From cb7f6debd3a4ab746ad83ec10602a458e1933d8e Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Sat, 3 Feb 2024 14:19:49 +0100 Subject: [PATCH 1/4] [s3inbox] do authentication before we start processing the request --- sda/cmd/s3inbox/proxy.go | 22 +++++++++++----------- sda/cmd/s3inbox/proxy_test.go | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sda/cmd/s3inbox/proxy.go b/sda/cmd/s3inbox/proxy.go index b98b353a0..4fa3bcf5d 100644 --- a/sda/cmd/s3inbox/proxy.go +++ b/sda/cmd/s3inbox/proxy.go @@ -83,6 +83,14 @@ func NewProxy(s3conf storage.S3Conf, auth userauth.Authenticator, messenger *bro } func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { + token, err := p.auth.Authenticate(r) + if err != nil { + log.Debugf("Request not authenticated (%v)", err) + p.notAuthorized(w, r) + + return + } + switch t := p.detectRequestType(r); t { case MakeBucket, RemoveBucket, Delete, Policy, Get: // Not allowed @@ -91,7 +99,7 @@ func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { case Put, List, Other, AbortMultipart: // Allowed log.Debug("allowed known") - p.allowedResponse(w, r) + p.allowedResponse(w, r, token) default: log.Debugf("Unexpected request (%v) not allowed", r) p.notAllowedResponse(w, r) @@ -113,17 +121,9 @@ func (p *Proxy) notAuthorized(w http.ResponseWriter, _ *http.Request) { reportError(http.StatusUnauthorized, "not authorized", w) } -func (p *Proxy) allowedResponse(w http.ResponseWriter, r *http.Request) { - claims, err := p.auth.Authenticate(r) - if err != nil { - log.Debugf("Request not authenticated (%v)", err) - p.notAuthorized(w, r) - - return - } - +func (p *Proxy) allowedResponse(w http.ResponseWriter, r *http.Request, claims jwt.Token) { log.Debug("prepend") - err = p.prependBucketToHostPath(r) + err := p.prependBucketToHostPath(r) if err != nil { reportError(http.StatusBadRequest, err.Error(), w) } diff --git a/sda/cmd/s3inbox/proxy_test.go b/sda/cmd/s3inbox/proxy_test.go index 5d888bbcb..cf82375d0 100644 --- a/sda/cmd/s3inbox/proxy_test.go +++ b/sda/cmd/s3inbox/proxy_test.go @@ -141,8 +141,7 @@ func (m *MockMessenger) SendMessage(uuid string, body []byte) error { // nolint:bodyclose func (suite *ProxyTests) TestServeHTTP_disallowed() { - // Start mock messenger that denies everything - proxy := NewProxy(suite.S3conf, &helper.AlwaysDeny{}, suite.messenger, suite.database, new(tls.Config)) + proxy := NewProxy(suite.S3conf, &helper.AlwaysAllow{}, suite.messenger, suite.database, new(tls.Config)) r, _ := http.NewRequest("", "", nil) w := httptest.NewRecorder() @@ -194,6 +193,7 @@ func (suite *ProxyTests) TestServeHTTP_disallowed() { assert.Equal(suite.T(), false, suite.fakeServer.PingedAndRestore()) // Not authorized user get 401 response + proxy = NewProxy(suite.S3conf, &helper.AlwaysDeny{}, suite.messenger, suite.database, new(tls.Config)) w = httptest.NewRecorder() r.Method = "GET" r.URL, _ = url.Parse("/username/file") From ddb2b795e7de0012d8dd6985ee2c1c2aeda36c3b Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Sun, 4 Feb 2024 15:44:59 +0100 Subject: [PATCH 2/4] [internal/userauth] remove checks for username in URL.Path --- sda/internal/userauth/userauth.go | 21 --------- sda/internal/userauth/userauth_test.go | 60 +------------------------- 2 files changed, 2 insertions(+), 79 deletions(-) diff --git a/sda/internal/userauth/userauth.go b/sda/internal/userauth/userauth.go index baef35f45..c6b125e03 100644 --- a/sda/internal/userauth/userauth.go +++ b/sda/internal/userauth/userauth.go @@ -58,27 +58,6 @@ func (u *ValidateFromToken) Authenticate(r *http.Request) (jwt.Token, error) { return nil, fmt.Errorf("failed to get issuer from token (%v)", iss) } - // Check whether token username and filepath match - str, err := url.ParseRequestURI(r.URL.Path) - if err != nil || str.Path == "" { - return nil, fmt.Errorf("failed to get path from query (%v)", r.URL.Path) - } - - path := strings.Split(str.Path, "/") - if len(path) < 2 { - return nil, fmt.Errorf("length of path split was shorter than expected: %s", str.Path) - } - username := path[1] - - // Case for Elixir and CEGA usernames: Replace @ with _ character - if strings.Contains(token.Subject(), "@") { - if strings.ReplaceAll(token.Subject(), "@", "_") != username { - return nil, fmt.Errorf("token supplied username %s but URL had %s", token.Subject(), username) - } - } else if token.Subject() != username { - return nil, fmt.Errorf("token supplied username %s but URL had %s", token.Subject(), username) - } - return token, nil case r.Header.Get("Authorization") != "": diff --git a/sda/internal/userauth/userauth_test.go b/sda/internal/userauth/userauth_test.go index c079cb524..551d9c6e4 100644 --- a/sda/internal/userauth/userauth_test.go +++ b/sda/internal/userauth/userauth_test.go @@ -206,7 +206,7 @@ func (suite *UserAuthTest) TestUserTokenAuthenticator_ValidateSignature_RSA() { r.Header.Set("X-Amz-Security-Token", defaultToken) - // Test that a user can access their own bucket + // Test that a correct token works r.URL.Path = "/dummy/" signer.SignV4(*r, "username", "testpass", "", "us-east-1") token, err := a.Authenticate(r) @@ -214,29 +214,6 @@ func (suite *UserAuthTest) TestUserTokenAuthenticator_ValidateSignature_RSA() { privateClaims := token.PrivateClaims() assert.Equal(suite.T(), privateClaims["pilot"], helper.DefaultTokenClaims["pilot"]) - // Test that an unexpected path gives an error - r.URL.Path = "error" - signer.SignV4(*r, "username", "testpass", "", "us-east-1") - _, err = a.Authenticate(r) - assert.Error(suite.T(), err) - - // Test that a valid user can't access someone elses bucket - r.URL.Path = "/notvalid/" - signer.SignV4(*r, "username", "testpass", "", "us-east-1") - _, otherBucket := a.Authenticate(r) - assert.Equal(suite.T(), "token supplied username dummy but URL had notvalid", otherBucket.Error()) - - // Create and test Elixir token with wrong username - wrongUserToken, err := helper.CreateRSAToken(prKeyParsed, "RS256", helper.WrongUserClaims) - assert.NoError(suite.T(), err) - - r, _ = http.NewRequest("", "/", nil) - r.Host = "localhost" - r.Header.Set("X-Amz-Security-Token", wrongUserToken) - r.URL.Path = "/username/" - _, wrongUsername := a.Authenticate(r) - assert.Equal(suite.T(), "token supplied username c5773f41d17d27bd53b1e6794aedc32d7906e779@elixir-europe.org but URL had username", wrongUsername.Error()) - // Create and test expired Elixir token expiredToken, err := helper.CreateRSAToken(prKeyParsed, "RS256", helper.ExpiredClaims) assert.NoError(suite.T(), err) @@ -318,29 +295,12 @@ func (suite *UserAuthTest) TestUserTokenAuthenticator_ValidateSignature_EC() { r.Host = "localhost" r.Header.Set("X-Amz-Security-Token", defaultToken) - // Test that a user can access their own bucket + // Test that a correct token works r.URL.Path = "/dummy/" signer.SignV4(*r, "username", "testpass", "", "us-east-1") _, err = a.Authenticate(r) assert.Nil(suite.T(), err) - // Test that a valid user can't access someone elses bucket - r.URL.Path = "/notvalid/" - signer.SignV4(*r, "username", "testpass", "", "us-east-1") - _, otherBucket := a.Authenticate(r) - assert.Equal(suite.T(), "token supplied username dummy but URL had notvalid", otherBucket.Error()) - - // Create and test Elixir token with wrong username - wrongUserToken, err := helper.CreateECToken(prKeyParsed, "ES256", helper.WrongUserClaims) - assert.NoError(suite.T(), err) - - r, _ = http.NewRequest("", "/", nil) - r.Host = "localhost" - r.Header.Set("X-Amz-Security-Token", wrongUserToken) - r.URL.Path = "/username/" - _, wrongUsername := a.Authenticate(r) - assert.Equal(suite.T(), "token supplied username c5773f41d17d27bd53b1e6794aedc32d7906e779@elixir-europe.org but URL had username", wrongUsername.Error()) - // Create and test expired Elixir token expiredToken, err := helper.CreateECToken(prKeyParsed, "ES256", helper.ExpiredClaims) assert.NoError(suite.T(), err) @@ -390,22 +350,6 @@ func (suite *UserAuthTest) TestUserTokenAuthenticator_ValidateSignature_EC() { _, err = a.Authenticate(r) assert.Contains(suite.T(), err.Error(), "failed to get issuer from token") - // Test LS-AAI user authentication - token, err := helper.CreateECToken(prKeyParsed, "ES256", helper.WrongUserClaims) - assert.NoError(suite.T(), err) - - r, _ = http.NewRequest("", "/c5773f41d17d27bd53b1e6794aedc32d7906e779_elixir-europe.org/foo", nil) - r.Host = "localhost" - r.Header.Set("X-Amz-Security-Token", token) - _, err = a.Authenticate(r) - assert.NoError(suite.T(), err) - - r, _ = http.NewRequest("", "/dataset", nil) - r.Host = "localhost" - r.Header.Set("X-Amz-Security-Token", token) - _, err = a.Authenticate(r) - assert.Equal(suite.T(), "token supplied username c5773f41d17d27bd53b1e6794aedc32d7906e779@elixir-europe.org but URL had dataset", err.Error()) - defer os.RemoveAll(demoKeysPath) } From 7a8db7fb6c19194aab552c4f86ce945428850920 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Sun, 4 Feb 2024 15:46:35 +0100 Subject: [PATCH 3/4] [s3inbox] ensure username matches path in request --- sda/cmd/s3inbox/proxy.go | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/sda/cmd/s3inbox/proxy.go b/sda/cmd/s3inbox/proxy.go index 4fa3bcf5d..f7283e2d8 100644 --- a/sda/cmd/s3inbox/proxy.go +++ b/sda/cmd/s3inbox/proxy.go @@ -121,14 +121,32 @@ func (p *Proxy) notAuthorized(w http.ResponseWriter, _ *http.Request) { reportError(http.StatusUnauthorized, "not authorized", w) } -func (p *Proxy) allowedResponse(w http.ResponseWriter, r *http.Request, claims jwt.Token) { +func (p *Proxy) allowedResponse(w http.ResponseWriter, r *http.Request, token jwt.Token) { log.Debug("prepend") - err := p.prependBucketToHostPath(r) + // Check whether token username and filepath match + str, err := url.ParseRequestURI(r.URL.Path) + if err != nil || str.Path == "" { + reportError(http.StatusBadRequest, err.Error(), w) + } + + path := strings.Split(str.Path, "/") + if strings.Contains(token.Subject(), "@") { + if strings.ReplaceAll(token.Subject(), "@", "_") != path[1] { + reportError(http.StatusBadRequest, fmt.Sprintf("token supplied username: %s, but URL had: %s", token.Subject(), path[1]), w) + + return + } + } else if token.Subject() != path[1] { + reportError(http.StatusBadRequest, fmt.Sprintf("token supplied username: %s, but URL had: %s", token.Subject(), path[1]), w) + + return + } + err = p.prependBucketToHostPath(r) if err != nil { reportError(http.StatusBadRequest, err.Error(), w) } - username := claims.Subject() + username := token.Subject() rawFilepath := strings.Replace(r.URL.Path, "/"+p.s3.Bucket+"/", "", 1) filepath, err := formatUploadFilePath(rawFilepath) @@ -161,7 +179,7 @@ func (p *Proxy) allowedResponse(w http.ResponseWriter, r *http.Request, claims j // Send message to upstream and set file as uploaded in the database if p.uploadFinishedSuccessfully(r, s3response) { log.Debug("create message") - message, err := p.CreateMessageFromRequest(r, claims) + message, err := p.CreateMessageFromRequest(r, token) if err != nil { p.internalServerError(w, r, err.Error()) From 0bf4ccfc257b4b390431410cbeb833444f43f596 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 5 Feb 2024 09:03:48 +0100 Subject: [PATCH 4/4] [s3inbox] update proxy test suite --- sda/cmd/s3inbox/proxy_test.go | 98 ++++++++++++++++++++++------------- 1 file changed, 63 insertions(+), 35 deletions(-) diff --git a/sda/cmd/s3inbox/proxy_test.go b/sda/cmd/s3inbox/proxy_test.go index cf82375d0..082c207c3 100644 --- a/sda/cmd/s3inbox/proxy_test.go +++ b/sda/cmd/s3inbox/proxy_test.go @@ -9,13 +9,17 @@ import ( "net/http" "net/http/httptest" "net/url" + "os" "testing" + "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/lestrrat-go/jwx/v2/jws" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/neicnordic/sensitive-data-archive/internal/broker" "github.com/neicnordic/sensitive-data-archive/internal/database" "github.com/neicnordic/sensitive-data-archive/internal/helper" "github.com/neicnordic/sensitive-data-archive/internal/storage" + "github.com/neicnordic/sensitive-data-archive/internal/userauth" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" ) @@ -28,6 +32,8 @@ type ProxyTests struct { MQConf broker.MQConf messenger *broker.AMQPBroker database *database.SDAdb + auth *userauth.ValidateFromToken + token jwt.Token } func TestProxyTestSuite(t *testing.T) { @@ -75,6 +81,32 @@ func (suite *ProxyTests) SetupTest() { } suite.database = &database.SDAdb{} + + // Create temp demo rsa key pair + demoKeysPath := "demo-rsa-keys" + defer os.RemoveAll(demoKeysPath) + prKeyPath, pubKeyPath, err := helper.MakeFolder(demoKeysPath) + assert.NoError(suite.T(), err) + + err = helper.CreateRSAkeys(prKeyPath, pubKeyPath) + assert.NoError(suite.T(), err) + + // Parse demo private key + prKeyParsed, err := helper.ParsePrivateRSAKey(prKeyPath, "/rsa") + assert.NoError(suite.T(), err) + + // Create token and set up request defaults + defaultToken, err := helper.CreateRSAToken(prKeyParsed, "RS256", helper.DefaultTokenClaims) + assert.NoError(suite.T(), err) + + jwtpubkeypath := demoKeysPath + "/public-key/" + suite.auth = userauth.NewValidateFromToken(jwk.NewSet()) + _ = suite.auth.ReadJwtPubKeyPath(jwtpubkeypath) + + suite.token, err = jwt.Parse([]byte(defaultToken), jwt.WithKeySet(suite.auth.Keyset, jws.WithInferAlgorithmFromKey(true)), jwt.WithValidate(true)) + if err != nil { + suite.T().FailNow() + } } func (suite *ProxyTests) TearDownTest() { @@ -217,8 +249,8 @@ func (suite *ProxyTests) TestServeHTTPS3Unresponsive() { // Just try to list the files r.Method = "GET" - r.URL, _ = url.Parse("/asdf/asdf") - proxy.ServeHTTP(w, r) + r.URL, _ = url.Parse("/dummy/asdf") + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 500, w.Result().StatusCode) // nolint:bodyclose } @@ -232,10 +264,10 @@ func (suite *ProxyTests) TestServeHTTP_MQConnectionClosed() { // Test that the mq connection will be restored when needed proxy.messenger.Connection.Close() assert.True(suite.T(), proxy.messenger.Connection.IsClosed()) - r, _ := http.NewRequest("PUT", "/username/connectionclosed-file", nil) + r, _ := http.NewRequest("PUT", "/dummy/connectionclosed-file", nil) w := httptest.NewRecorder() suite.fakeServer.resp = "test/elixirid/db-test-file.txt12false/elixirid/file.txt2020-03-10T13:20:15.000Z"0a44282bd39178db9680f24813c41aec-1"5STANDARD" - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) // nolint:bodyclose assert.False(suite.T(), proxy.messenger.Connection.IsClosed()) } @@ -250,10 +282,10 @@ func (suite *ProxyTests) TestServeHTTP_MQChannelClosed() { // Test that the mq channel will be restored when needed proxy.messenger.Channel.Close() assert.True(suite.T(), proxy.messenger.Channel.IsClosed()) - r, _ := http.NewRequest("PUT", "/username/channelclosed-file", nil) + r, _ := http.NewRequest("PUT", "/dummy/channelclosed-file", nil) w := httptest.NewRecorder() suite.fakeServer.resp = "test/elixirid/db-test-file.txt12false/elixirid/file.txt2020-03-10T13:20:15.000Z"0a44282bd39178db9680f24813c41aec-1"5STANDARD" - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) // nolint:bodyclose assert.False(suite.T(), proxy.messenger.Channel.IsClosed()) } @@ -269,27 +301,25 @@ func (suite *ProxyTests) TestServeHTTP_MQ_Unavailable() { proxy.messenger.Conf.Port = 123456 proxy.messenger.Connection.Close() assert.True(suite.T(), proxy.messenger.Connection.IsClosed()) - r, _ := http.NewRequest("PUT", "/username/mqunavailable-file", nil) + r, _ := http.NewRequest("PUT", "/dummy/mqunavailable-file", nil) w := httptest.NewRecorder() suite.fakeServer.resp = "test/elixirid/db-test-file.txt12false/elixirid/file.txt2020-03-10T13:20:15.000Z"0a44282bd39178db9680f24813c41aec-1"5STANDARD" - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 500, w.Result().StatusCode) // nolint:bodyclose } // nolint:bodyclose func (suite *ProxyTests) TestServeHTTP_allowed() { - - // Start proxy that allows everything messenger, err := broker.NewMQ(suite.MQConf) assert.NoError(suite.T(), err) database, _ := database.NewSDAdb(suite.DBConf) proxy := NewProxy(suite.S3conf, helper.NewAlwaysAllow(), messenger, database, new(tls.Config)) // List files works - r, err := http.NewRequest("GET", "/username/file", nil) + r, err := http.NewRequest("GET", "/dummy/file", nil) assert.NoError(suite.T(), err) w := httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) assert.Equal(suite.T(), false, suite.fakeServer.PingedAndRestore()) // Testing the pinged interface @@ -298,40 +328,39 @@ func (suite *ProxyTests) TestServeHTTP_allowed() { w = httptest.NewRecorder() r.Method = "PUT" suite.fakeServer.resp = "test/elixirid/file.txt12false/elixirid/file.txt2020-03-10T13:20:15.000Z"0a44282bd39178db9680f24813c41aec-1"5STANDARD" - assert.False(suite.T(), messenger.IsConnClosed()) - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Put with partnumber sends no message w = httptest.NewRecorder() r.Method = "PUT" - r.URL, _ = url.Parse("/username/file?partNumber=5") - proxy.ServeHTTP(w, r) + r.URL, _ = url.Parse("/dummy/file?partNumber=5") + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Post with uploadId sends message r.Method = "POST" - r.URL, _ = url.Parse("/username/file?uploadId=5") + r.URL, _ = url.Parse("/dummy/file?uploadId=5") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Post without uploadId sends no message r.Method = "POST" - r.URL, _ = url.Parse("/username/file") + r.URL, _ = url.Parse("/dummy/file") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Abort multipart works r.Method = "DELETE" - r.URL, _ = url.Parse("/asdf/asdf?uploadId=123") + r.URL, _ = url.Parse("/dummy/asdf?uploadId=123") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) @@ -339,45 +368,44 @@ func (suite *ProxyTests) TestServeHTTP_allowed() { // that trigger different code paths in the code. // Delimiter alone r.Method = "GET" - r.URL, _ = url.Parse("/username/file?delimiter=puppe") + r.URL, _ = url.Parse("/dummy/file?delimiter=puppe") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Show multiparts uploads r.Method = "GET" - r.URL, _ = url.Parse("/username/file?uploads") + r.URL, _ = url.Parse("/dummy/file?uploads") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Delimiter alone together with prefix r.Method = "GET" - r.URL, _ = url.Parse("/username/file?delimiter=puppe&prefix=asdf") + r.URL, _ = url.Parse("/dummy/file?delimiter=puppe&prefix=asdf") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Location parameter r.Method = "GET" - r.URL, _ = url.Parse("/username/file?location=fnuffe") + r.URL, _ = url.Parse("/dummy/file?location=fnuffe") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 200, w.Result().StatusCode) assert.Equal(suite.T(), true, suite.fakeServer.PingedAndRestore()) // Filenames with platform incompatible characters are disallowed // not checked in TestServeHTTP_allowed() because we look for a non 403 response r.Method = "PUT" - r.URL, _ = url.Parse("/username/fi|le") + r.URL, _ = url.Parse("/dummy/fi|le") w = httptest.NewRecorder() - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) assert.Equal(suite.T(), 406, w.Result().StatusCode) assert.Equal(suite.T(), false, suite.fakeServer.PingedAndRestore()) - } func (suite *ProxyTests) TestMessageFormatting() { @@ -426,11 +454,11 @@ func (suite *ProxyTests) TestDatabaseConnection() { proxy := NewProxy(suite.S3conf, helper.NewAlwaysAllow(), messenger, database, new(tls.Config)) // PUT a file into the system - filename := "/username/db-test-file" + filename := "/dummy/db-test-file" r, _ := http.NewRequest("PUT", filename, nil) w := httptest.NewRecorder() suite.fakeServer.resp = "test/elixirid/db-test-file.txt12false/elixirid/file.txt2020-03-10T13:20:15.000Z"0a44282bd39178db9680f24813c41aec-1"5STANDARD" - proxy.ServeHTTP(w, r) + proxy.allowedResponse(w, r, suite.token) res := w.Result() defer res.Body.Close() assert.Equal(suite.T(), 200, res.StatusCode)