diff options
| author | Stan Hu <stanhu@gmail.com> | 2017-03-11 02:21:21 +0300 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2017-03-13 13:42:29 +0300 |
| commit | de395b2806024af3846c93b3f10c9dc9416cd83d (patch) | |
| tree | 56a4f2154dbda3314548f2101bbc47c1984bd56b | |
| parent | fbcbce1277c57783568c2a2d828c0022d675932c (diff) | |
Fix and clarify redirect HTTP logic
redirect-http seemed to suggest the Pages daemon would redirect from HTTPS to
HTTP, but it seems that the opposite was implied.
Fixes issue manifested by https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests/1348
| -rw-r--r-- | acceptance_test.go | 55 | ||||
| -rw-r--r-- | app.go | 2 | ||||
| -rw-r--r-- | helpers_test.go | 20 | ||||
| -rw-r--r-- | main.go | 2 |
4 files changed, 65 insertions, 14 deletions
diff --git a/acceptance_test.go b/acceptance_test.go index e1a7167a..24c0104c 100644 --- a/acceptance_test.go +++ b/acceptance_test.go @@ -24,6 +24,11 @@ var listeners = []ListenSpec{ {"proxy", "::1", "37002"}, } +var ( + httpListener = listeners[0] + httpsListener = listeners[2] +) + func skipUnlessEnabled(t *testing.T) { if testing.Short() { t.Log("Acceptance tests disabled") @@ -38,16 +43,15 @@ func skipUnlessEnabled(t *testing.T) { func TestUnknownHostReturnsNotFound(t *testing.T) { skipUnlessEnabled(t) - teardown := RunPagesProcess(t, *pagesBinary, listeners, "") + teardown := RunPagesProcess(t, *pagesBinary, listeners, "", "-redirect-http=false") defer teardown() for _, spec := range listeners { rsp, err := GetPageFromListener(t, spec, "invalid.invalid", "") - if assert.NoError(t, err) { - rsp.Body.Close() - assert.Equal(t, http.StatusNotFound, rsp.StatusCode) - } + assert.NoError(t, err) + rsp.Body.Close() + assert.Equal(t, http.StatusNotFound, rsp.StatusCode) } } @@ -59,13 +63,46 @@ func TestKnownHostReturns200(t *testing.T) { for _, spec := range listeners { rsp, err := GetPageFromListener(t, spec, "group.gitlab-example.com", "project/") - if assert.NoError(t, err) { - rsp.Body.Close() - assert.Equal(t, http.StatusOK, rsp.StatusCode) - } + assert.NoError(t, err) + rsp.Body.Close() + assert.Equal(t, http.StatusOK, rsp.StatusCode) } } +func TestHttpToHttpsRedirectDisabled(t *testing.T) { + skipUnlessEnabled(t) + teardown := RunPagesProcess(t, *pagesBinary, listeners, "", "-redirect-http=false") + defer teardown() + + rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "project/") + assert.NoError(t, err) + defer rsp.Body.Close() + assert.Equal(t, http.StatusOK, rsp.StatusCode) + + rsp, err = GetPageFromListener(t, httpsListener, "group.gitlab-example.com", "project/") + assert.NoError(t, err) + defer rsp.Body.Close() + assert.Equal(t, http.StatusOK, rsp.StatusCode) +} + +func TestHttpToHttpsRedirectEnabled(t *testing.T) { + skipUnlessEnabled(t) + teardown := RunPagesProcess(t, *pagesBinary, listeners, "", "-redirect-http=true") + defer teardown() + + rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "project/") + assert.NoError(t, err) + defer rsp.Body.Close() + assert.Equal(t, http.StatusTemporaryRedirect, rsp.StatusCode) + assert.Equal(t, 1, len(rsp.Header["Location"])) + assert.Equal(t, "https://group.gitlab-example.com/project/", rsp.Header.Get("Location")) + + rsp, err = GetPageFromListener(t, httpsListener, "group.gitlab-example.com", "project/") + assert.NoError(t, err) + defer rsp.Body.Close() + assert.Equal(t, http.StatusOK, rsp.StatusCode) +} + func TestPrometheusMetricsCanBeScraped(t *testing.T) { skipUnlessEnabled(t) listener := []ListenSpec{{"http", "127.0.0.1", "37003"}} @@ -52,7 +52,7 @@ func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https boo defer metrics.SessionsActive.Dec() // Add auto redirect - if https && !a.RedirectHTTP { + if !https && a.RedirectHTTP { u := *r.URL u.Scheme = "https" u.Host = r.Host diff --git a/helpers_test.go b/helpers_test.go index 99a44ea1..60d04304 100644 --- a/helpers_test.go +++ b/helpers_test.go @@ -136,11 +136,11 @@ func (l ListenSpec) JoinHostPort() string { // GetPageFromProcess to do a HTTP GET against a listener. // // If run as root via sudo, the gitlab-pages process will drop privileges -func RunPagesProcess(t *testing.T, pagesPath string, listeners []ListenSpec, promPort string) (teardown func()) { +func RunPagesProcess(t *testing.T, pagesPath string, listeners []ListenSpec, promPort string, extraArgs ...string) (teardown func()) { _, err := os.Stat(pagesPath) assert.NoError(t, err) - args, tempfiles := getPagesArgs(t, listeners, promPort) + args, tempfiles := getPagesArgs(t, listeners, promPort, extraArgs) cmd := exec.Command(pagesPath, args...) cmd.Stdout = &tWriter{t} cmd.Stderr = &tWriter{t} @@ -168,7 +168,7 @@ func RunPagesProcess(t *testing.T, pagesPath string, listeners []ListenSpec, pro } } -func getPagesArgs(t *testing.T, listeners []ListenSpec, promPort string) (args, tempfiles []string) { +func getPagesArgs(t *testing.T, listeners []ListenSpec, promPort string, extraArgs []string) (args, tempfiles []string) { var hasHTTPS bool for _, spec := range listeners { @@ -196,6 +196,8 @@ func getPagesArgs(t *testing.T, listeners []ListenSpec, promPort string) (args, args = append(args, "-daemon-gid", "65534") // Root user can switch to "nobody" } + args = append(args, extraArgs...) + return } @@ -214,3 +216,15 @@ func GetPageFromListener(t *testing.T, spec ListenSpec, host, urlsuffix string) return InsecureHTTPSClient.Do(req) } + +func GetRedirectPage(t *testing.T, spec ListenSpec, host, urlsuffix string) (*http.Response, error) { + url := spec.URL(urlsuffix) + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return nil, err + } + + req.Host = host + + return InsecureHTTPSClient.Transport.RoundTrip(req) +} @@ -16,7 +16,7 @@ var REVISION = "HEAD" var ( pagesRootCert = flag.String("root-cert", "", "The default path to file certificate to serve static pages") pagesRootKey = flag.String("root-key", "", "The default path to file certificate to serve static pages") - redirectHTTP = flag.Bool("redirect-http", true, "Serve the pages under HTTP") + redirectHTTP = flag.Bool("redirect-http", false, "Redirect pages from HTTP to HTTPS") useHTTP2 = flag.Bool("use-http2", true, "Enable HTTP2 support") pagesRoot = flag.String("pages-root", "shared/pages", "The directory where pages are stored") pagesDomain = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages") |