Commit e9afd4a8 authored by Ciarán Ó Rourke's avatar Ciarán Ó Rourke
Browse files

Unit Tests Patch

Authorisation unit tests were being run when the project was built with authorisation disabled. Aurhorisation unit tests are now moved to a dedicated file that is built conditionally. Some changes are also made to the CI YAML file.

Change log:
* Move authorisation tests to dedicated file
* disable authorisation tests when building without authorisation
* default CI job runs unit tests and integration tests
* add CI job for build w/o authorisation
* rename Doxygen job to Documentation
parent 8c5626ef
Pipeline #1699 passed with stages
in 7 minutes and 15 seconds
......@@ -17,6 +17,7 @@ image: ciaranorourke/fiphoboserver:debian
-DCMAKE_PREFIX_PATH="${DEPS_DIR}"
-DCUSTOM_DOCU_PATH="${FIPHOBOSERVER_DOC_DIR}"
-DFIPHOBOSERVER_BUILD_DOCUMENTATION="${FIPHOBOSERVER_BUILD_DOCUMENTATION}"
-DFIPHOBOSERVER_DISABLE_AUTHORISATION="${FIPHOBOSERVER_DISABLE_AUTHORISATION}"
..
)
&& popd
......@@ -30,20 +31,25 @@ image: ciaranorourke/fiphoboserver:debian
.cmake_variables:
default_cmake_variables: &default_cmake_variables
CC: gcc
CXX: g++
DEPS_DIR: /home/superfiphoboserver/build/install
FIPHOBOSERVER_DOC_DIR: ""
FIPHOBOSERVER_BUILD_TESTS: "ON"
FIPHOBOSERVER_DISABLE_AUTHORISATION: "OFF"
.default_job: &default_job
tags:
- docker
image: ciaranorourke/fiphoboserver:debian
variables:
<<: *default_cmake_variables
before_script:
- apt-get update
- apt-get install -y
cmake
clang clang-tidy
script:
- *start_phobos
- *configure
- *build
- *unit_test
......@@ -77,7 +83,6 @@ Lint:
stage: static analysis
variables:
<<: *default_cmake_variables
FIPHOBOSERVER_BUILD_TESTS: "ON"
CC: clang
CXX: clang++
script:
......@@ -85,7 +90,7 @@ Lint:
- *build
- ./tools/run_lint.sh build
Doxygen:
Documentation:
<<: *default_job
stage: build
variables:
......@@ -105,29 +110,13 @@ Doxygen:
- *configure
- make -C build/doc
Unit Tests:
Default:
<<: *default_job
stage: test
variables:
<<: *default_cmake_variables
FIPHOBOSERVER_BUILD_TESTS: "ON"
CC: gcc
CXX: g++
script:
- *start_phobos
- *configure
- *build
- *unit_test
Integration Tests:
Authorisation Disabled:
<<: *default_job
stage: test
variables:
<<: *default_cmake_variables
CC: gcc
CXX: g++
script:
- *start_phobos
- *configure
- *build
- *integration_test
FIPHOBOSERVER_DISABLE_AUTHORISATION: "ON"
stage: test
......@@ -14,6 +14,13 @@ add_executable(
utils.cc
)
if(NOT FIPHOBOSERVER_DISABLE_AUTHORISATION)
target_sources(tests PRIVATE s3_authorisation.cc)
else()
message("Disabling AWS V4 authorisation testing")
endif(NOT FIPHOBOSERVER_DISABLE_AUTHORISATION)
target_compile_features(tests PUBLIC cxx_std_14)
target_link_libraries(tests PUBLIC Catch2::Catch2)
......
#include <catch2/catch.hpp>
#include <fstream>
#include "../../src/server/s3_utilities/s3_authorisation.h"
namespace fiphoboserver {
namespace s3_utilities {
SCENARIO("S3 header authorisation", "[authorisation]")
{
// Those are the examples from
// https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
std::unique_ptr<proxygen::HTTPMessage> message =
std::make_unique<proxygen::HTTPMessage>();
proxygen::HTTPHeaders& headers = message->getHeaders();
headers.add("Host", "examplebucket.s3.amazonaws.com");
headers.add("x-amz-date", "20130524T000000Z");
S3_header s3_header;
S3_authorisation auth;
GIVEN("a GET request")
{
message->setMethod(proxygen::HTTPMethod::GET);
message->setURL("/test.txt");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41");
headers.add("Range", "bytes=0-9");
WHEN("The request is valid")
{
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The request is NOT valid")
{
headers.add(
"x-amz-content-sha256",
"e3b0544298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
}
WHEN("The signing user does not exist")
{
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
// empty user database
std::ifstream user_in_stream("/tmp/users.txt");
std::stringstream user_text;
user_text << user_in_stream.rdbuf();
user_in_stream.close();
std::ofstream user_of_stream("/tmp/users.txt", std::fstream::trunc);
user_of_stream.close();
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
// restore user database
user_of_stream = std::ofstream("/tmp/users.txt");
user_of_stream << user_text.str();
user_of_stream.close();
}
}
GIVEN("A GET bucket request with queries")
{
message->setMethod(proxygen::HTTPMethod::GET);
message->setURL("/");
WHEN("The GET request contains one empty valued query")
{
message->setQueryString("lifecycle");
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=fea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The GET request contains two queries")
{
message->setQueryString("max-keys=2&prefix=J");
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=34b48302e7b5fa45bde8084f4b7868a86f0a534bc59db6670ed5711ef69dc6f7");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
}
GIVEN("a PUT request")
{
message->setMethod(proxygen::HTTPMethod::PUT);
message->setURL("/test$file.text");
headers.add("Date", "Fri, 24 May 2013 00:00:00 GMT");
headers.add("x-amz-storage-class", "REDUCED_REDUNDANCY");
headers.add(
"x-amz-content-sha256",
"44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072");
headers.add("Content-Length", "21");
WHEN("The authorization header is not valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
THEN("The authorisation will fail before payload is added")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
REQUIRE(auth.get_error() == malformed_authorisation);
}
}
WHEN("The request is valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
THEN(
"After the first call to authorise() the status is 'waiting_for_payload'")
{
REQUIRE(
auth.authorise(s3_header)
== Authorisation_status::waiting_for_payload);
}
THEN("After adding the payload, the authorisation is valid")
{
auth.authorise(s3_header);
auth.add_chunk("Welcome to Amazon S3.");
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The payload is NOT valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
auth.authorise(s3_header);
auth.add_chunk("Goodbye from Amazon S3.");
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
}
}
}
} // namespace s3_utilities
} // namespace fiphoboserver
#include <catch2/catch.hpp>
#include <fstream>
#include <memory>
#include <sstream>
#include "../../src/server/s3_utilities/s3_authorisation.h"
#include "../../src/server/s3_utilities/s3_errors.h"
#include "../../src/server/s3_utilities/s3_header.h"
#include "../../src/server/s3_utilities/s3_utilities.h"
......@@ -163,193 +161,6 @@ SCENARIO("String encoding", "[encoding]")
}
}
SCENARIO("S3 header authorisation", "[authorisation]")
{
// Those are the examples from
// https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
std::unique_ptr<proxygen::HTTPMessage> message =
std::make_unique<proxygen::HTTPMessage>();
proxygen::HTTPHeaders& headers = message->getHeaders();
headers.add("Host", "examplebucket.s3.amazonaws.com");
headers.add("x-amz-date", "20130524T000000Z");
S3_header s3_header;
S3_authorisation auth;
GIVEN("a GET request")
{
message->setMethod(proxygen::HTTPMethod::GET);
message->setURL("/test.txt");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41");
headers.add("Range", "bytes=0-9");
WHEN("The request is valid")
{
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The request is NOT valid")
{
headers.add(
"x-amz-content-sha256",
"e3b0544298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
}
WHEN("The signing user does not exist")
{
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
s3_header.set_headers(std::move(message));
// empty user database
std::ifstream user_in_stream("/tmp/users.txt");
std::stringstream user_text;
user_text << user_in_stream.rdbuf();
user_in_stream.close();
std::ofstream user_of_stream("/tmp/users.txt", std::fstream::trunc);
user_of_stream.close();
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
// restore user database
user_of_stream = std::ofstream("/tmp/users.txt");
user_of_stream << user_text.str();
user_of_stream.close();
}
}
GIVEN("A GET bucket request with queries")
{
message->setMethod(proxygen::HTTPMethod::GET);
message->setURL("/");
WHEN("The GET request contains one empty valued query")
{
message->setQueryString("lifecycle");
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=fea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The GET request contains two queries")
{
message->setQueryString("max-keys=2&prefix=J");
headers.add(
"x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855");
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=34b48302e7b5fa45bde8084f4b7868a86f0a534bc59db6670ed5711ef69dc6f7");
s3_header.set_headers(std::move(message));
THEN("The authorisation is valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
}
GIVEN("a PUT request")
{
message->setMethod(proxygen::HTTPMethod::PUT);
message->setURL("/test$file.text");
headers.add("Date", "Fri, 24 May 2013 00:00:00 GMT");
headers.add("x-amz-storage-class", "REDUCED_REDUNDANCY");
headers.add(
"x-amz-content-sha256",
"44ce7dd67c959e0d3524ffac1771dfbba87d2b6b4b4e99e42034a8b803f8b072");
headers.add("Content-Length", "21");
WHEN("The authorization header is not valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
THEN("The authorisation will fail before payload is added")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
REQUIRE(auth.get_error() == malformed_authorisation);
}
}
WHEN("The request is valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
THEN(
"After the first call to authorise() the status is 'waiting_for_payload'")
{
REQUIRE(
auth.authorise(s3_header)
== Authorisation_status::waiting_for_payload);
}
THEN("After adding the payload, the authorisation is valid")
{
auth.authorise(s3_header);
auth.add_chunk("Welcome to Amazon S3.");
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::valid);
}
}
WHEN("The payload is NOT valid")
{
headers.add(
"Authorization",
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=date;host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=98ad721746da40c64f1a55b78f14c238d841ea1380cd77a1b5971af0ece108bd");
s3_header.set_headers(std::move(message));
auth.authorise(s3_header);
auth.add_chunk("Goodbye from Amazon S3.");
THEN("The authorisation is not valid")
{
REQUIRE(
auth.authorise(s3_header) == Authorisation_status::failed);
}
}
}
}
} // namespace s3_utilities
} // namespace fiphoboserver
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment