PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 131
package security import ( "bytes" "context" "fmt" "mime/multipart" "net/http" "net/url" "strings" "testing" "github.com/go-openapi/errors" "github.com/go-openapi/runtime" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) const ( owners = "owners_auth" validToken = "token123" invalidToken = "token124" principal = "admin" authPath = "/blah" invalidParam = "access_toke" ) type authExpectation uint8 const ( expectIsAuthorized authExpectation = iota expectInvalidAuthorization expectNoAuthorization ) func TestBearerAuth(t *testing.T) { bearerAuth := ScopedTokenAuthentication(func(token string, _ []string) (interface{}, error) { if token == validToken { return principal, nil } return nil, errors.Unauthenticated("bearer") }) ba := BearerAuth(owners, bearerAuth) ctx := context.Background() t.Run("with valid bearer auth", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, "", validToken, expectIsAuthorized), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "", validToken, expectIsAuthorized), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, "", validToken, expectIsAuthorized), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, "", validToken, expectIsAuthorized), ) }) t.Run("with invalid token", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, "", invalidToken, expectInvalidAuthorization), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "", invalidToken, expectInvalidAuthorization), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, "", invalidToken, expectInvalidAuthorization), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, "", invalidToken, expectInvalidAuthorization), ) }) t.Run("with missing auth", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, invalidParam, validToken, expectNoAuthorization), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "Beare", validToken, expectNoAuthorization), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, invalidParam, validToken, expectNoAuthorization), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, invalidParam, validToken, expectNoAuthorization), ) }) } func TestBearerAuthCtx(t *testing.T) { bearerAuthCtx := ScopedTokenAuthenticationCtx(func(ctx context.Context, token string, _ []string) (context.Context, interface{}, error) { if token == validToken { return context.WithValue(ctx, extra, extraWisdom), principal, nil } return context.WithValue(ctx, reason, expReason), nil, errors.Unauthenticated("bearer") }) ba := BearerAuthCtx(owners, bearerAuthCtx) ctx := context.WithValue(context.Background(), original, wisdom) assertContextOK := func(requestContext context.Context, t *testing.T) { // when authorized, we have an "extra" key in context assert.Equal(t, wisdom, requestContext.Value(original)) assert.Equal(t, extraWisdom, requestContext.Value(extra)) assert.Nil(t, requestContext.Value(reason)) } assertContextKO := func(requestContext context.Context, t *testing.T) { // when not authorized, we have a "reason" key in context assert.Equal(t, wisdom, requestContext.Value(original)) assert.Nil(t, requestContext.Value(extra)) assert.Equal(t, expReason, requestContext.Value(reason)) } assertContextNone := func(requestContext context.Context, t *testing.T) { // when missing authorization, we only have the original context assert.Equal(t, wisdom, requestContext.Value(original)) assert.Nil(t, requestContext.Value(extra)) assert.Nil(t, requestContext.Value(reason)) } t.Run("with valid bearer auth", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, "", validToken, expectIsAuthorized, assertContextOK), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "", validToken, expectIsAuthorized, assertContextOK), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, "", validToken, expectIsAuthorized, assertContextOK), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, "", validToken, expectIsAuthorized, assertContextOK), ) }) t.Run("with invalid token", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, "", invalidToken, expectInvalidAuthorization, assertContextKO), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "", invalidToken, expectInvalidAuthorization, assertContextKO), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, "", invalidToken, expectInvalidAuthorization, assertContextKO), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, "", invalidToken, expectInvalidAuthorization, assertContextKO), ) }) t.Run("with missing auth", func(t *testing.T) { t.Run("token in query param", testAuthenticateBearerInQuery(ctx, ba, invalidParam, validToken, expectNoAuthorization, assertContextNone), ) t.Run("token in header", testAuthenticateBearerInHeader(ctx, ba, "Beare", validToken, expectNoAuthorization, assertContextNone), ) t.Run("token in urlencoded form", testAuthenticateBearerInForm(ctx, ba, invalidParam, validToken, expectNoAuthorization, assertContextNone), ) t.Run("token in multipart form", testAuthenticateBearerInMultipartForm(ctx, ba, invalidParam, validToken, expectNoAuthorization, assertContextNone), ) }) } func testIsAuthorized(_ context.Context, req *http.Request, authorizer runtime.Authenticator, expectAuthorized authExpectation, extraAsserters ...func(context.Context, *testing.T)) func(*testing.T) { return func(t *testing.T) { hasToken, usr, err := authorizer.Authenticate(&ScopedAuthRequest{Request: req}) switch expectAuthorized { case expectIsAuthorized: require.NoError(t, err) assert.True(t, hasToken) assert.Equal(t, principal, usr) assert.Equal(t, owners, OAuth2SchemeName(req)) case expectInvalidAuthorization: require.Error(t, err) require.ErrorContains(t, err, "unauthenticated") assert.True(t, hasToken) assert.Nil(t, usr) assert.Equal(t, owners, OAuth2SchemeName(req)) case expectNoAuthorization: require.NoError(t, err) assert.False(t, hasToken) assert.Nil(t, usr) assert.Empty(t, OAuth2SchemeName(req)) } for _, contextAsserter := range extraAsserters { contextAsserter(req.Context(), t) } } } func shouldAuthorizeOrNot(expectAuthorized authExpectation) string { if expectAuthorized == expectIsAuthorized { return "should authorize" } return "should not authorize" } func testAuthenticateBearerInQuery( // build a request with the token as a query parameter, then check against the authorizer // // the request context after authorization may be checked with the extraAsserters. ctx context.Context, authorizer runtime.Authenticator, parameter, token string, expectAuthorized authExpectation, extraAsserters ...func(context.Context, *testing.T), ) func(*testing.T) { if parameter == "" { parameter = accessTokenParam } return func(t *testing.T) { req, err := http.NewRequestWithContext( ctx, http.MethodGet, fmt.Sprintf("%s?%s=%s", authPath, parameter, token), nil, ) require.NoError(t, err) t.Run( shouldAuthorizeOrNot(expectAuthorized), testIsAuthorized(ctx, req, authorizer, expectAuthorized, extraAsserters...), ) } } func testAuthenticateBearerInHeader( // build a request with the token as a header, then check against the authorizer ctx context.Context, authorizer runtime.Authenticator, parameter, token string, expectAuthorized authExpectation, extraAsserters ...func(context.Context, *testing.T), ) func(*testing.T) { if parameter == "" { parameter = "Bearer" } return func(t *testing.T) { req, err := http.NewRequestWithContext(ctx, http.MethodGet, authPath, nil) require.NoError(t, err) req.Header.Set(runtime.HeaderAuthorization, fmt.Sprintf("%s %s", parameter, token)) t.Run( shouldAuthorizeOrNot(expectAuthorized), testIsAuthorized(ctx, req, authorizer, expectAuthorized, extraAsserters...), ) } } func testAuthenticateBearerInForm( // build a request with the token as a form field, then check against the authorizer ctx context.Context, authorizer runtime.Authenticator, parameter, token string, expectAuthorized authExpectation, extraAsserters ...func(context.Context, *testing.T), ) func(*testing.T) { if parameter == "" { parameter = accessTokenParam } return func(t *testing.T) { body := url.Values(map[string][]string{}) body.Set(parameter, token) req, err := http.NewRequestWithContext(ctx, http.MethodPost, authPath, strings.NewReader(body.Encode())) require.NoError(t, err) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") t.Run( shouldAuthorizeOrNot(expectAuthorized), testIsAuthorized(ctx, req, authorizer, expectAuthorized, extraAsserters...), ) } } func testAuthenticateBearerInMultipartForm( // build a request with the token as a multipart form field, then check against the authorizer ctx context.Context, authorizer runtime.Authenticator, parameter, token string, expectAuthorized authExpectation, extraAsserters ...func(context.Context, *testing.T), ) func(*testing.T) { if parameter == "" { parameter = accessTokenParam } return func(t *testing.T) { body := bytes.NewBuffer(nil) writer := multipart.NewWriter(body) require.NoError(t, writer.WriteField(parameter, token)) require.NoError(t, writer.Close()) req, err := http.NewRequestWithContext(ctx, http.MethodPost, authPath, body) require.NoError(t, err) req.Header.Set("Content-Type", writer.FormDataContentType()) t.Run( shouldAuthorizeOrNot(expectAuthorized), testIsAuthorized(ctx, req, authorizer, expectAuthorized, extraAsserters...), ) } }