Merge pull request #11 from mbaynton/authentication-panic

Fix issue where nil pointer panic occurred when HTTP authentication was enabled.
umnmsi · Jan 12, 2018 · 1673940 · 1673940
2 parents 218970d + ae45037
commit 1673940
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/TestFixtures/configs/HttpAuth.conf.yml b/TestFixtures/configs/HttpAuth.conf.yml
@@ -0,0 +1,7 @@
+---
+BindAddress: 127.0.0.1:8240
+PuppetExecutable: ../TestFixtures/fakepuppet.sh
+HttpAuth:
+  Type: basic
+  DbFile: ../TestFixtures/test.htpasswd
+  Realm: puppet.my.org
diff --git a/lib/HttpProtectionMiddlewareFactory.go b/lib/HttpProtectionMiddlewareFactory.go
@@ -22,7 +22,7 @@ func NewHttpProtectionMiddlewareFactory(config AppConfig) HttpProtectionMiddlewa
 	return *handler
 }
 
-func (ctx HttpProtectionMiddlewareFactory) WrapInProtectionMiddleware(nestedHandler http.Handler) http.Handler {
+func (ctx *HttpProtectionMiddlewareFactory) WrapInProtectionMiddleware(nestedHandler http.Handler) http.Handler {
 	authConfig := ctx.config.HttpAuth
 	if authConfig == nil { // No authentication required.
 		return nestedHandler
@@ -48,11 +48,11 @@ func (ctx HttpProtectionMiddlewareFactory) WrapInProtectionMiddleware(nestedHand
 	}
 }
 
-func (ctx HttpProtectionMiddlewareFactory) ServeHTTP(response http.ResponseWriter, request *http.Request) {
+func (ctx *HttpProtectionMiddlewareFactory) ServeHTTP(response http.ResponseWriter, request *http.Request) {
 	ctx.protectingMiddleware.ServeHTTP(response, request)
 }
 
 // This func exists just because it provides the signature the authenticator.Wrap method is looking for.
-func (ctx HttpProtectionMiddlewareFactory) handle(w http.ResponseWriter, request *auth.AuthenticatedRequest) {
+func (ctx *HttpProtectionMiddlewareFactory) handle(w http.ResponseWriter, request *auth.AuthenticatedRequest) {
 	ctx.protectedHandler.ServeHTTP(w, &request.Request)
 }
diff --git a/lib/HttpProtectionMiddlewareFactory_test.go b/lib/HttpProtectionMiddlewareFactory_test.go
@@ -53,6 +53,24 @@ func TestNoAuthConfigResultsInNoAuthenticationRequired(t *testing.T) {
 	}
 }
 
+func TestValidAuthResultsInProperlyServedResponse(t *testing.T) {
+	appConfig := LoadTheConfig("NoRealm.conf", []string{"../TestFixtures/configs"})
+	sut := NewHttpProtectionMiddlewareFactory(appConfig)
+	var called = false
+	testHandler := func(response http.ResponseWriter, request *http.Request) {
+		called = true
+	}
+	protectedHandler := sut.WrapInProtectionMiddleware(http.HandlerFunc(testHandler))
+	testRequest, _ := http.NewRequest("POST", "http://0.0.0.0/", strings.NewReader(""))
+	testRequest.SetBasicAuth("test", "password")
+	monitor := httptest.NewRecorder()
+	protectedHandler.ServeHTTP(monitor, testRequest)
+
+	if monitor.Code != 200 || called == false {
+		t.Errorf("Enabled http authentication middleware did not allow properly authenticated request through (HTTP %d).\n", monitor.Code)
+	}
+}
+
 func expectMiddlewareThrows(sut HttpProtectionMiddlewareFactory, t *testing.T, expect string) {
 	defer func() {
 		err := recover()