From 6a16d9a91446b705a292b8b127b3bbc74a99c5f2 Mon Sep 17 00:00:00 2001
From: He Weiwei <hweiwei@vmware.com>
Date: Wed, 20 Jan 2021 14:33:28 +0800
Subject: [PATCH] fix: correct Authorize of basic and berer authorizer (#14036)

Closes #13734

Signed-off-by: He Weiwei <hweiwei@vmware.com>
---
 src/pkg/scan/rest/auth/api_key_auth_test.go | 51 +++++++++++++++++++++
 src/pkg/scan/rest/auth/basic_auth.go        |  5 +-
 src/pkg/scan/rest/auth/basic_auth_test.go   | 51 +++++++++++++++++++++
 src/pkg/scan/rest/auth/bearer_auth.go       |  1 +
 src/pkg/scan/rest/auth/bearer_auth_test.go  | 51 +++++++++++++++++++++
 5 files changed, 155 insertions(+), 4 deletions(-)
 create mode 100644 src/pkg/scan/rest/auth/api_key_auth_test.go
 create mode 100644 src/pkg/scan/rest/auth/basic_auth_test.go
 create mode 100644 src/pkg/scan/rest/auth/bearer_auth_test.go

diff --git a/src/pkg/scan/rest/auth/api_key_auth_test.go b/src/pkg/scan/rest/auth/api_key_auth_test.go
new file mode 100644
index 000000000..d27e89677
--- /dev/null
+++ b/src/pkg/scan/rest/auth/api_key_auth_test.go
@@ -0,0 +1,51 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func Test_apiKeyAuthorizer_Authorize(t *testing.T) {
+	type fields struct {
+		typeID     string
+		accessCred string
+	}
+	type args struct {
+		req *http.Request
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr bool
+	}{
+		{"ok", fields{"X-ScannerAdapter-API-Key", "apikey"}, args{httptest.NewRequest("GET", "/", nil)}, false},
+		{"empty cerd", fields{"X-ScannerAdapter-API-Key", ""}, args{httptest.NewRequest("GET", "/", nil)}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			aa := &apiKeyAuthorizer{
+				typeID:     tt.fields.typeID,
+				accessCred: tt.fields.accessCred,
+			}
+			if err := aa.Authorize(tt.args.req); (err != nil) != tt.wantErr {
+				t.Errorf("apiKeyAuthorizer.Authorize() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/src/pkg/scan/rest/auth/basic_auth.go b/src/pkg/scan/rest/auth/basic_auth.go
index 0881f98bd..1dad7e363 100644
--- a/src/pkg/scan/rest/auth/basic_auth.go
+++ b/src/pkg/scan/rest/auth/basic_auth.go
@@ -30,13 +30,10 @@ type basicAuthorizer struct {
 
 // Authorize requests
 func (ba *basicAuthorizer) Authorize(req *http.Request) error {
-	if len(ba.accessCred) == 0 {
-		return errors.Errorf("%s:%s", ba.typeID, "missing access credential")
-	}
-
 	if req != nil && len(ba.accessCred) > 0 {
 		data := base64.StdEncoding.EncodeToString([]byte(ba.accessCred))
 		req.Header.Add(authorization, fmt.Sprintf("%s %s", ba.typeID, data))
+		return nil
 	}
 
 	return errors.Errorf("%s: %s", ba.typeID, "missing data to authorize request")
diff --git a/src/pkg/scan/rest/auth/basic_auth_test.go b/src/pkg/scan/rest/auth/basic_auth_test.go
new file mode 100644
index 000000000..33dfb4c5a
--- /dev/null
+++ b/src/pkg/scan/rest/auth/basic_auth_test.go
@@ -0,0 +1,51 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func Test_basicAuthorizer_Authorize(t *testing.T) {
+	type fields struct {
+		typeID     string
+		accessCred string
+	}
+	type args struct {
+		req *http.Request
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr bool
+	}{
+		{"ok", fields{"Basic", "username:password"}, args{httptest.NewRequest("GET", "/", nil)}, false},
+		{"empty cerd", fields{"Basic", ""}, args{httptest.NewRequest("GET", "/", nil)}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ba := &basicAuthorizer{
+				typeID:     tt.fields.typeID,
+				accessCred: tt.fields.accessCred,
+			}
+			if err := ba.Authorize(tt.args.req); (err != nil) != tt.wantErr {
+				t.Errorf("basicAuthorizer.Authorize() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/src/pkg/scan/rest/auth/bearer_auth.go b/src/pkg/scan/rest/auth/bearer_auth.go
index dcab6f110..f708bb192 100644
--- a/src/pkg/scan/rest/auth/bearer_auth.go
+++ b/src/pkg/scan/rest/auth/bearer_auth.go
@@ -31,6 +31,7 @@ type bearerAuthorizer struct {
 func (ba *bearerAuthorizer) Authorize(req *http.Request) error {
 	if req != nil && len(ba.accessCred) > 0 {
 		req.Header.Add(authorization, fmt.Sprintf("%s %s", ba.typeID, ba.accessCred))
+		return nil
 	}
 
 	return errors.Errorf("%s: %s", ba.typeID, "missing data to authorize request")
diff --git a/src/pkg/scan/rest/auth/bearer_auth_test.go b/src/pkg/scan/rest/auth/bearer_auth_test.go
new file mode 100644
index 000000000..a783ba9e9
--- /dev/null
+++ b/src/pkg/scan/rest/auth/bearer_auth_test.go
@@ -0,0 +1,51 @@
+// Copyright Project Harbor Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func Test_bearerAuthorizer_Authorize(t *testing.T) {
+	type fields struct {
+		typeID     string
+		accessCred string
+	}
+	type args struct {
+		req *http.Request
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		args    args
+		wantErr bool
+	}{
+		{"ok", fields{"Bearer", "bearer-token"}, args{httptest.NewRequest("GET", "/", nil)}, false},
+		{"empty cerd", fields{"Bearer", ""}, args{httptest.NewRequest("GET", "/", nil)}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ba := &bearerAuthorizer{
+				typeID:     tt.fields.typeID,
+				accessCred: tt.fields.accessCred,
+			}
+			if err := ba.Authorize(tt.args.req); (err != nil) != tt.wantErr {
+				t.Errorf("bearerAuthorizer.Authorize() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}