diff --git a/http/good_test.go b/http/good_test.go index 682e25a..1b144ff 100644 --- a/http/good_test.go +++ b/http/good_test.go @@ -27,7 +27,7 @@ func TestAddGood(t *testing.T) { } _, w := session.JSONRequest("POST", "/api/good/1", good) - assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode) + assertion.Equal(http.StatusForbidden, w.StatusCode) session.Login() @@ -102,7 +102,7 @@ func TestDelGood(t *testing.T) { database.Write.Create(&good) _, w := session.JSONRequest("DELETE", "/api/good/1", nil) - assertion.Equal(http.StatusNonAuthoritativeInfo, w.StatusCode) + assertion.Equal(http.StatusForbidden, w.StatusCode) session.Login() diff --git a/lib/http/permission.go b/lib/http/permission.go index b2f3d24..83be6fe 100644 --- a/lib/http/permission.go +++ b/lib/http/permission.go @@ -9,12 +9,8 @@ type HasPermission func(string, int) (bool, error) // Function to evaluate the permission and implement an error handling func PermissionHandler(h func(w http.ResponseWriter, r *http.Request), perm HasPermission, permission int) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { - session, err := r.Cookie("session") - if err != nil { - http.Error(w, err.Error(), http.StatusNonAuthoritativeInfo) - return - } - ok, err := perm(session.Value, permission) + session := r.Header.Get("session") + ok, err := perm(session, permission) if err != nil { http.Error(w, err.Error(), http.StatusGatewayTimeout) return diff --git a/lib/http/permission_test.go b/lib/http/permission_test.go index 00c9db1..660fc83 100644 --- a/lib/http/permission_test.go +++ b/lib/http/permission_test.go @@ -17,19 +17,8 @@ func TestPermission(t *testing.T) { w := httptest.NewRecorder() r, _ := http.NewRequest("GET", "/", nil) - // Request without session cookie - reached := false - PermissionHandler(func(w http.ResponseWriter, r *http.Request) { - reached = true - }, func(s string, i int) (bool, error) { - return true, nil - }, 1)(w, r) - assert.False(reached) - - r.AddCookie(&http.Cookie{Name: "session"}) - // HasPermission responds true - reached = false + reached := false PermissionHandler(func(w http.ResponseWriter, r *http.Request) { reached = true }, func(s string, i int) (bool, error) { diff --git a/test/testrest.go b/test/testrest.go index 707a837..eb0185f 100644 --- a/test/testrest.go +++ b/test/testrest.go @@ -113,14 +113,12 @@ func (r *Request) JSONRequest(method string, url string, body interface{}) (json // Function to log the current session func (r *Request) Login() { - r.cookies = nil - r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "testsessionkey"}) + r.Header["session"] = "testsessionkey" } // Function to logout/quit the current session func (r *Request) Logout() { - r.cookies = nil - r.cookies = append(r.cookies, &http.Cookie{Name: "session", Value: "trashkey"}) + r.Header["session"] = "trashkey" } // Function to clean the current session diff --git a/webroot/dummy_cart/index.html b/webroot/dummy_cart/index.html index 54e06ae..e320443 100644 --- a/webroot/dummy_cart/index.html +++ b/webroot/dummy_cart/index.html @@ -1,21 +1,27 @@
- - - - - -