auth
auth copied to clipboard
BasicAuth fails in scary ways when using Classic() + static content
Based on the readme, I should be able to do something like:
m := martini.Classic()
m.Use(auth.Basic("username", "secretpassword"))
m.Run()
However, when serving static files via "./public" under Classic mode, none of the static files are authenticated, unless their content does not exist (all content that exists is not subject to basic auth).
You can verify the tests by modifying them like this:
diff --git a/basic_test.go b/basic_test.go
index b4f057b..616d756 100644
--- a/basic_test.go
+++ b/basic_test.go
@@ -13,11 +13,14 @@ func Test_BasicAuth(t *testing.T) {
auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))
- m := martini.New()
+ m := martini.Classic()
m.Use(Basic("foo", "bar"))
m.Use(func(res http.ResponseWriter, req *http.Request, u User) {
res.Write([]byte("hello " + u))
})
+ m.Get("/foo", func() string {
+ return "bar"
+ })
r, _ := http.NewRequest("GET", "foo", nil)
If the "public/foo" file exists, tests fail with this:
$ go test
[martini] Started GET foo for
[martini] [Static] Serving foo
[martini] Completed 200 OK in 5.934997ms
[martini] Started GET foo for
[martini] [Static] Serving foo
[martini] Completed 200 OK in 43.234µs
--- FAIL: Test_BasicAuth (0.01s)
basic_test.go:30: Response not 401
basic_test.go:46: Auth failed, got:
FAIL
exit status 1
FAIL github.com/martini-contrib/auth 0.013s
If "public/foo" does not exist, tests pass:
$ go test
[martini] Started GET foo for
[martini] Completed 401 Unauthorized in 92.823µs
[martini] Started GET foo for
[martini] Completed 200 OK in 15.74µs
PASS
ok github.com/martini-contrib/auth 0.007s