Add unit tests for multiAuthHeader

Also rename it to parseMultiAuthHeader. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-10-21 01:34:37 +00:00 · 2021-09-11 20:13:21 +02:00 · 2021-09-11 20:13:21 +02:00 · b162d8868c
parent 47f4f149bd
commit b162d8868c
2 changed files with 43 additions and 4 deletions
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@ -21,7 +21,7 @@ type HeaderAuthName string
 func (h HeaderAuthName) String() string { return string(h) }

 // XRegistryAuthHeader is the key to the encoded registry authentication configuration in an http-request header.
-// This header supports one registry per header occurrence. To support N registries provided N headers, one per registry.
+// This header supports one registry per header occurrence. To support N registries provide N headers, one per registry.
 // As of Docker API 1.40 and Libpod API 1.0.0, this header is supported by all endpoints.
 const XRegistryAuthHeader HeaderAuthName = "X-Registry-Auth"

@ -108,7 +108,7 @@ func getConfigCredentials(r *http.Request) (*types.DockerAuthConfig, string, err
 // should be removed after usage.
 func getAuthCredentials(r *http.Request) (*types.DockerAuthConfig, string, error) {
 	// First look for a multi-auth header (i.e., a map).
-	authConfigs, err := multiAuthHeader(r)
+	authConfigs, err := parseMultiAuthHeader(r)
 	if err == nil {
 		authfile, err := authConfigsToAuthFile(authConfigs)
 		return nil, authfile, err
@ -327,9 +327,9 @@ func singleAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error
 	return authConfigs, nil
 }

-// multiAuthHeader extracts a DockerAuthConfig from the request's header.
+// parseMultiAuthHeader extracts a DockerAuthConfig from the request's header.
 // The header content is a map[string]DockerAuthConfigs.
-func multiAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) {
+func parseMultiAuthHeader(r *http.Request) (map[string]types.DockerAuthConfig, error) {
 	authHeader := r.Header.Get(string(XRegistryAuthHeader))
 	// Accept "null" and handle it as empty value for compatibility reason with Docker.
 	// Some java docker clients pass this value, e.g. this one used in Eclipse.
--- a/pkg/auth/auth_test.go
+++ b/pkg/auth/auth_test.go
@ -1,11 +1,14 @@
 package auth

 import (
+	"encoding/base64"
 	"io/ioutil"
+	"net/http"
 	"testing"

 	"github.com/containers/image/v5/types"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestAuthConfigsToAuthFile(t *testing.T) {
@ -64,3 +67,39 @@ func TestAuthConfigsToAuthFile(t *testing.T) {
 		}
 	}
 }
+
+func TestParseMultiAuthHeader(t *testing.T) {
+	for _, tc := range []struct {
+		input     string
+		shouldErr bool
+		expected  map[string]types.DockerAuthConfig
+	}{
+		// Empty header
+		{input: "", expected: nil},
+		// "null"
+		{input: "null", expected: nil},
+		// Invalid JSON
+		{input: "@", shouldErr: true},
+		// Success
+		{
+			input: base64.URLEncoding.EncodeToString([]byte(
+				`{"https://index.docker.io/v1/":{"username":"u1","password":"p1"},` +
+					`"quay.io/libpod":{"username":"u2","password":"p2"}}`)),
+			expected: map[string]types.DockerAuthConfig{
+				"https://index.docker.io/v1/": {Username: "u1", Password: "p1"},
+				"quay.io/libpod":              {Username: "u2", Password: "p2"},
+			},
+		},
+	} {
+		req, err := http.NewRequest(http.MethodPost, "/", nil)
+		require.NoError(t, err, tc.input)
+		req.Header.Set(XRegistryAuthHeader.String(), tc.input)
+		res, err := parseMultiAuthHeader(req)
+		if tc.shouldErr {
+			assert.Error(t, err, tc.input)
+		} else {
+			require.NoError(t, err, tc.input)
+			assert.Equal(t, tc.expected, res, tc.input)
+		}
+	}
+}