Rename NoErrorContinuesExecution to ContinueOnIgnoredError, improve docs, add additional tests

aldas · aldas · commit c3edf890bc85 · 2022-01-10T21:09:22.000+02:00
diff --git a/middleware/csrf_test.go b/middleware/csrf_test.go
@@ -24,6 +24,18 @@ func TestCSRF_tokenExtractors(t *testing.T) {
 		givenHeaderTokens map[string][]string
 		expectError       string
 	}{
+		{
+			name:            "ok, multiple token lookups sources, succeeds on last one",
+			whenTokenLookup: "header:X-CSRF-Token,form:csrf",
+			givenCSRFCookie: "token",
+			givenMethod:     http.MethodPost,
+			givenHeaderTokens: map[string][]string{
+				echo.HeaderXCSRFToken: {"invalid_token"},
+			},
+			givenFormTokens: map[string][]string{
+				"csrf": {"token"},
+			},
+		},
 		{
 			name:            "ok, token from POST form",
 			whenTokenLookup: "form:csrf",
diff --git a/middleware/jwt.go b/middleware/jwt.go
@@ -32,12 +32,12 @@ type (
 		// ErrorHandlerWithContext is almost identical to ErrorHandler, but it's passed the current context.
 		ErrorHandlerWithContext JWTErrorHandlerWithContext
 
-		// NoErrorContinuesExecution allows next middleware/handler to be called when ErrorHandlerWithContext decides to
-		// swallow the error (returns nil).
-		// This is useful in cases when portion of your site/api is publicly accessible and has extra features for authorized
-		// users. In that case you can use ErrorHandlerWithContext to set default public JWT token value to request and
-		// continue with handler chain. Assuming logic downstream execution chain has to check that (public) token value.
-		NoErrorContinuesExecution bool
+		// ContinueOnIgnoredError allows the next middleware/handler to be called when ErrorHandlerWithContext decides to
+		// ignore the error (by returning `nil`).
+		// This is useful when parts of your site/api allow public access and some authorized routes provide extra functionality.
+		// In that case you can use ErrorHandlerWithContext to set a default public JWT token value in the request context
+		// and continue. Some logic down the remaining execution chain needs to check that (public) token value then.
+		ContinueOnIgnoredError bool
 
 		// Signing key to validate token.
 		// This is one of the three options to provide a token validation key.
@@ -79,7 +79,7 @@ type (
 		// - "cookie:<name>"
 		// - "form:<name>"
 		// Multiple sources example:
-		// - "header:Authorization ,cookie:myowncookie"
+		// - "header:Authorization,cookie:myowncookie"
 		TokenLookup string
 
 		// TokenLookupFuncs defines a list of user-defined functions that extract JWT token from the given context.
@@ -242,7 +242,7 @@ func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc {
 			}
 			if config.ErrorHandlerWithContext != nil {
 				tmpErr := config.ErrorHandlerWithContext(err, c)
-				if config.NoErrorContinuesExecution && tmpErr == nil {
+				if config.ContinueOnIgnoredError && tmpErr == nil {
 					return next(c)
 				}
 				return tmpErr
diff --git a/middleware/jwt_test.go b/middleware/jwt_test.go
@@ -704,42 +704,42 @@ func TestJWTConfig_SuccessHandler(t *testing.T) {
 	}
 }
 
-func TestJWTConfig_NoErrorContinuesExecution(t *testing.T) {
+func TestJWTConfig_ContinueOnIgnoredError(t *testing.T) {
 	var testCases = []struct {
-		name                          string
-		whenNoErrorContinuesExecution bool
-		givenToken                    string
-		expectStatus                  int
-		expectBody                    string
+		name                       string
+		whenContinueOnIgnoredError bool
+		givenToken                 string
+		expectStatus               int
+		expectBody                 string
 	}{
 		{
-			name:                          "no error handler is called",
-			whenNoErrorContinuesExecution: true,
-			givenToken:                    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
-			expectStatus:                  http.StatusTeapot,
-			expectBody:                    "",
+			name:                       "no error handler is called",
+			whenContinueOnIgnoredError: true,
+			givenToken:                 "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ",
+			expectStatus:               http.StatusTeapot,
+			expectBody:                 "",
 		},
 		{
-			name:                          "NoErrorContinuesExecution is false and error handler is called for missing token",
-			whenNoErrorContinuesExecution: false,
-			givenToken:                    "",
+			name:                       "ContinueOnIgnoredError is false and error handler is called for missing token",
+			whenContinueOnIgnoredError: false,
+			givenToken:                 "",
 			// empty response with 200. This emulates previous behaviour when error handler swallowed the error
 			expectStatus: http.StatusOK,
 			expectBody:   "",
 		},
 		{
-			name:                          "error handler is called for missing token",
-			whenNoErrorContinuesExecution: true,
-			givenToken:                    "",
-			expectStatus:                  http.StatusTeapot,
-			expectBody:                    "public-token",
+			name:                       "error handler is called for missing token",
+			whenContinueOnIgnoredError: true,
+			givenToken:                 "",
+			expectStatus:               http.StatusTeapot,
+			expectBody:                 "public-token",
 		},
 		{
-			name:                          "error handler is called for invalid token",
-			whenNoErrorContinuesExecution: true,
-			givenToken:                    "x.x.x",
-			expectStatus:                  http.StatusUnauthorized,
-			expectBody:                    "{\"message\":\"Unauthorized\"}\n",
+			name:                       "error handler is called for invalid token",
+			whenContinueOnIgnoredError: true,
+			givenToken:                 "x.x.x",
+			expectStatus:               http.StatusUnauthorized,
+			expectBody:                 "{\"message\":\"Unauthorized\"}\n",
 		},
 	}
 
@@ -753,8 +753,8 @@ func TestJWTConfig_NoErrorContinuesExecution(t *testing.T) {
 			})
 
 			e.Use(JWTWithConfig(JWTConfig{
-				NoErrorContinuesExecution: tc.whenNoErrorContinuesExecution,
-				SigningKey:                []byte("secret"),
+				ContinueOnIgnoredError: tc.whenContinueOnIgnoredError,
+				SigningKey:             []byte("secret"),
 				ErrorHandlerWithContext: func(err error, c echo.Context) error {
 					if err == ErrJWTMissing {
 						c.Set("test", "public-token")
diff --git a/middleware/key_auth.go b/middleware/key_auth.go
@@ -40,12 +40,12 @@ type (
 		// It may be used to define a custom error.
 		ErrorHandler KeyAuthErrorHandler
 
-		// NoErrorContinuesExecution allows next middleware/handler to be called when ErrorHandler decides to swallow
-		// the error (returns nil).
-		// This is useful in cases when portion of your site/api is publicly accessible and has extra features for valid
-		// requests. In that case you can use ErrorHandler to set default public auth values to request and continue with
-		// handler chain. Assuming logic downstream execution chain has to check that (public) auth value.
-		NoErrorContinuesExecution bool
+		// ContinueOnIgnoredError allows the next middleware/handler to be called when ErrorHandler decides to
+		// ignore the error (by returning `nil`).
+		// This is useful when parts of your site/api allow public access and some authorized routes provide extra functionality.
+		// In that case you can use ErrorHandler to set a default public key auth value in the request context
+		// and continue. Some logic down the remaining execution chain needs to check that (public) key auth value then.
+		ContinueOnIgnoredError bool
 	}
 
 	// KeyAuthValidator defines a function to validate KeyAuth credentials.
@@ -162,7 +162,7 @@ func KeyAuthWithConfig(config KeyAuthConfig) echo.MiddlewareFunc {
 
 			if config.ErrorHandler != nil {
 				tmpErr := config.ErrorHandler(err, c)
-				if config.NoErrorContinuesExecution && tmpErr == nil {
+				if config.ContinueOnIgnoredError && tmpErr == nil {
 					return next(c)
 				}
 				return tmpErr
diff --git a/middleware/key_auth_test.go b/middleware/key_auth_test.go
@@ -92,6 +92,17 @@ func TestKeyAuthWithConfig(t *testing.T) {
 			expectHandlerCalled: false,
 			expectError:         "code=400, message=missing key in request header",
 		},
+		{
+			name: "ok, custom key lookup from multiple places, query and header",
+			givenRequest: func(req *http.Request) {
+				req.URL.RawQuery = "key=invalid-key"
+				req.Header.Set("API-Key", "valid-key")
+			},
+			whenConfig: func(conf *KeyAuthConfig) {
+				conf.KeyLookup = "query:key,header:API-Key"
+			},
+			expectHandlerCalled: true,
+		},
 		{
 			name: "ok, custom key lookup, header",
 			givenRequest: func(req *http.Request) {
@@ -289,42 +300,42 @@ func TestKeyAuthWithConfig_panicsOnEmptyValidator(t *testing.T) {
 	)
 }
 
-func TestKeyAuthWithConfig_NoErrorContinuesExecution(t *testing.T) {
+func TestKeyAuthWithConfig_ContinueOnIgnoredError(t *testing.T) {
 	var testCases = []struct {
-		name                          string
-		whenNoErrorContinuesExecution bool
-		givenKey                      string
-		expectStatus                  int
-		expectBody                    string
+		name                       string
+		whenContinueOnIgnoredError bool
+		givenKey                   string
+		expectStatus               int
+		expectBody                 string
 	}{
 		{
-			name:                          "no error handler is called",
-			whenNoErrorContinuesExecution: true,
-			givenKey:                      "valid-key",
-			expectStatus:                  http.StatusTeapot,
-			expectBody:                    "",
+			name:                       "no error handler is called",
+			whenContinueOnIgnoredError: true,
+			givenKey:                   "valid-key",
+			expectStatus:               http.StatusTeapot,
+			expectBody:                 "",
 		},
 		{
-			name:                          "NoErrorContinuesExecution is false and error handler is called for missing token",
-			whenNoErrorContinuesExecution: false,
-			givenKey:                      "",
+			name:                       "ContinueOnIgnoredError is false and error handler is called for missing token",
+			whenContinueOnIgnoredError: false,
+			givenKey:                   "",
 			// empty response with 200. This emulates previous behaviour when error handler swallowed the error
 			expectStatus: http.StatusOK,
 			expectBody:   "",
 		},
 		{
-			name:                          "error handler is called for missing token",
-			whenNoErrorContinuesExecution: true,
-			givenKey:                      "",
-			expectStatus:                  http.StatusTeapot,
-			expectBody:                    "public-auth",
+			name:                       "error handler is called for missing token",
+			whenContinueOnIgnoredError: true,
+			givenKey:                   "",
+			expectStatus:               http.StatusTeapot,
+			expectBody:                 "public-auth",
 		},
 		{
-			name:                          "error handler is called for invalid token",
-			whenNoErrorContinuesExecution: true,
-			givenKey:                      "x.x.x",
-			expectStatus:                  http.StatusUnauthorized,
-			expectBody:                    "{\"message\":\"Unauthorized\"}\n",
+			name:                       "error handler is called for invalid token",
+			whenContinueOnIgnoredError: true,
+			givenKey:                   "x.x.x",
+			expectStatus:               http.StatusUnauthorized,
+			expectBody:                 "{\"message\":\"Unauthorized\"}\n",
 		},
 	}
 
@@ -346,8 +357,8 @@ func TestKeyAuthWithConfig_NoErrorContinuesExecution(t *testing.T) {
 					}
 					return echo.ErrUnauthorized
 				},
-				KeyLookup:                 "header:X-API-Key",
-				NoErrorContinuesExecution: tc.whenNoErrorContinuesExecution,
+				KeyLookup:              "header:X-API-Key",
+				ContinueOnIgnoredError: tc.whenContinueOnIgnoredError,
 			}))
 
 			req := httptest.NewRequest(http.MethodGet, "/", nil)
