added tests for proxy auth

hughneale · hughneale · commit c7f407649809 · 2026-01-05T15:40:10.000Z
diff --git a/model/authentication.go b/model/authentication.go
@@ -185,9 +185,11 @@ type BearerAuthenticationPolicy struct {
 	Use   string `json:"use,omitempty" validate:"required_without=Token"`
 }
 
+// ProxyBearerAuthenticationPolicy supports either an inline token or a secret reference (use).
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Proxy-Authorization
 type ProxyBearerAuthenticationPolicy struct {
 	Token string `json:"token,omitempty" validate:"required_without=Use,proxy_bearer_policy"`
-	Use   string `json:"use,omitempty" validate:"required"`
+	Use   string `json:"use,omitempty" validate:"required_without=Token"`
 }
 
 // DigestAuthenticationPolicy supports either inline properties (username/password) or a secret reference (use).
diff --git a/model/authentication_test.go b/model/authentication_test.go
@@ -49,6 +49,16 @@ func TestAuthenticationPolicy(t *testing.T) {
 			expected:   `{"digest":{"username":"digestUser","password":"digestPass"}}`,
 			expectsErr: false,
 		},
+		{
+			name: "Valid Proxy Bearer Authentication Inline",
+			input: `{
+				"proxy_bearer": {
+					"token": "proxyToken123"
+				}
+			}`,
+			expected:   `{"proxy_bearer":{"token":"proxyToken123"}}`,
+			expectsErr: false,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -64,6 +74,9 @@ func TestAuthenticationPolicy(t *testing.T) {
 				if authPolicy.Bearer != nil {
 					err = validate.Struct(authPolicy.Bearer)
 				}
+				if authPolicy.ProxyBearer != nil {
+					err = validate.Struct(authPolicy.ProxyBearer)
+				}
 				if authPolicy.Digest != nil {
 					err = validate.Struct(authPolicy.Digest)
 				}
diff --git a/model/validator.go b/model/validator.go
@@ -43,6 +43,7 @@ func init() {
 
 	registerValidator("basic_policy", validateBasicPolicy)
 	registerValidator("bearer_policy", validateBearerPolicy)
+	registerValidator("proxy_bearer_policy", validateProxyBearerPolicy)
 	registerValidator("digest_policy", validateDigestPolicy)
 	registerValidator("oauth2_policy", validateOAuth2Policy)
 	registerValidator("client_auth_type", validateOptionalOAuthClientAuthentication)
@@ -186,6 +187,18 @@ func validateBearerPolicy(fl validator.FieldLevel) bool {
 	return true
 }
 
+// validateProxyBearerPolicy ensures ProxyBearerAuthenticationPolicy has mutually exclusive fields set.
+func validateProxyBearerPolicy(fl validator.FieldLevel) bool {
+	policy, ok := fl.Parent().Interface().(ProxyBearerAuthenticationPolicy)
+	if !ok {
+		return false
+	}
+	if policy.Token != "" && policy.Use != "" {
+		return false
+	}
+	return true
+}
+
 // validateDigestPolicy ensures DigestAuthenticationPolicy has mutually exclusive fields set.
 func validateDigestPolicy(fl validator.FieldLevel) bool {
 	policy, ok := fl.Parent().Interface().(DigestAuthenticationPolicy)

Original file line number	Diff line number	Diff line change
`@@ -185,9 +185,11 @@ type BearerAuthenticationPolicy struct {`
`185`	`185`	Use string `json:"use,omitempty" validate:"required_without=Token"`
`186`	`186`	`}`
`187`	`187`
	`188`	`+// ProxyBearerAuthenticationPolicy supports either an inline token or a secret reference (use).`
	`189`	`+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Proxy-Authorization`
`188`	`190`	`type ProxyBearerAuthenticationPolicy struct {`
`189`	`191`	Token string `json:"token,omitempty" validate:"required_without=Use,proxy_bearer_policy"`
`190`		- Use string `json:"use,omitempty" validate:"required"`
	`192`	+ Use string `json:"use,omitempty" validate:"required_without=Token"`
`191`	`193`	`}`
`192`	`194`
`193`	`195`	`// DigestAuthenticationPolicy supports either inline properties (username/password) or a secret reference (use).`