diff options
author | Hannah von Reth <hannah.vonreth@owncloud.com> | 2020-11-26 16:16:08 +0300 |
---|---|---|
committer | Hannah von Reth <vonreth@kde.org> | 2020-12-09 13:52:03 +0300 |
commit | 4261e0623c1f05f780dbe78d5f8acd5201527537 (patch) | |
tree | 39e8348f18bb9d61291d29c4c08e25c2e1d749c9 /test | |
parent | 7a3bc48d4190db014e162f088cd6c0b93e564704 (diff) |
We don't follow redirects in oaut
Diffstat (limited to 'test')
-rw-r--r-- | test/testoauth.cpp | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/test/testoauth.cpp b/test/testoauth.cpp index f2a7be471..401422550 100644 --- a/test/testoauth.cpp +++ b/test/testoauth.cpp @@ -33,8 +33,6 @@ class FakePostReply : public QNetworkReply public: std::unique_ptr<QIODevice> payload; bool aborted = false; - bool redirectToPolicy = false; - bool redirectToToken = false; FakePostReply(QNetworkAccessManager::Operation op, const QNetworkRequest &request, std::unique_ptr<QIODevice> payload_, QObject *parent) @@ -54,24 +52,6 @@ public: emit metaDataChanged(); emit finished(); return; - } else if (redirectToPolicy) { - setHeader(QNetworkRequest::LocationHeader, "/my.policy"); - setAttribute(QNetworkRequest::RedirectionTargetAttribute, "/my.policy"); - setAttribute(QNetworkRequest::HttpStatusCodeAttribute, 302); // 302 might or might not lose POST data in rfc - setHeader(QNetworkRequest::ContentLengthHeader, 0); - emit metaDataChanged(); - emit finished(); - return; - } else if (redirectToToken) { - // Redirect to self - QVariant destination = QVariant(sOAuthTestServer.toString()+QLatin1String("/index.php/apps/oauth2/api/v1/token")); - setHeader(QNetworkRequest::LocationHeader, destination); - setAttribute(QNetworkRequest::RedirectionTargetAttribute, destination); - setAttribute(QNetworkRequest::HttpStatusCodeAttribute, 307); // 307 explicitly in rfc says to not lose POST data - setHeader(QNetworkRequest::ContentLengthHeader, 0); - emit metaDataChanged(); - emit finished(); - return; } setHeader(QNetworkRequest::ContentLengthHeader, payload->size()); setAttribute(QNetworkRequest::HttpStatusCodeAttribute, 200); @@ -341,42 +321,8 @@ private slots: test.test(); } - void testTokenUrlHasRedirect() - { - struct Test : OAuthTestCase { - int redirectsDone = 0; - QNetworkReply *tokenReply(QNetworkAccessManager::Operation op, const QNetworkRequest & request) override - { - OC_ASSERT(browserReply); - // Kind of reproduces what we had in https://github.com/owncloud/enterprise/issues/2951 (not 1:1) - if (redirectsDone == 0) { - std::unique_ptr<QBuffer> payload(new QBuffer()); - payload->setData(""); - SlowFakePostReply *reply = new SlowFakePostReply(op, request, std::move(payload), this); - reply->redirectToPolicy = true; - redirectsDone++; - return reply; - } else if (redirectsDone == 1) { - std::unique_ptr<QBuffer> payload(new QBuffer()); - payload->setData(""); - SlowFakePostReply *reply = new SlowFakePostReply(op, request, std::move(payload), this); - reply->redirectToToken = true; - redirectsDone++; - return reply; - } else { - // ^^ This is with a custom reply and not actually HTTP, so we're testing the HTTP redirect code - // we have in AbstractNetworkJob::slotFinished() - redirectsDone++; - return OAuthTestCase::tokenReply(op, request); - } - } - } test; - test.test(); - } - void testWellKnown() { struct Test : OAuthTestCase { - int redirectsDone = 0; QNetworkReply * wellKnownReply(QNetworkAccessManager::Operation op, const QNetworkRequest & req) override { OC_ASSERT(op == QNetworkAccessManager::GetOperation); QJsonDocument jsondata(QJsonObject{ |