search

cjstehno / ersatz

🤖 A simulated HTTP server for testing client code with configurable responses.
https://cjstehno.github.io/ersatz
Apache License 2.0
47 stars 5 forks source link

Authentication Refactoring #138

Closed cjstehno closed 2 years ago

cjstehno commented 2 years ago

The authentication config is currently only one config across the whole server (and only one auth type at a time). This needs to be refactored:

The undertow auth implementations are handler based and would require a lot of work to allow these changes. Create a simple implementation for both BASIC and DIGEST and allow for config at the server and path request (path) level.

Should layers be allowed to override? - meaning if whole server is DIGST with a user and pass, should a request allow a different DIGEST with different user and pass? (probably)

Should this be configured in the server config and then on the server object, or in just the server config... or server config and request config?

Server Config:

new ErsatzServer(cfg -> {
    cfg.authentication(auth -> {
        auth.basic();
        auth.digest();
    });
    cfg.authentication("/safe/**", auth -> {
        auth.basic();
        auth.digest();
    });
});

Request Level:

server.expectations(expect -> {
    expect.GET("/somepath", req -> {
        req.authentication(auth -> {
            auth.digest("foo", "bar");
        });
    });
});

Inside the server config, it would be actual server auth with standard auth response behavior (path based). I guess I could see how hard it would be to have the server-config auth add matchers to all requests.

In the request (path-based) it would be another matcher used to verify that the epxected credentials were met for that path.