From b62304ca15ca35905cd1021132dc39bb06107cea Mon Sep 17 00:00:00 2001 From: Ivan Krutov Date: Fri, 1 Jun 2018 17:04:26 +0300 Subject: [PATCH] Fixed panic in authentication logic (fixes #191) --- proxy.go | 8 ++++++-- proxy_test.go | 27 ++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/proxy.go b/proxy.go index 80d55be..49749ca 100644 --- a/proxy.go +++ b/proxy.go @@ -565,13 +565,17 @@ func WithSuitableAuthentication(authenticator *auth.BasicAuth, handler func(http _, ok := quota[guestUserName] confLock.RUnlock() if !ok { - reply(w, errMsg("Guest access is unavailable."), http.StatusUnauthorized) + reply(w, errMsg("Guest access is unavailable"), http.StatusUnauthorized) } else { handler(w, r) } } else { //Run the handler using basic authentication - requireBasicAuth(authenticator, handler)(w, r) + if fileExists(users) { + requireBasicAuth(authenticator, handler)(w, r) + } else { + handler(w, r) + } } } } diff --git a/proxy_test.go b/proxy_test.go index c5733bb..15b6c9b 100644 --- a/proxy_test.go +++ b/proxy_test.go @@ -21,6 +21,7 @@ import ( . "github.com/aandryashin/matchers" . "github.com/aandryashin/matchers/httpresp" + "github.com/abbot/go-http-auth" . "github.com/aerokube/ggr/config" "golang.org/x/net/websocket" "log" @@ -1382,7 +1383,7 @@ func TestStartSessionGuestFailNoQuota(t *testing.T) { rsp, err := createSessionWithoutAuthentication(`{"desiredCapabilities":{"browserName":"{browser}", "version":"1.0"}}`) AssertThat(t, err, Is{nil}) - AssertThat(t, rsp, AllOf{Code{http.StatusUnauthorized}, Message{"Guest access is unavailable."}}) + AssertThat(t, rsp, AllOf{Code{http.StatusUnauthorized}, Message{"Guest access is unavailable"}}) } @@ -1543,3 +1544,27 @@ func recordingMux(region string, storage *[]string) http.Handler { }) return mux } + +func TestPanicGuestQuotaMissingUsersFileAuthPresent(t *testing.T) { + guestAccessAllowed = true + users = "missing-file" + defer func() { + users = ".htpasswd" + }() + authenticator := auth.NewBasicAuthenticator( + "Some Realm", + auth.HtpasswdFileProvider(users), + ) + + mux := http.NewServeMux() + mux.HandleFunc("/", WithSuitableAuthentication(authenticator, func(_ http.ResponseWriter, _ *http.Request) {})) + + srv := httptest.NewServer(mux) + defer srv.Close() + + req, _ := http.NewRequest(http.MethodGet, srv.URL+"/", nil) + req.SetBasicAuth("test", "test") + resp, err := http.DefaultClient.Do(req) + AssertThat(t, err, Is{nil}) + AssertThat(t, resp, Code{http.StatusOK}) +}