Excubitor-Monitoring · Uggah · May 17, 2023 · May 17, 2023
diff --git a/internal/http_server/authentication_test.go b/internal/http_server/authentication_test.go
@@ -1,6 +1,7 @@
 package http_server
 
 import (
+	"bytes"
 	"encoding/json"
 	"github.com/Excubitor-Monitoring/Excubitor-Backend/internal/logging"
 	"github.com/golang-jwt/jwt/v5"
@@ -121,6 +122,88 @@ func TestHandleAuthRequestUnknownMethod(t *testing.T) {
 	assert.True(t, time.Since(httpError.Timestamp) < time.Since(time.Now().Add(-time.Second)) && time.Until(httpError.Timestamp) < 0)
 }
 
+func TestHandleAuthRequestPAMNilCredentials(t *testing.T) {
+	type testParams struct {
+		description          string
+		method               string
+		credentials          map[string]interface{}
+		expectedErrorMessage string
+		expectedStatusCode   int
+	}
+
+	for _, params := range []testParams{
+		{
+			description:          "Nil credentials",
+			method:               "PAM",
+			credentials:          nil,
+			expectedErrorMessage: "Credentials not specified!",
+			expectedStatusCode:   http.StatusBadRequest,
+		},
+		{
+			description: "Nil username",
+			method:      "PAM",
+			credentials: map[string]interface{}{
+				"username": nil,
+				"password": "SomePassword",
+			},
+			expectedErrorMessage: "Username not specified!",
+			expectedStatusCode:   http.StatusBadRequest,
+		},
+		{
+			description: "Nil password",
+			method:      "PAM",
+			credentials: map[string]interface{}{
+				"username": "SomeUser",
+				"password": nil,
+			},
+			expectedErrorMessage: "Password not specified!",
+			expectedStatusCode:   http.StatusBadRequest,
+		},
+	} {
+		t.Run(params.description, func(t *testing.T) {
+			var err error
+
+			logger, err = logging.GetConsoleLoggerInstance()
+			if err != nil {
+				t.Error(err)
+				return
+			}
+
+			payload, err := json.Marshal(authRequest{Method: params.method, Credentials: params.credentials})
+
+			req := httptest.NewRequest(http.MethodPost, "/auth",
+				bytes.NewReader(payload))
+			req.RemoteAddr = "SampleAddress"
+			w := httptest.NewRecorder()
+
+			handleAuthRequest(w, req)
+
+			res := w.Result()
+			defer func(Body io.ReadCloser) {
+				err := Body.Close()
+				if err != nil {
+					t.Error(err)
+					return
+				}
+			}(res.Body)
+
+			body, err := io.ReadAll(res.Body)
+			if err != nil {
+				t.Error(err)
+				return
+			}
+
+			httpError := parseHTTPError(body)
+
+			assert.Equal(t, params.expectedStatusCode, res.StatusCode)
+			assert.Equal(t, params.expectedErrorMessage, httpError.Message)
+			assert.Equal(t, httpError.Path, "/auth")
+			assert.True(t, time.Since(httpError.Timestamp) < time.Since(time.Now().Add(-time.Second)) && time.Until(httpError.Timestamp) < 0)
+		})
+	}
+
+}
+
 func TestHandleAuthRequestPAMInvalidCredentials(t *testing.T) {
 	var err error
 

diff --git a/internal/http_server/http_server_test.go b/internal/http_server/http_server_test.go
@@ -1,12 +1,14 @@
 package http_server
 
 import (
+	"fmt"
 	ctx "github.com/Excubitor-Monitoring/Excubitor-Backend/internal/context"
 	"github.com/stretchr/testify/assert"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 )
 
 func TestInfo(t *testing.T) {
@@ -34,3 +36,61 @@ func TestInfo(t *testing.T) {
 	assert.Equal(t, 200, res.StatusCode)
 	assert.JSONEq(t, `{"authentication": { "method": "PAM" }, "modules": [ { "name": "TestModule" } ] }`, string(body))
 }
+
+func TestInfoMethodNotAllowed(t *testing.T) {
+	type testParams struct {
+		description string
+		method      string
+	}
+
+	for _, params := range []testParams{
+		{
+			description: "Method POST",
+			method:      http.MethodPost,
+		},
+		{
+			description: "Method PUT",
+			method:      http.MethodPut,
+		},
+		{
+			description: "Method PATCH",
+			method:      http.MethodPatch,
+		},
+		{
+			description: "Method DELETE",
+			method:      http.MethodDelete,
+		},
+		{
+			description: "Method TRACE",
+			method:      http.MethodTrace,
+		},
+	} {
+		t.Run(params.description, func(t *testing.T) {
+			req := httptest.NewRequest(params.method, "/info", nil)
+			w := httptest.NewRecorder()
+
+			info(w, req)
+
+			res := w.Result()
+			defer func(Body io.ReadCloser) {
+				err := Body.Close()
+				if err != nil {
+					t.Error(err)
+				}
+			}(res.Body)
+
+			body, err := io.ReadAll(res.Body)
+			if err != nil {
+				t.Error(err)
+				return
+			}
+
+			httpError := parseHTTPError(body)
+
+			assert.Equal(t, http.StatusMethodNotAllowed, res.StatusCode)
+			assert.Equal(t, "/info", httpError.Path)
+			assert.Equal(t, fmt.Sprintf("Method %s not allowed!", params.method), httpError.Message)
+			assert.True(t, time.Since(httpError.Timestamp) < time.Since(time.Now().Add(-time.Second)) && time.Until(httpError.Timestamp) < 0)
+		})
+	}
+}