From 0ff72ada5ff40518715872259d165ac209965b0d Mon Sep 17 00:00:00 2001 From: TheSomeMan Date: Thu, 18 Apr 2024 00:27:14 +0700 Subject: [PATCH] Close #289: Add checking for valid RUUVISESSION cookie when auth_type is set to 'allow' (#290) * Close #289: Add checking for valid RUUVISESSION cookie when auth_type is set to 'allow' * [#289] Add unit-test * [#289] Add unit-tests * [#289] Add unit-tests --- src/http_server_auth.c | 14 ++ src/http_server_auth.h | 6 + src/http_server_handle_req_delete_auth.c | 6 +- src/http_server_handle_req_get_auth.c | 54 +++- src/http_server_handle_req_post_auth.c | 44 ++-- src/http_server_resp.c | 41 ++- src/include/http_server_resp.h | 12 +- .../test_http_server_handle_req_get_auth.cpp | 237 +++++++++++++++++- .../test_http_server_resp.cpp | 49 +++- 9 files changed, 406 insertions(+), 57 deletions(-) diff --git a/src/http_server_auth.c b/src/http_server_auth.c index 5a06f30d..49685428 100644 --- a/src/http_server_auth.c +++ b/src/http_server_auth.c @@ -105,3 +105,17 @@ http_server_get_auth(void) { return &g_auth_info; } + +void +http_server_auth_ruuvi_add_authorized_session( + http_server_auth_ruuvi_t* const p_auth_ruuvi, + const http_server_auth_ruuvi_session_id_t* const p_session_id, + const sta_ip_string_t* const p_remote_ip) +{ + for (int32_t i = HTTP_SERVER_AUTH_RUUVI_MAX_NUM_SESSIONS - 1; i > 0; --i) + { + p_auth_ruuvi->authorized_sessions[i] = p_auth_ruuvi->authorized_sessions[i - 1]; + } + p_auth_ruuvi->authorized_sessions[0].session_id = *p_session_id; + p_auth_ruuvi->authorized_sessions[0].remote_ip = *p_remote_ip; +} diff --git a/src/http_server_auth.h b/src/http_server_auth.h index 6c1ffe35..7cac4fe9 100644 --- a/src/http_server_auth.h +++ b/src/http_server_auth.h @@ -47,6 +47,12 @@ http_server_strnstr(const char* const p_haystack, const char* const p_needle, co http_server_auth_info_t* http_server_get_auth(void); +void +http_server_auth_ruuvi_add_authorized_session( + http_server_auth_ruuvi_t* const p_auth_ruuvi, + const http_server_auth_ruuvi_session_id_t* const p_session_id, + const sta_ip_string_t* const p_remote_ip); + #ifdef __cplusplus } #endif diff --git a/src/http_server_handle_req_delete_auth.c b/src/http_server_handle_req_delete_auth.c index 00cb8860..f32e737f 100644 --- a/src/http_server_handle_req_delete_auth.c +++ b/src/http_server_handle_req_delete_auth.c @@ -25,7 +25,8 @@ http_server_handle_req_delete_auth( { return http_server_resp_401_auth_ruuvi( p_hostinfo, - (HTTP_SERVER_AUTH_TYPE_DEFAULT == p_auth_info->auth_type) ? true : false); + (HTTP_SERVER_AUTH_TYPE_DEFAULT == p_auth_info->auth_type) ? HTTP_SERVER_AUTH_TYPE_DEFAULT + : HTTP_SERVER_AUTH_TYPE_RUUVI); } http_server_auth_ruuvi_authorized_session_t* const p_authorized_session = http_server_auth_ruuvi_find_authorized_session(&session_id, p_remote_ip); @@ -34,7 +35,8 @@ http_server_handle_req_delete_auth( { return http_server_resp_401_auth_ruuvi( p_hostinfo, - (HTTP_SERVER_AUTH_TYPE_DEFAULT == p_auth_info->auth_type) ? true : false); + (HTTP_SERVER_AUTH_TYPE_DEFAULT == p_auth_info->auth_type) ? HTTP_SERVER_AUTH_TYPE_DEFAULT + : HTTP_SERVER_AUTH_TYPE_RUUVI); } p_authorized_session->session_id.buf[0] = '\0'; diff --git a/src/http_server_handle_req_get_auth.c b/src/http_server_handle_req_get_auth.c index a7b5ca6b..fb563ae2 100644 --- a/src/http_server_handle_req_get_auth.c +++ b/src/http_server_handle_req_get_auth.c @@ -183,21 +183,35 @@ static http_server_resp_t http_server_handle_req_get_auth_ruuvi( const http_server_handle_req_auth_param_t* const p_param, const bool flag_check, - const bool flag_auth_default, + const http_server_auth_type_e auth_type, http_header_extra_fields_t* const p_extra_header_fields) { http_server_auth_ruuvi_session_id_t session_id = { 0 }; if (!http_server_auth_ruuvi_get_session_id_from_cookies(p_param->http_header, &session_id)) { + if (HTTP_SERVER_AUTH_TYPE_ALLOW == auth_type) + { + if (flag_check) + { + return http_server_handle_req_get_auth_allow(p_param->p_hostinfo, p_param->flag_access_from_lan); + } + else + { + return http_server_resp_200_auth_allow_with_new_session_id( + p_param->p_remote_ip, + p_param->p_hostinfo, + p_extra_header_fields); + } + } if (flag_check) { - return http_server_resp_401_auth_ruuvi(p_param->p_hostinfo, flag_auth_default); + return http_server_resp_401_auth_ruuvi(p_param->p_hostinfo, auth_type); } return http_server_resp_401_auth_ruuvi_with_new_session_id( p_param->p_remote_ip, p_param->p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); } const http_server_auth_ruuvi_authorized_session_t* const p_authorized_session @@ -207,19 +221,26 @@ http_server_handle_req_get_auth_ruuvi( { if (flag_check) { - return http_server_resp_401_auth_ruuvi(p_param->p_hostinfo, flag_auth_default); + return http_server_resp_401_auth_ruuvi(p_param->p_hostinfo, auth_type); + } + if (HTTP_SERVER_AUTH_TYPE_ALLOW == auth_type) + { + return http_server_resp_200_auth_allow_with_new_session_id( + p_param->p_remote_ip, + p_param->p_hostinfo, + p_extra_header_fields); } return http_server_resp_401_auth_ruuvi_with_new_session_id( p_param->p_remote_ip, p_param->p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); } const http_server_resp_auth_json_t* p_auth_json = http_server_fill_auth_json( p_param->p_hostinfo, - flag_auth_default ? HTTP_SERVER_AUTH_TYPE_DEFAULT : HTTP_SERVER_AUTH_TYPE_RUUVI, + auth_type, p_param->flag_access_from_lan, NULL); return http_server_resp_200_json(p_auth_json->buf); @@ -269,17 +290,29 @@ http_server_handle_req_get_or_check_auth( switch (p_param->p_auth_info->auth_type) { case HTTP_SERVER_AUTH_TYPE_ALLOW: - return http_server_handle_req_get_auth_allow(p_param->p_hostinfo, p_param->flag_access_from_lan); + return http_server_handle_req_get_auth_ruuvi( + p_param, + flag_check, + p_param->p_auth_info->auth_type, + p_extra_header_fields); case HTTP_SERVER_AUTH_TYPE_BASIC: return http_server_handle_req_get_auth_basic(p_param, p_extra_header_fields); case HTTP_SERVER_AUTH_TYPE_DIGEST: return http_server_handle_req_get_auth_digest(p_param, p_extra_header_fields); case HTTP_SERVER_AUTH_TYPE_RUUVI: - return http_server_handle_req_get_auth_ruuvi(p_param, flag_check, false, p_extra_header_fields); + return http_server_handle_req_get_auth_ruuvi( + p_param, + flag_check, + p_param->p_auth_info->auth_type, + p_extra_header_fields); case HTTP_SERVER_AUTH_TYPE_DENY: return http_server_handle_req_get_auth_deny(p_param->p_hostinfo); case HTTP_SERVER_AUTH_TYPE_DEFAULT: - return http_server_handle_req_get_auth_ruuvi(p_param, flag_check, true, p_extra_header_fields); + return http_server_handle_req_get_auth_ruuvi( + p_param, + flag_check, + p_param->p_auth_info->auth_type, + p_extra_header_fields); case HTTP_SERVER_AUTH_TYPE_BEARER: return http_server_resp_500(); } @@ -312,5 +345,6 @@ http_server_handle_req_get_auth( { return http_server_handle_req_get_auth_allow(p_param->p_hostinfo, p_param->flag_access_from_lan); } - return http_server_handle_req_get_or_check_auth(p_param, false, p_extra_header_fields, NULL); + const bool flag_check = false; + return http_server_handle_req_get_or_check_auth(p_param, flag_check, p_extra_header_fields, NULL); } diff --git a/src/http_server_handle_req_post_auth.c b/src/http_server_handle_req_post_auth.c index dd9c9461..48cd7fe8 100644 --- a/src/http_server_handle_req_post_auth.c +++ b/src/http_server_handle_req_post_auth.c @@ -117,27 +117,13 @@ http_server_auth_ruuvi_gen_hashed_password( return true; } -static void -http_server_auth_ruuvi_add_authorized_session( - http_server_auth_ruuvi_t* const p_auth_ruuvi, - const http_server_auth_ruuvi_session_id_t* const p_session_id, - const sta_ip_string_t* const p_remote_ip) -{ - for (int32_t i = HTTP_SERVER_AUTH_RUUVI_MAX_NUM_SESSIONS - 1; i > 0; --i) - { - p_auth_ruuvi->authorized_sessions[i] = p_auth_ruuvi->authorized_sessions[i - 1]; - } - p_auth_ruuvi->authorized_sessions[0].session_id = *p_session_id; - p_auth_ruuvi->authorized_sessions[0].remote_ip = *p_remote_ip; -} - static bool http_server_handle_req_post_auth_check_login_session( const http_server_auth_ruuvi_login_session_t* const p_login_session, const http_server_auth_ruuvi_session_id_t* p_session_id, const sta_ip_string_t* const p_remote_ip, const wifiman_hostinfo_t* const p_hostinfo, - const bool flag_auth_default, + const http_server_auth_type_e auth_type, http_header_extra_fields_t* const p_extra_header_fields, http_server_resp_t* const p_resp) { @@ -148,7 +134,7 @@ http_server_handle_req_post_auth_check_login_session( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); return false; } @@ -162,7 +148,7 @@ http_server_handle_req_post_auth_check_login_session( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); return false; } @@ -173,7 +159,7 @@ http_server_handle_req_post_auth_check_login_session( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); return false; } @@ -183,7 +169,7 @@ http_server_handle_req_post_auth_check_login_session( http_server_resp_t http_server_handle_req_post_auth_check_auth( http_server_auth_ruuvi_req_t* const p_auth_req, - const bool flag_auth_default, + const http_server_auth_type_e auth_type, const sta_ip_string_t* const p_remote_ip, const http_req_body_t http_body, const http_server_auth_info_t* const p_auth_info, @@ -197,7 +183,7 @@ http_server_handle_req_post_auth_check_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); } if ('\0' == p_auth_req->username.buf[0]) @@ -207,7 +193,7 @@ http_server_handle_req_post_auth_check_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, "The username is empty"); } if (0 != strcmp(p_auth_info->auth_user.buf, p_auth_req->username.buf)) @@ -217,7 +203,7 @@ http_server_handle_req_post_auth_check_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, "Incorrect username"); } wifiman_sha256_digest_hex_str_t* p_password_hash = os_calloc(1, sizeof(*p_password_hash)); @@ -238,7 +224,7 @@ http_server_handle_req_post_auth_check_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, NULL); } if (0 != strcmp(p_password_hash->buf, p_auth_req->password.buf)) @@ -252,7 +238,7 @@ http_server_handle_req_post_auth_check_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + auth_type, "Incorrect password"); } os_free(p_password_hash); @@ -285,8 +271,6 @@ http_server_handle_req_post_auth( return http_server_resp_503(); } - const bool flag_auth_default = (HTTP_SERVER_AUTH_TYPE_DEFAULT == p_auth_info->auth_type) ? true : false; - http_server_auth_ruuvi_session_id_t session_id = { 0 }; if (!http_server_auth_ruuvi_get_session_id_from_cookies(http_header, &session_id)) { @@ -295,7 +279,7 @@ http_server_handle_req_post_auth( p_remote_ip, p_hostinfo, p_extra_header_fields, - flag_auth_default, + p_auth_info->auth_type, NULL); } const http_server_auth_ruuvi_prev_url_t prev_url = http_server_auth_ruuvi_get_prev_url_from_cookies(http_header); @@ -308,7 +292,7 @@ http_server_handle_req_post_auth( &session_id, p_remote_ip, p_hostinfo, - flag_auth_default, + p_auth_info->auth_type, p_extra_header_fields, &resp)) { @@ -323,7 +307,7 @@ http_server_handle_req_post_auth( } resp = http_server_handle_req_post_auth_check_auth( p_auth_req, - flag_auth_default, + p_auth_info->auth_type, p_remote_ip, http_body, p_auth_info, @@ -349,7 +333,7 @@ http_server_handle_req_post_auth( } const http_server_resp_auth_json_t* p_auth_json = http_server_fill_auth_json( p_hostinfo, - flag_auth_default ? HTTP_SERVER_AUTH_TYPE_DEFAULT : HTTP_SERVER_AUTH_TYPE_RUUVI, + p_auth_info->auth_type, flag_access_from_lan, NULL); return http_server_resp_200_json(p_auth_json->buf); diff --git a/src/http_server_resp.c b/src/http_server_resp.c index eb4261f0..0078e467 100644 --- a/src/http_server_resp.c +++ b/src/http_server_resp.c @@ -476,7 +476,7 @@ http_server_resp_401_auth_ruuvi_with_new_session_id( const sta_ip_string_t* const p_remote_ip, const wifiman_hostinfo_t* const p_hostinfo, http_header_extra_fields_t* const p_extra_header_fields, - const bool flag_auth_default, + const http_server_auth_type_e lan_auth_type, const char* const p_err_message) { http_server_auth_ruuvi_t* const p_auth_info = http_server_auth_ruuvi_get_info(); @@ -495,25 +495,58 @@ http_server_resp_401_auth_ruuvi_with_new_session_id( const http_server_resp_auth_json_t* const p_auth_json = http_server_fill_auth_json( p_hostinfo, - flag_auth_default ? HTTP_SERVER_AUTH_TYPE_DEFAULT : HTTP_SERVER_AUTH_TYPE_RUUVI, + lan_auth_type, flag_access_from_lan, p_err_message); return http_server_resp_401_json(p_auth_json); } http_server_resp_t -http_server_resp_401_auth_ruuvi(const wifiman_hostinfo_t* const p_hostinfo, const bool flag_auth_default) +http_server_resp_401_auth_ruuvi(const wifiman_hostinfo_t* const p_hostinfo, const http_server_auth_type_e lan_auth_type) { const bool flag_access_from_lan = true; const http_server_resp_auth_json_t* const p_auth_json = http_server_fill_auth_json( p_hostinfo, - flag_auth_default ? HTTP_SERVER_AUTH_TYPE_DEFAULT : HTTP_SERVER_AUTH_TYPE_RUUVI, + lan_auth_type, flag_access_from_lan, NULL); return http_server_resp_401_json(p_auth_json); } +http_server_resp_t +http_server_resp_200_auth_allow_with_new_session_id( + const sta_ip_string_t* const p_remote_ip, + const wifiman_hostinfo_t* const p_hostinfo, + http_header_extra_fields_t* const p_extra_header_fields) +{ + http_server_auth_ruuvi_t* const p_auth_info = http_server_auth_ruuvi_get_info(); + http_server_auth_ruuvi_login_session_t* const p_login_session = &p_auth_info->login_session; + + http_server_login_session_init(p_login_session, p_remote_ip); + + if (wifiman_sha256_is_empty_digest_hex_str(&p_login_session->challenge)) + { + return http_server_resp_503(); + } + + http_server_resp_auth_ruuvi_prep_www_authenticate_header(p_hostinfo, p_login_session, p_extra_header_fields); + + http_server_auth_ruuvi_add_authorized_session( + http_server_auth_ruuvi_get_info(), + &p_login_session->session_id, + p_remote_ip); + + const bool flag_access_from_lan = true; + + const http_server_resp_auth_json_t* const p_auth_json = http_server_fill_auth_json( + p_hostinfo, + HTTP_SERVER_AUTH_TYPE_ALLOW, + flag_access_from_lan, + NULL); + return http_server_resp_200_json(p_auth_json->buf); +} + http_server_resp_t http_server_resp_403_auth_deny(const wifiman_hostinfo_t* const p_hostinfo) { diff --git a/src/include/http_server_resp.h b/src/include/http_server_resp.h index 1a380b3a..3cbc6ccc 100644 --- a/src/include/http_server_resp.h +++ b/src/include/http_server_resp.h @@ -124,11 +124,19 @@ http_server_resp_401_auth_ruuvi_with_new_session_id( const sta_ip_string_t* const p_remote_ip, const wifiman_hostinfo_t* const p_hostinfo, http_header_extra_fields_t* const p_extra_header_fields, - const bool flag_auth_default, + const http_server_auth_type_e lan_auth_type, const char* const p_err_message); http_server_resp_t -http_server_resp_401_auth_ruuvi(const wifiman_hostinfo_t* const p_hostinfo, const bool flag_auth_default); +http_server_resp_401_auth_ruuvi( + const wifiman_hostinfo_t* const p_hostinfo, + const http_server_auth_type_e lan_auth_type); + +http_server_resp_t +http_server_resp_200_auth_allow_with_new_session_id( + const sta_ip_string_t* const p_remote_ip, + const wifiman_hostinfo_t* const p_hostinfo, + http_header_extra_fields_t* const p_extra_header_fields); http_server_resp_t http_server_resp_403_auth_deny(const wifiman_hostinfo_t* const p_hostinfo); diff --git a/tests/test_http_server_handle_req_get_auth/test_http_server_handle_req_get_auth.cpp b/tests/test_http_server_handle_req_get_auth/test_http_server_handle_req_get_auth.cpp index 185ff79c..10026835 100644 --- a/tests/test_http_server_handle_req_get_auth/test_http_server_handle_req_get_auth.cpp +++ b/tests/test_http_server_handle_req_get_auth/test_http_server_handle_req_get_auth.cpp @@ -28,6 +28,8 @@ class TestHttpServerHandleReqGetAuth : public ::testing::Test SetUp() override { this->m_idx_random_value = 0; + std::fill(arr_of_random_values.begin(), arr_of_random_values.end(), 0); + set_random_values(this->arr_of_random_values.data(), this->arr_of_random_values.size()); http_server_auth_clear_authorized_sessions(); } @@ -39,9 +41,10 @@ class TestHttpServerHandleReqGetAuth : public ::testing::Test } public: - const uint32_t* m_p_random_values; - size_t m_num_random_values; - size_t m_idx_random_value; + const uint32_t* m_p_random_values; + size_t m_num_random_values; + size_t m_idx_random_value; + std::array arr_of_random_values; TestHttpServerHandleReqGetAuth(); @@ -90,7 +93,224 @@ esp_random(void) /*** Unit-Tests *******************************************************************************************************/ -TEST_F(TestHttpServerHandleReqGetAuth, test_auth_allow) // NOLINT +TEST_F(TestHttpServerHandleReqGetAuth, test_req_get_auth_allow) // NOLINT +{ + { + const http_server_auth_info_t auth_info = { + HTTP_SERVER_AUTH_TYPE_ALLOW, + "", + "", + }; + const wifiman_hostinfo_t hostinfo = { + .hostname = { "RuuviGatewayEEFF" }, + .fw_ver = { "1.13.0" }, + .nrf52_fw_ver = { "1.0.0" }, + }; + + const http_req_header_t http_header = { "" }; + const sta_ip_string_t remote_ip = { "192.168.1.10" }; + http_header_extra_fields_t extra_header_fields = { .buf = { '\0' } }; + + const http_server_handle_req_auth_param_t param = { + .flag_access_from_lan = true, + .flag_check_rw_access_with_bearer_token = false, + .http_header = http_header, + .p_remote_ip = &remote_ip, + .p_auth_info = &auth_info, + .p_hostinfo = &hostinfo, + }; + + const http_server_resp_t resp = http_server_handle_req_get_auth(¶m, &extra_header_fields); + const string exp_json_resp + = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_TRUE(resp.flag_no_cache); + ASSERT_TRUE(resp.flag_add_header_date); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ(exp_json_resp, string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ(exp_json_resp.length(), resp.content_len); + ASSERT_EQ( + string("WWW-Authenticate: x-ruuvi-interactive realm=\"RuuviGatewayEEFF\" " + "challenge=\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\" " + "session_cookie=\"RUUVISESSION\" session_id=\"AAAAAAAAAAAAAAAA\"\r\n" + "Set-Cookie: RUUVISESSION=AAAAAAAAAAAAAAAA\r\n"), + string(extra_header_fields.buf)); + } + { + const http_server_auth_info_t auth_info = { + HTTP_SERVER_AUTH_TYPE_ALLOW, + "", + "", + }; + const wifiman_hostinfo_t hostinfo = { + .hostname = { "RuuviGatewayEEFF" }, + .fw_ver = { "1.13.0" }, + .nrf52_fw_ver = { "1.0.0" }, + }; + + const http_req_header_t http_header = { "Cookie: RUUVISESSION=QQQQQQQQQQQQQQQQ\r\n" }; + const sta_ip_string_t remote_ip = { "192.168.1.10" }; + http_header_extra_fields_t extra_header_fields = { .buf = { '\0' } }; + + const http_server_handle_req_auth_param_t param = { + .flag_access_from_lan = true, + .flag_check_rw_access_with_bearer_token = false, + .http_header = http_header, + .p_remote_ip = &remote_ip, + .p_auth_info = &auth_info, + .p_hostinfo = &hostinfo, + }; + + bool flag_access_by_bearer_token = false; + const http_server_resp_t resp = http_server_handle_req_check_auth( + ¶m, + &extra_header_fields, + &flag_access_by_bearer_token); + const string exp_json_resp + = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_EQ(HTTP_RESP_CODE_401, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_TRUE(resp.flag_no_cache); + ASSERT_TRUE(resp.flag_add_header_date); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ(exp_json_resp, string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ(exp_json_resp.length(), resp.content_len); + ASSERT_EQ(string(""), string(extra_header_fields.buf)); + } + { + const http_server_auth_info_t auth_info = { + HTTP_SERVER_AUTH_TYPE_ALLOW, + "", + "", + }; + const wifiman_hostinfo_t hostinfo = { + .hostname = { "RuuviGatewayEEFF" }, + .fw_ver = { "1.13.0" }, + .nrf52_fw_ver = { "1.0.0" }, + }; + + const http_req_header_t http_header = { "Cookie: RUUVISESSION=AAAAAAAAAAAAAAAA\r\n" }; + const sta_ip_string_t remote_ip = { "192.168.1.10" }; + http_header_extra_fields_t extra_header_fields = { .buf = { '\0' } }; + + const http_server_handle_req_auth_param_t param = { + .flag_access_from_lan = true, + .flag_check_rw_access_with_bearer_token = false, + .http_header = http_header, + .p_remote_ip = &remote_ip, + .p_auth_info = &auth_info, + .p_hostinfo = &hostinfo, + }; + + bool flag_access_by_bearer_token = false; + const http_server_resp_t resp = http_server_handle_req_check_auth( + ¶m, + &extra_header_fields, + &flag_access_by_bearer_token); + const string exp_json_resp + = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_TRUE(resp.flag_no_cache); + ASSERT_TRUE(resp.flag_add_header_date); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ(exp_json_resp, string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ(exp_json_resp.length(), resp.content_len); + ASSERT_EQ(string(""), string(extra_header_fields.buf)); + } + { + const http_server_auth_info_t auth_info = { + HTTP_SERVER_AUTH_TYPE_ALLOW, + "", + "", + }; + const wifiman_hostinfo_t hostinfo = { + .hostname = { "RuuviGatewayEEFF" }, + .fw_ver = { "1.13.0" }, + .nrf52_fw_ver = { "1.0.0" }, + }; + + const http_req_header_t http_header = { "Cookie: RUUVISESSION=AAAAAAAAAAAAAAAA\r\n" }; + const sta_ip_string_t remote_ip = { "192.168.1.10" }; + http_header_extra_fields_t extra_header_fields = { .buf = { '\0' } }; + + const http_server_handle_req_auth_param_t param = { + .flag_access_from_lan = true, + .flag_check_rw_access_with_bearer_token = false, + .http_header = http_header, + .p_remote_ip = &remote_ip, + .p_auth_info = &auth_info, + .p_hostinfo = &hostinfo, + }; + + const http_server_resp_t resp = http_server_handle_req_get_auth(¶m, &extra_header_fields); + const string exp_json_resp + = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_TRUE(resp.flag_no_cache); + ASSERT_TRUE(resp.flag_add_header_date); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ(exp_json_resp, string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ(exp_json_resp.length(), resp.content_len); + ASSERT_EQ(string(""), string(extra_header_fields.buf)); + } + { + const http_server_auth_info_t auth_info = { + HTTP_SERVER_AUTH_TYPE_ALLOW, + "", + "", + }; + const wifiman_hostinfo_t hostinfo = { + .hostname = { "RuuviGatewayEEFF" }, + .fw_ver = { "1.13.0" }, + .nrf52_fw_ver = { "1.0.0" }, + }; + + const http_req_header_t http_header = { "Cookie: RUUVISESSION=QQQQQQQQQQQQQQQQ\r\n" }; + const sta_ip_string_t remote_ip = { "192.168.1.10" }; + http_header_extra_fields_t extra_header_fields = { .buf = { '\0' } }; + + const http_server_handle_req_auth_param_t param = { + .flag_access_from_lan = true, + .flag_check_rw_access_with_bearer_token = false, + .http_header = http_header, + .p_remote_ip = &remote_ip, + .p_auth_info = &auth_info, + .p_hostinfo = &hostinfo, + }; + + const http_server_resp_t resp = http_server_handle_req_get_auth(¶m, &extra_header_fields); + const string exp_json_resp + = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_TRUE(resp.flag_no_cache); + ASSERT_TRUE(resp.flag_add_header_date); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ(exp_json_resp, string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ(exp_json_resp.length(), resp.content_len); + ASSERT_EQ( + string("WWW-Authenticate: x-ruuvi-interactive realm=\"RuuviGatewayEEFF\" " + "challenge=\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\" " + "session_cookie=\"RUUVISESSION\" session_id=\"AAAAAAAAAAAAAAAA\"\r\n" + "Set-Cookie: RUUVISESSION=AAAAAAAAAAAAAAAA\r\n"), + string(extra_header_fields.buf)); + } +} + +TEST_F(TestHttpServerHandleReqGetAuth, test_req_check_auth_allow) // NOLINT { const http_server_auth_info_t auth_info = { HTTP_SERVER_AUTH_TYPE_ALLOW, @@ -116,9 +336,14 @@ TEST_F(TestHttpServerHandleReqGetAuth, test_auth_allow) // NOLINT .p_hostinfo = &hostinfo, }; - const http_server_resp_t resp = http_server_handle_req_get_auth(¶m, &extra_header_fields); - const string exp_json_resp + bool flag_access_by_bearer_token = false; + const http_server_resp_t resp = http_server_handle_req_check_auth( + ¶m, + &extra_header_fields, + &flag_access_by_bearer_token); + const string exp_json_resp = R"({"gateway_name": "RuuviGatewayEEFF", "fw_ver": "1.13.0", "nrf52_fw_ver": "1.0.0", "lan_auth_type": "lan_auth_allow", "lan": true})"; + ASSERT_FALSE(flag_access_by_bearer_token); ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); ASSERT_TRUE(resp.flag_no_cache); diff --git a/tests/test_http_server_resp/test_http_server_resp.cpp b/tests/test_http_server_resp/test_http_server_resp.cpp index 7f42b60f..061eb8d2 100644 --- a/tests/test_http_server_resp/test_http_server_resp.cpp +++ b/tests/test_http_server_resp/test_http_server_resp.cpp @@ -7,6 +7,7 @@ #include "gtest/gtest.h" #include "http_server_resp.h" +#include "http_server_auth.h" #include using namespace std; @@ -21,6 +22,7 @@ class TestHttpServerResp : public ::testing::Test SetUp() override { this->m_idx_random_value = 0; + std::fill(arr_of_random_values.begin(), arr_of_random_values.end(), 0); } void @@ -31,9 +33,10 @@ class TestHttpServerResp : public ::testing::Test } public: - const uint32_t* m_p_random_values; - size_t m_num_random_values; - size_t m_idx_random_value; + const uint32_t* m_p_random_values; + size_t m_num_random_values; + size_t m_idx_random_value; + std::array arr_of_random_values; TestHttpServerResp(); @@ -346,3 +349,43 @@ TEST_F(TestHttpServerResp, resp_data_from_file_octet_stream) // NOLINT ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); ASSERT_EQ(sock, resp.select_location.fatfs.fd); } + +TEST_F(TestHttpServerResp, test_http_server_resp_200_auth_allow_with_new_session_id) // NOLINT +{ + const bool flag_no_cache = true; + const sta_ip_string_t remote_ip = { "192.168.1.110" }; + const wifiman_hostinfo_t hostinfo = { .hostname = { "hostname" }, + .fw_ver = { "v1.15.0" }, + .nrf52_fw_ver = { "v1.0.0" } }; + http_header_extra_fields_t extra_header_fields = { '\0' }; + + std::fill(arr_of_random_values.begin(), arr_of_random_values.end(), 0); + set_random_values(this->arr_of_random_values.data(), this->arr_of_random_values.size()); + + const http_server_resp_t resp = http_server_resp_200_auth_allow_with_new_session_id( + &remote_ip, + &hostinfo, + &extra_header_fields); + ASSERT_EQ(HTTP_RESP_CODE_200, resp.http_resp_code); + ASSERT_EQ(HTTP_CONTENT_LOCATION_STATIC_MEM, resp.content_location); + ASSERT_EQ(flag_no_cache, resp.flag_no_cache); + ASSERT_EQ(HTTP_CONTENT_TYPE_APPLICATION_JSON, resp.content_type); + ASSERT_EQ(nullptr, resp.p_content_type_param); + ASSERT_EQ(123, resp.content_len); + ASSERT_EQ(HTTP_CONTENT_ENCODING_NONE, resp.content_encoding); + ASSERT_EQ( + "{\"gateway_name\": \"hostname\", \"fw_ver\": \"v1.15.0\", \"nrf52_fw_ver\": \"v1.0.0\", \"lan_auth_type\": " + "\"lan_auth_allow\", \"lan\": true}", + string(reinterpret_cast(resp.select_location.memory.p_buf))); + ASSERT_EQ( + "WWW-Authenticate: x-ruuvi-interactive realm=\"hostname\" " + "challenge=\"66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925\" " + "session_cookie=\"RUUVISESSION\" session_id=\"AAAAAAAAAAAAAAAA\"\r\n" + "Set-Cookie: RUUVISESSION=AAAAAAAAAAAAAAAA\r\n", + string(extra_header_fields.buf)); + + const http_server_auth_ruuvi_t* const p_auth = http_server_auth_ruuvi_get_info(); + const http_server_auth_ruuvi_authorized_session_t* const p_session = &p_auth->authorized_sessions[0]; + ASSERT_EQ("AAAAAAAAAAAAAAAA", string(p_session->session_id.buf)); + ASSERT_EQ(string(remote_ip.buf), string(p_session->remote_ip.buf)); +}