Merge pull request #7 from gobuffalo/better-error-handling

better error handling once more

Author: sio4

README.md

@@ -1,17 +1,16 @@
-<p align="center"><img src="https://github.com/gobuffalo/buffalo/blob/master/logo.svg" width="360"></p>
+# mw-basicauth
 
-<p align="center">
-  <a href="https://godoc.org/github.com/gobuffalo/mw-basicauth"><img src="https://godoc.org/github.com/gobuffalo/mw-basicauth?status.svg" alt="GoDoc"></a>
-  <a href="https://travis-ci.org/gobuffalo/mw-basicauth"><img src="https://travis-ci.org/gobuffalo/mw-basicauth.svg?branch=master" alt="Build Status"></a>
-  <a href="https://goreportcard.com/report/github.com/gobuffalo/mw-basicauth"><img src="https://goreportcard.com/badge/github.com/gobuffalo/mw-basicauth" alt="Go Report Card" /></a>
-</p>
+[![Standard Test](https://github.com/gobuffalo/mw-basicauth/actions/workflows/standard-go-test.yml/badge.svg)](https://github.com/gobuffalo/mw-basicauth/actions/workflows/standard-go-test.yml)
+[![Go Reference](https://pkg.go.dev/badge/github.com/gobuffalo/mw-basicauth.svg)](https://pkg.go.dev/github.com/gobuffalo/mw-basicauth)
+[![Go Report Card](https://goreportcard.com/badge/github.com/gobuffalo/mw-basicauth)](https://goreportcard.com/report/github.com/gobuffalo/mw-basicauth)
 
-# [Basic HTTP Authentication](https://tools.ietf.org/html/rfc7617) Middleware for [Buffalo](https://github.com/gobuffalo/buffalo)
+[Basic HTTP Authentication](https://tools.ietf.org/html/rfc7617) Middleware
+for [Buffalo](https://github.com/gobuffalo/buffalo)
 
 ## Installation
 
-```bash
-$ go get -u github.com/gobuffalo/mw-basicauth
+```console
+$ go get github.com/gobuffalo/mw-basicauth
 ```
 
 ## Usage
@@ -20,6 +19,7 @@ $ go get -u github.com/gobuffalo/mw-basicauth
 auth := func(c buffalo.Context, u, p string) (bool, error) {
     return (u == "username" && p == "password"), nil
 }
+
 app.Use(basicauth.Middleware(auth))
 ```
 

SHOULDERS.md

@@ -5,29 +5,19 @@ mw-basicauth does not try to reinvent the wheel! Instead, it uses the already gr
 Thank you to the following **GIANTS**:
 
 * [github.com/BurntSushi/toml](https://godoc.org/github.com/BurntSushi/toml)
-* [github.com/Masterminds/semver/v3](https://godoc.org/github.com/Masterminds/semver/v3)
 * [github.com/aymerick/douceur](https://godoc.org/github.com/aymerick/douceur)
-* [github.com/cockroachdb/apd](https://godoc.org/github.com/cockroachdb/apd)
-* [github.com/coreos/go-systemd](https://godoc.org/github.com/coreos/go-systemd)
 * [github.com/cpuguy83/go-md2man/v2](https://godoc.org/github.com/cpuguy83/go-md2man/v2)
-* [github.com/creack/pty](https://godoc.org/github.com/creack/pty)
 * [github.com/davecgh/go-spew](https://godoc.org/github.com/davecgh/go-spew)
 * [github.com/dustin/go-humanize](https://godoc.org/github.com/dustin/go-humanize)
 * [github.com/fatih/color](https://godoc.org/github.com/fatih/color)
 * [github.com/fatih/structs](https://godoc.org/github.com/fatih/structs)
 * [github.com/felixge/httpsnoop](https://godoc.org/github.com/felixge/httpsnoop)
 * [github.com/fsnotify/fsnotify](https://godoc.org/github.com/fsnotify/fsnotify)
-* [github.com/go-kit/log](https://godoc.org/github.com/go-kit/log)
-* [github.com/go-logfmt/logfmt](https://godoc.org/github.com/go-logfmt/logfmt)
 * [github.com/go-sql-driver/mysql](https://godoc.org/github.com/go-sql-driver/mysql)
-* [github.com/go-stack/stack](https://godoc.org/github.com/go-stack/stack)
-* [github.com/gobuffalo/attrs](https://godoc.org/github.com/gobuffalo/attrs)
 * [github.com/gobuffalo/buffalo](https://godoc.org/github.com/gobuffalo/buffalo)
 * [github.com/gobuffalo/envy](https://godoc.org/github.com/gobuffalo/envy)
 * [github.com/gobuffalo/events](https://godoc.org/github.com/gobuffalo/events)
-* [github.com/gobuffalo/fizz](https://godoc.org/github.com/gobuffalo/fizz)
 * [github.com/gobuffalo/flect](https://godoc.org/github.com/gobuffalo/flect)
-* [github.com/gobuffalo/genny/v2](https://godoc.org/github.com/gobuffalo/genny/v2)
 * [github.com/gobuffalo/github_flavored_markdown](https://godoc.org/github.com/gobuffalo/github_flavored_markdown)
 * [github.com/gobuffalo/grift](https://godoc.org/github.com/gobuffalo/grift)
 * [github.com/gobuffalo/helpers](https://godoc.org/github.com/gobuffalo/helpers)
@@ -36,60 +26,36 @@ Thank you to the following **GIANTS**:
 * [github.com/gobuffalo/logger](https://godoc.org/github.com/gobuffalo/logger)
 * [github.com/gobuffalo/meta](https://godoc.org/github.com/gobuffalo/meta)
 * [github.com/gobuffalo/nulls](https://godoc.org/github.com/gobuffalo/nulls)
-* [github.com/gobuffalo/packd](https://godoc.org/github.com/gobuffalo/packd)
 * [github.com/gobuffalo/plush/v4](https://godoc.org/github.com/gobuffalo/plush/v4)
-* [github.com/gobuffalo/pop/v6](https://godoc.org/github.com/gobuffalo/pop/v6)
 * [github.com/gobuffalo/refresh](https://godoc.org/github.com/gobuffalo/refresh)
 * [github.com/gobuffalo/tags/v3](https://godoc.org/github.com/gobuffalo/tags/v3)
 * [github.com/gobuffalo/validate/v3](https://godoc.org/github.com/gobuffalo/validate/v3)
 * [github.com/gofrs/uuid](https://godoc.org/github.com/gofrs/uuid)
 * [github.com/google/go-cmp](https://godoc.org/github.com/google/go-cmp)
-* [github.com/google/renameio](https://godoc.org/github.com/google/renameio)
 * [github.com/gorilla/css](https://godoc.org/github.com/gorilla/css)
 * [github.com/gorilla/handlers](https://godoc.org/github.com/gorilla/handlers)
 * [github.com/gorilla/mux](https://godoc.org/github.com/gorilla/mux)
 * [github.com/gorilla/securecookie](https://godoc.org/github.com/gorilla/securecookie)
 * [github.com/gorilla/sessions](https://godoc.org/github.com/gorilla/sessions)
 * [github.com/inconshreveable/mousetrap](https://godoc.org/github.com/inconshreveable/mousetrap)
-* [github.com/jackc/chunkreader](https://godoc.org/github.com/jackc/chunkreader)
-* [github.com/jackc/chunkreader/v2](https://godoc.org/github.com/jackc/chunkreader/v2)
-* [github.com/jackc/pgconn](https://godoc.org/github.com/jackc/pgconn)
-* [github.com/jackc/pgio](https://godoc.org/github.com/jackc/pgio)
-* [github.com/jackc/pgmock](https://godoc.org/github.com/jackc/pgmock)
-* [github.com/jackc/pgpassfile](https://godoc.org/github.com/jackc/pgpassfile)
-* [github.com/jackc/pgproto3](https://godoc.org/github.com/jackc/pgproto3)
-* [github.com/jackc/pgproto3/v2](https://godoc.org/github.com/jackc/pgproto3/v2)
-* [github.com/jackc/pgservicefile](https://godoc.org/github.com/jackc/pgservicefile)
-* [github.com/jackc/pgtype](https://godoc.org/github.com/jackc/pgtype)
-* [github.com/jackc/pgx/v4](https://godoc.org/github.com/jackc/pgx/v4)
-* [github.com/jackc/puddle](https://godoc.org/github.com/jackc/puddle)
 * [github.com/jmoiron/sqlx](https://godoc.org/github.com/jmoiron/sqlx)
 * [github.com/joho/godotenv](https://godoc.org/github.com/joho/godotenv)
-* [github.com/kballard/go-shellquote](https://godoc.org/github.com/kballard/go-shellquote)
-* [github.com/kisielk/gotool](https://godoc.org/github.com/kisielk/gotool)
-* [github.com/konsorten/go-windows-terminal-sequences](https://godoc.org/github.com/konsorten/go-windows-terminal-sequences)
 * [github.com/kr/pretty](https://godoc.org/github.com/kr/pretty)
 * [github.com/kr/pty](https://godoc.org/github.com/kr/pty)
 * [github.com/kr/text](https://godoc.org/github.com/kr/text)
 * [github.com/lib/pq](https://godoc.org/github.com/lib/pq)
-* [github.com/luna-duclos/instrumentedsql](https://godoc.org/github.com/luna-duclos/instrumentedsql)
 * [github.com/mattn/go-colorable](https://godoc.org/github.com/mattn/go-colorable)
 * [github.com/mattn/go-isatty](https://godoc.org/github.com/mattn/go-isatty)
 * [github.com/mattn/go-sqlite3](https://godoc.org/github.com/mattn/go-sqlite3)
 * [github.com/microcosm-cc/bluemonday](https://godoc.org/github.com/microcosm-cc/bluemonday)
 * [github.com/mitchellh/go-homedir](https://godoc.org/github.com/mitchellh/go-homedir)
 * [github.com/monoculum/formam](https://godoc.org/github.com/monoculum/formam)
 * [github.com/pkg/diff](https://godoc.org/github.com/pkg/diff)
-* [github.com/pkg/errors](https://godoc.org/github.com/pkg/errors)
 * [github.com/pmezard/go-difflib](https://godoc.org/github.com/pmezard/go-difflib)
 * [github.com/psanford/memfs](https://godoc.org/github.com/psanford/memfs)
 * [github.com/rogpeppe/go-internal](https://godoc.org/github.com/rogpeppe/go-internal)
-* [github.com/rs/xid](https://godoc.org/github.com/rs/xid)
-* [github.com/rs/zerolog](https://godoc.org/github.com/rs/zerolog)
 * [github.com/russross/blackfriday/v2](https://godoc.org/github.com/russross/blackfriday/v2)
-* [github.com/satori/go.uuid](https://godoc.org/github.com/satori/go.uuid)
 * [github.com/sergi/go-diff](https://godoc.org/github.com/sergi/go-diff)
-* [github.com/shopspring/decimal](https://godoc.org/github.com/shopspring/decimal)
 * [github.com/sirupsen/logrus](https://godoc.org/github.com/sirupsen/logrus)
 * [github.com/sourcegraph/annotate](https://godoc.org/github.com/sourcegraph/annotate)
 * [github.com/sourcegraph/syntaxhighlight](https://godoc.org/github.com/sourcegraph/syntaxhighlight)
@@ -98,13 +64,7 @@ Thank you to the following **GIANTS**:
 * [github.com/stretchr/objx](https://godoc.org/github.com/stretchr/objx)
 * [github.com/stretchr/testify](https://godoc.org/github.com/stretchr/testify)
 * [github.com/yuin/goldmark](https://godoc.org/github.com/yuin/goldmark)
-* [github.com/zenazn/goji](https://godoc.org/github.com/zenazn/goji)
-* [go.uber.org/atomic](https://godoc.org/go.uber.org/atomic)
-* [go.uber.org/multierr](https://godoc.org/go.uber.org/multierr)
-* [go.uber.org/tools](https://godoc.org/go.uber.org/tools)
-* [go.uber.org/zap](https://godoc.org/go.uber.org/zap)
 * [golang.org/x/crypto](https://godoc.org/golang.org/x/crypto)
-* [golang.org/x/lint](https://godoc.org/golang.org/x/lint)
 * [golang.org/x/mod](https://godoc.org/golang.org/x/mod)
 * [golang.org/x/net](https://godoc.org/golang.org/x/net)
 * [golang.org/x/sync](https://godoc.org/golang.org/x/sync)
@@ -114,8 +74,5 @@ Thank you to the following **GIANTS**:
 * [golang.org/x/tools](https://godoc.org/golang.org/x/tools)
 * [golang.org/x/xerrors](https://godoc.org/golang.org/x/xerrors)
 * [gopkg.in/check.v1](https://godoc.org/gopkg.in/check.v1)
-* [gopkg.in/errgo.v2](https://godoc.org/gopkg.in/errgo.v2)
-* [gopkg.in/inconshreveable/log15.v2](https://godoc.org/gopkg.in/inconshreveable/log15.v2)
 * [gopkg.in/yaml.v2](https://godoc.org/gopkg.in/yaml.v2)
 * [gopkg.in/yaml.v3](https://godoc.org/gopkg.in/yaml.v3)
-* [honnef.co/go/tools](https://godoc.org/honnef.co/go/tools)

basicauth.go

@@ -2,14 +2,16 @@ package basicauth
 
 import (
 	"encoding/base64"
+	"errors"
 	"net/http"
 	"strings"
 
 	"github.com/gobuffalo/buffalo"
-	"github.com/pkg/errors"
 )
 
 var (
+	// These errors are internal and will not be seen in production mode
+
 	// ErrNoCreds is returned when no basic auth credentials are defined
 	ErrNoCreds = errors.New("no basic auth credentials defined")
 
@@ -30,25 +32,36 @@ func Middleware(auth Authorizer) buffalo.MiddlewareFunc {
 		return func(c buffalo.Context) error {
 			token := strings.SplitN(c.Request().Header.Get("Authorization"), " ", 2)
 			if len(token) != 2 {
-				c.Response().Header().Set("WWW-Authenticate", `Basic realm="Basic Authentication"`)
-				return c.Error(http.StatusUnauthorized, ErrUnauthorized)
+				return responseUnauthorized(c, ErrNoCreds)
 			}
 			b, err := base64.StdEncoding.DecodeString(token[1])
 			if err != nil {
-				return c.Error(http.StatusUnauthorized, ErrUnauthorized)
+				return responseUnauthorized(c, ErrNoCreds)
 			}
+
 			pair := strings.SplitN(string(b), ":", 2)
 			if len(pair) != 2 {
-				return c.Error(http.StatusUnauthorized, ErrUnauthorized)
+				return responseUnauthorized(c, ErrUnauthorized)
 			}
+
 			success, err := auth(c, pair[0], pair[1])
 			if err != nil {
-				return errors.WithStack(err)
+				// log only this situation since it is an internal error
+				c.Logger().Errorf("authorizer error: %v", err)
+				return responseUnauthorized(c, ErrUnauthorized)
 			}
 			if !success {
-				return c.Error(http.StatusUnauthorized, ErrUnauthorized)
+				return responseUnauthorized(c, ErrAuthFail)
 			}
+
 			return next(c)
 		}
 	}
 }
+
+func responseUnauthorized(c buffalo.Context, err error) error {
+	// Always uses status 401 but internally propagate the original error.
+	// The error could be used in error handlers to handle extra steps.
+	c.Response().Header().Set("WWW-Authenticate", `Basic realm="Basic Authentication"`)
+	return c.Error(http.StatusUnauthorized, err)
+}

basicauth_test.go

@@ -2,18 +2,19 @@ package basicauth_test
 
 import (
 	"encoding/base64"
-	"fmt"
+	"net/http"
 	"testing"
 
 	"github.com/gobuffalo/buffalo"
+	"github.com/gobuffalo/buffalo/render"
 	"github.com/gobuffalo/httptest"
 	basicauth "github.com/gobuffalo/mw-basicauth"
 	"github.com/stretchr/testify/require"
 )
 
 func app() *buffalo.App {
 	h := func(c buffalo.Context) error {
-		return c.Render(200, nil)
+		return c.Render(200, render.String("Welcome"))
 	}
 	auth := func(c buffalo.Context, u, p string) (bool, error) {
 		return (u == "tester" && p == "pass123"), nil
@@ -25,50 +26,37 @@ func app() *buffalo.App {
 }
 
 func TestBasicAuth(t *testing.T) {
-	r := require.New(t)
-
-	w := httptest.New(app())
-
-	// missing authorization
-	res := w.HTML("/").Get()
-	r.Equal(401, res.Code)
-	r.Contains(res.Header().Get("WWW-Authenticate"), `Basic realm="Basic Authentication"`)
-	r.Contains(res.Body.String(), "Unauthorized")
-
-	// bad header value, not Basic
-	req := w.HTML("/")
-	req.Headers["Authorization"] = "badcreds"
-	res = req.Get()
-	r.Equal(401, res.Code)
-	r.Contains(res.Body.String(), "Unauthorized")
-
-	// bad cred values
-	req = w.HTML("/")
-	req.Headers["Authorization"] = "bad creds"
-	res = req.Get()
-	r.Equal(401, res.Code)
-	r.Contains(res.Body.String(), "Unauthorized")
-
-	// invalid cred values in authorization
-	creds := base64.StdEncoding.EncodeToString([]byte("badcredvalue"))
-	req = w.HTML("/")
-	req.Headers["Authorization"] = fmt.Sprintf("Basic %s", creds)
-	res = req.Get()
-	r.Equal(401, res.Code)
-	r.Contains(res.Body.String(), "Unauthorized")
-
-	// wrong cred values in authorization
-	creds = base64.StdEncoding.EncodeToString([]byte("foo:bar"))
-	req = w.HTML("/")
-	req.Headers["Authorization"] = fmt.Sprintf("Basic %s", creds)
-	res = req.Get()
-	r.Equal(401, res.Code)
-	r.Contains(res.Body.String(), "Unauthorized")
+	tests := []struct {
+		status  int
+		name    string
+		auth    string
+		message string
+	}{
+		{http.StatusUnauthorized, "missing", "MISSING", "no basic auth credentials defined"},
+		{http.StatusUnauthorized, "empty", "", "no basic auth credentials defined"},
+		{http.StatusUnauthorized, "badcreds", "badcreds", "no basic auth credentials defined"},
+		{http.StatusUnauthorized, "bad creds", "bad creds", "no basic auth credentials defined"},
+		{http.StatusUnauthorized, "invalid", "Basic " + base64.StdEncoding.EncodeToString([]byte("badcredvalue")), "Unauthorized"},
+		{http.StatusUnauthorized, "wrong", "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar")), "invalid basic auth username"},
+		{http.StatusOK, "valid", "Basic " + base64.StdEncoding.EncodeToString([]byte("tester:pass123")), "Welcome"},
+	}
 
-	// valid cred values
-	creds = base64.StdEncoding.EncodeToString([]byte("tester:pass123"))
-	req = w.HTML("/")
-	req.Headers["Authorization"] = fmt.Sprintf("Basic %s", creds)
-	res = req.Get()
-	r.Equal(200, res.Code)
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			r := require.New(t)
+			w := httptest.New(app())
+
+			// missing authorization
+			req := w.HTML("/")
+			if tt.auth != "MISSING" {
+				req.Headers["Authorization"] = tt.auth
+			}
+			res := req.Get()
+			r.Equal(tt.status, res.Code)
+			if tt.status == http.StatusUnauthorized {
+				r.Contains(res.Header().Get("WWW-Authenticate"), `Basic realm="Basic Authentication"`)
+			}
+			r.Contains(res.Body.String(), tt.message)
+		})
+	}
 }

go.mod

@@ -3,8 +3,7 @@ module github.com/gobuffalo/mw-basicauth
 go 1.16
 
 require (
-	github.com/gobuffalo/buffalo v0.18.9
-	github.com/gobuffalo/httptest v1.5.1
-	github.com/pkg/errors v0.9.1
-	github.com/stretchr/testify v1.8.0
+	github.com/gobuffalo/buffalo v1.1.0
+	github.com/gobuffalo/httptest v1.5.2
+	github.com/stretchr/testify v1.8.1
 )