src/service/actix/api.rs
@@ -1,9 +1,9 @@
use actix_files::NamedFile;
-use actix_web::body::{BoxBody, MessageBody};
+use actix_web::body::BoxBody;
use actix_web::http::header::ContentEncoding;
use actix_web::{
delete,
- dev::{Payload, Service, ServiceRequest, ServiceResponse},
+ dev::Payload,
error::{ErrorForbidden, ErrorInternalServerError, ErrorUnauthorized},
get,
http::StatusCode,
@@ -11,12 +11,10 @@ use actix_web::{
web::{self, Data, Json, JsonConfig, ServiceConfig},
FromRequest, HttpRequest, HttpResponse, Responder, ResponseError,
};
-use actix_web_httpauth::extractors::{basic::BasicAuth, bearer::BearerAuth};
-use cookie::{self, *};
-use futures_util::future::{err, ok};
+use actix_web_httpauth::extractors::bearer::BearerAuth;
+use futures_util::future::err;
use percent_encoding::percent_decode_str;
use std::future::Future;
-use std::ops::Deref;
use std::path::Path;
use std::pin::Pin;
use std::str;
@@ -75,6 +73,7 @@ pub fn make_config() -> impl FnOnce(&mut ServiceConfig) + Clone {
impl ResponseError for APIError {
fn status_code(&self) -> StatusCode {
match self {
+ APIError::AuthenticationRequired => StatusCode::UNAUTHORIZED,
APIError::IncorrectCredentials => StatusCode::UNAUTHORIZED,
APIError::EmptyUsername => StatusCode::BAD_REQUEST,
APIError::EmptyPassword => StatusCode::BAD_REQUEST,
@@ -93,76 +92,9 @@ impl ResponseError for APIError {
}
}
-#[derive(Clone)]
-struct Cookies {
- jar: CookieJar,
- key: Key,
-}
-
-impl Cookies {
- fn new(key: Key) -> Self {
- let jar = CookieJar::new();
- Self { jar, key }
- }
-
- fn add_original(&mut self, cookie: Cookie<'static>) {
- self.jar.add_original(cookie);
- }
-
- fn add(&mut self, cookie: Cookie<'static>) {
- self.jar.add(cookie);
- }
-
- fn add_signed(&mut self, cookie: Cookie<'static>) {
- self.jar.signed_mut(&self.key).add(cookie);
- }
-
- #[allow(dead_code)]
- fn get(&self, name: &str) -> Option<&Cookie> {
- self.jar.get(name)
- }
-
- fn get_signed(&mut self, name: &str) -> Option<Cookie> {
- self.jar.signed(&self.key).get(name)
- }
-}
-
-impl FromRequest for Cookies {
- type Error = actix_web::Error;
- type Future = Pin<Box<dyn Future<Output = Result<Self, Self::Error>>>>;
-
- fn from_request(request: &HttpRequest, _payload: &mut Payload) -> Self::Future {
- let request_cookies = match request.cookies() {
- Ok(c) => c,
- Err(_) => return Box::pin(err(ErrorInternalServerError(APIError::Unspecified))),
- };
-
- let key = match request.app_data::<Data<Key>>() {
- Some(k) => k.as_ref(),
- None => return Box::pin(err(ErrorInternalServerError(APIError::Unspecified))),
- };
-
- let mut cookies = Cookies::new(key.clone());
- for cookie in request_cookies.deref() {
- cookies.add_original(cookie.clone());
- }
-
- Box::pin(ok(cookies))
- }
-}
-
-#[derive(Debug)]
-enum AuthSource {
- AuthorizationBasic,
- AuthorizationBearer,
- Cookie,
- QueryParameter,
-}
-
#[derive(Debug)]
struct Auth {
username: String,
- source: AuthSource,
}
impl FromRequest for Auth {
@@ -175,29 +107,11 @@ impl FromRequest for Auth {
None => return Box::pin(err(ErrorInternalServerError(APIError::Unspecified))),
};
- let cookies_future = Cookies::from_request(request, payload);
- let basic_auth_future = BasicAuth::from_request(request, payload);
let bearer_auth_future = BearerAuth::from_request(request, payload);
let query_params_future =
web::Query::<dto::AuthQueryParameters>::from_request(request, payload);
Box::pin(async move {
- // Auth via session cookie
- {
- let mut cookies = cookies_future.await?;
- if let Some(session_cookie) = cookies.get_signed(dto::COOKIE_SESSION) {
- let username = session_cookie.value().to_string();
- let exists = block(move || user_manager.exists(&username)).await?;
- if !exists {
- return Err(ErrorUnauthorized(APIError::Unspecified));
- }
- return Ok(Auth {
- username: session_cookie.value().to_string(),
- source: AuthSource::Cookie,
- });
- }
- }
-
// Auth via bearer token in query parameter
if let Ok(query) = query_params_future.await {
let auth_token = user::AuthToken(query.auth_token.clone());
@@ -207,7 +121,6 @@ impl FromRequest for Auth {
.await?;
return Ok(Auth {
username: authorization.username,
- source: AuthSource::QueryParameter,
});
}
@@ -220,29 +133,10 @@ impl FromRequest for Auth {
.await?;
return Ok(Auth {
username: authorization.username,
- source: AuthSource::AuthorizationBearer,
});
}
- // Auth via basic authorization header
- {
- let basic_auth = basic_auth_future.await?;
- let username = basic_auth.user_id().to_string();
- let password = basic_auth
- .password()
- .map(|s| s.as_ref())
- .unwrap_or("")
- .to_string();
- let auth_result = block(move || user_manager.login(&username, &password)).await;
- if auth_result.is_ok() {
- Ok(Auth {
- username: basic_auth.user_id().to_string(),
- source: AuthSource::AuthorizationBasic,
- })
- } else {
- Err(ErrorUnauthorized(APIError::Unspecified))
- }
- }
+ Err(ErrorUnauthorized(APIError::AuthenticationRequired))
})
}
}
@@ -285,93 +179,6 @@ impl FromRequest for AdminRights {
}
}
-pub fn http_auth_middleware<
- B: MessageBody + 'static,
- S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = actix_web::Error> + 'static,
->(
- request: ServiceRequest,
- service: &S,
-) -> Pin<Box<dyn Future<Output = Result<ServiceResponse<B>, actix_web::Error>>>> {
- let user_manager = match request.app_data::<Data<user::Manager>>() {
- Some(m) => m.clone(),
- None => return Box::pin(err(ErrorInternalServerError(APIError::Unspecified))),
- };
-
- let (request, mut payload) = request.into_parts();
- let auth_future = Auth::from_request(&request, &mut payload);
- let cookies_future = Cookies::from_request(&request, &mut payload);
- let request = ServiceRequest::from_parts(request, payload);
-
- let response_future = service.call(request);
- Box::pin(async move {
- let mut response = response_future.await?;
- if let Ok(auth) = auth_future.await {
- let set_cookies = match auth.source {
- AuthSource::AuthorizationBasic => true,
- AuthSource::AuthorizationBearer => false,
- AuthSource::Cookie => false,
- AuthSource::QueryParameter => false,
- };
- if set_cookies {
- let cookies = cookies_future.await?;
- let username = auth.username.clone();
- let is_admin = block(move || {
- user_manager
- .is_admin(&auth.username)
- .map_err(|_| APIError::Unspecified)
- })
- .await?;
- add_auth_cookies(response.response_mut(), &cookies, &username, is_admin)?;
- }
- }
- Ok(response)
- })
-}
-
-fn add_auth_cookies<T>(
- response: &mut HttpResponse<T>,
- cookies: &Cookies,
- username: &str,
- is_admin: bool,
-) -> Result<(), http::Error> {
- let mut cookies = cookies.clone();
-
- cookies.add_signed(
- Cookie::build(dto::COOKIE_SESSION, username.to_owned())
- .same_site(cookie::SameSite::Lax)
- .http_only(true)
- .permanent()
- .finish(),
- );
-
- cookies.add(
- Cookie::build(dto::COOKIE_USERNAME, username.to_owned())
- .same_site(cookie::SameSite::Lax)
- .http_only(false)
- .permanent()
- .path("/")
- .finish(),
- );
-
- cookies.add(
- Cookie::build(dto::COOKIE_ADMIN, format!("{}", is_admin))
- .same_site(cookie::SameSite::Lax)
- .http_only(false)
- .permanent()
- .path("/")
- .finish(),
- );
-
- let headers = response.headers_mut();
- for cookie in cookies.jar.delta() {
- http::HeaderValue::from_str(&cookie.to_string()).map(|c| {
- headers.append(http::header::SET_COOKIE, c);
- })?;
- }
-
- Ok(())
-}
-
struct MediaFile {
named_file: NamedFile,
}
@@ -476,11 +283,7 @@ async fn put_mount_dirs(
vfs_manager: Data<vfs::Manager>,
new_mount_dirs: Json<Vec<dto::MountDir>>,
) -> Result<HttpResponse, APIError> {
- let new_mount_dirs: Vec<MountDir> = new_mount_dirs
- .iter()
- .cloned()
- .map(|m| m.into())
- .collect();
+ let new_mount_dirs: Vec<MountDir> = new_mount_dirs.iter().cloned().map(|m| m.into()).collect();
block(move || vfs_manager.set_mount_dirs(&new_mount_dirs)).await?;
Ok(HttpResponse::new(StatusCode::OK))
}
@@ -598,7 +401,6 @@ async fn trigger_index(
async fn login(
user_manager: Data<user::Manager>,
credentials: Json<dto::Credentials>,
- cookies: Cookies,
) -> Result<HttpResponse, APIError> {
let username = credentials.username.clone();
let (user::AuthToken(token), is_admin) =
@@ -613,9 +415,7 @@ async fn login(
token,
is_admin,
};
- let mut response = HttpResponse::Ok().json(authorization);
- add_auth_cookies(&mut response, &cookies, &username, is_admin)
- .map_err(|_| APIError::Unspecified)?;
+ let response = HttpResponse::Ok().json(authorization);
Ok(response)
}
diff --git a/src/service/actix/mod.rs b/src/service/actix/mod.rs
index aa6b0fc..0023b2c 100644
--- a/src/service/actix/mod.rs
+++ b/src/service/actix/mod.rs
@@ -15,7 +15,6 @@ pub mod test;
pub fn make_config(app: App) -> impl FnOnce(&mut ServiceConfig) + Clone {
move |cfg: &mut ServiceConfig| {
- let encryption_key = cookie::Key::derive_from(&app.auth_secret.key[..]);
cfg.app_data(web::Data::new(app.index))
.app_data(web::Data::new(app.config_manager))
.app_data(web::Data::new(app.ddns_manager))
@@ -25,11 +24,9 @@ pub fn make_config(app: App) -> impl FnOnce(&mut ServiceConfig) + Clone {
.app_data(web::Data::new(app.thumbnail_manager))
.app_data(web::Data::new(app.user_manager))
.app_data(web::Data::new(app.vfs_manager))
- .app_data(web::Data::new(encryption_key))
.service(
web::scope("/api")
.configure(api::make_config())
- .wrap_fn(api::http_auth_middleware)
.wrap(NormalizePath::trim()),
)
.service(
@@ -60,7 +57,7 @@ pub fn run(app: App) -> anyhow::Result<()> {
error!("Error starting HTTP server: {:?}", e);
e
})?
- .run()
+ .run(),
)?;
Ok(())
}
diff --git a/src/service/dto.rs b/src/service/dto.rs
index bebfb19..0e3af49 100644
--- a/src/service/dto.rs
+++ b/src/service/dto.rs
@@ -5,9 +5,6 @@ use std::convert::From;
pub const API_MAJOR_VERSION: i32 = 6;
pub const API_MINOR_VERSION: i32 = 1;
-pub const COOKIE_SESSION: &str = "session";
-pub const COOKIE_USERNAME: &str = "username";
-pub const COOKIE_ADMIN: &str = "admin";
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
pub struct Version {
diff --git a/src/service/error.rs b/src/service/error.rs
index d07f72c..3a656a8 100644
--- a/src/service/error.rs
+++ b/src/service/error.rs
@@ -5,6 +5,8 @@ use crate::app::{config, playlist, settings, user};
#[derive(Error, Debug)]
pub enum APIError {
+ #[error("Authentication is required")]
+ AuthenticationRequired,
#[error("Incorrect Credentials")]
IncorrectCredentials,
#[error("EmptyUsername")]
diff --git a/src/service/test/auth.rs b/src/service/test/auth.rs
index 1670cf7..70fb278 100644
--- a/src/service/test/auth.rs
+++ b/src/service/test/auth.rs
@@ -1,57 +1,10 @@
-use std::time::Duration;
-
-use cookie::Cookie;
use headers::{self, HeaderMapExt};
-use http::{Response, StatusCode};
+use http::StatusCode;
use crate::service::dto;
use crate::service::test::{constants::*, protocol, ServiceType, TestService};
use crate::test_name;
-fn validate_added_cookies<T>(response: &Response<T>) {
- let twenty_years = Duration::from_secs(20 * 365 * 24 * 60 * 60);
-
- let cookies: Vec<Cookie> = response
- .headers()
- .get_all(http::header::SET_COOKIE)
- .iter()
- .map(|c| Cookie::parse(c.to_str().unwrap()).unwrap())
- .collect();
-
- let session = cookies
- .iter()
- .find(|c| c.name() == dto::COOKIE_SESSION)
- .unwrap();
- assert_ne!(session.value(), TEST_USERNAME);
- assert!(session.max_age().unwrap() >= twenty_years);
-
- let username = cookies
- .iter()
- .find(|c| c.name() == dto::COOKIE_USERNAME)
- .unwrap();
- assert_eq!(username.value(), TEST_USERNAME);
- assert!(session.max_age().unwrap() >= twenty_years);
-
- let is_admin = cookies
- .iter()
- .find(|c| c.name() == dto::COOKIE_ADMIN)
- .unwrap();
- assert_eq!(is_admin.value(), false.to_string());
- assert!(session.max_age().unwrap() >= twenty_years);
-}
-
-fn validate_no_cookies<T>(response: &Response<T>) {
- let cookies: Vec<Cookie> = response
- .headers()
- .get_all(http::header::SET_COOKIE)
- .iter()
- .map(|c| Cookie::parse(c.to_str().unwrap()).unwrap())
- .collect();
- assert!(!cookies.iter().any(|c| c.name() == dto::COOKIE_SESSION));
- assert!(!cookies.iter().any(|c| c.name() == dto::COOKIE_USERNAME));
- assert!(!cookies.iter().any(|c| c.name() == dto::COOKIE_ADMIN));
-}
-
#[test]
fn login_rejects_bad_username() {
let mut service = ServiceType::new(&test_name!());
@@ -85,62 +38,6 @@ fn login_golden_path() {
assert_eq!(authorization.username, TEST_USERNAME);
assert!(!authorization.is_admin);
assert!(!authorization.token.is_empty());
-
- validate_added_cookies(&response);
-}
-
-#[test]
-fn requests_without_auth_header_do_not_set_cookies() {
- let mut service = ServiceType::new(&test_name!());
- service.complete_initial_setup();
- service.login();
-
- let request = protocol::random();
- let response = service.fetch(&request);
- assert_eq!(response.status(), StatusCode::OK);
-
- validate_no_cookies(&response);
-}
-
-#[test]
-fn authentication_via_basic_http_header_rejects_bad_username() {
- let mut service = ServiceType::new(&test_name!());
- service.complete_initial_setup();
-
- let mut request = protocol::random();
- let basic = headers::Authorization::basic("garbage", TEST_PASSWORD);
- request.headers_mut().typed_insert(basic);
-
- let response = service.fetch(&request);
- assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
-}
-
-#[test]
-fn authentication_via_basic_http_header_rejects_bad_password() {
- let mut service = ServiceType::new(&test_name!());
- service.complete_initial_setup();
-
- let mut request = protocol::random();
- let basic = headers::Authorization::basic(TEST_PASSWORD, "garbage");
- request.headers_mut().typed_insert(basic);
-
- let response = service.fetch(&request);
- assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
-}
-
-#[test]
-fn authentication_via_basic_http_header_golden_path() {
- let mut service = ServiceType::new(&test_name!());
- service.complete_initial_setup();
-
- let mut request = protocol::random();
- let basic = headers::Authorization::basic(TEST_USERNAME, TEST_PASSWORD);
- request.headers_mut().typed_insert(basic);
-
- let response = service.fetch(&request);
- assert_eq!(response.status(), StatusCode::OK);
-
- validate_added_cookies(&response);
}
#[test]
@@ -175,8 +72,6 @@ fn authentication_via_bearer_http_header_golden_path() {
request.headers_mut().typed_insert(bearer);
let response = service.fetch(&request);
assert_eq!(response.status(), StatusCode::OK);
-
- validate_no_cookies(&response);
}
#[test]
@@ -214,6 +109,4 @@ fn authentication_via_query_param_golden_path() {
let response = service.fetch(&request);
assert_eq!(response.status(), StatusCode::OK);
-
- validate_no_cookies(&response);
}