diff options
| author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-08-21 19:00:52 +0300 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2019-08-21 19:00:52 +0300 |
| commit | 8e390bd9884461ebd4e0663cba391a86a7b2ef5b (patch) | |
| tree | 7855531881f831d884266e6a47a3b77ecfa6b750 /acceptance_test.go | |
| parent | f8dabe33aee2931bcd060f7a13663eef0a0c8d9c (diff) | |
Fix https downgrade for pages behind proxy
We can't rely on r.TLS when pages are served behind proxy
So we save https flag to a context for later usage
Right now I'm trying to keep changes to a minimum since
I'm planning to backport this to older versions
That's why https flag is not refactored throughout the codebase
The alternative way would be to use gorilla's proxy headers
I'm planning to refactor to that version later
Diffstat (limited to 'acceptance_test.go')
| -rw-r--r-- | acceptance_test.go | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/acceptance_test.go b/acceptance_test.go index 8023c4ff..587fc27e 100644 --- a/acceptance_test.go +++ b/acceptance_test.go @@ -37,6 +37,7 @@ var listeners = []ListenSpec{ var ( httpListener = listeners[0] httpsListener = listeners[2] + proxyListener = listeners[4] ) func skipUnlessEnabled(t *testing.T, conditions ...string) { @@ -944,6 +945,71 @@ func TestAccessControlUnderCustomDomain(t *testing.T) { assert.Equal(t, http.StatusOK, authrsp.StatusCode) } +func TestAccessControlUnderCustomDomainWithHTTPSProxy(t *testing.T) { + skipUnlessEnabled(t, "not-inplace-chroot") + + testServer := makeGitLabPagesAccessStub(t) + testServer.Start() + defer testServer.Close() + + teardown := RunPagesProcessWithAuthServer(t, *pagesBinary, listeners, "", testServer.URL) + defer teardown() + + rsp, err := GetProxyRedirectPageWithCookie(t, proxyListener, "private.domain.com", "/", "", true) + require.NoError(t, err) + defer rsp.Body.Close() + + cookie := rsp.Header.Get("Set-Cookie") + + url, err := url.Parse(rsp.Header.Get("Location")) + require.NoError(t, err) + + state := url.Query().Get("state") + require.Equal(t, url.Query().Get("domain"), "https://private.domain.com") + pagesrsp, err := GetProxyRedirectPageWithCookie(t, proxyListener, url.Host, url.Path+"?"+url.RawQuery, "", true) + require.NoError(t, err) + defer pagesrsp.Body.Close() + + pagescookie := pagesrsp.Header.Get("Set-Cookie") + + // Go to auth page with correct state will cause fetching the token + authrsp, err := GetProxyRedirectPageWithCookie(t, proxyListener, + "projects.gitlab-example.com", "/auth?code=1&state="+state, + pagescookie, true) + + require.NoError(t, err) + defer authrsp.Body.Close() + + url, err = url.Parse(authrsp.Header.Get("Location")) + require.NoError(t, err) + + // Will redirect to custom domain + require.Equal(t, "private.domain.com", url.Host) + require.Equal(t, "1", url.Query().Get("code")) + require.Equal(t, state, url.Query().Get("state")) + + // Run auth callback in custom domain + authrsp, err = GetProxyRedirectPageWithCookie(t, proxyListener, "private.domain.com", + "/auth?code=1&state="+state, cookie, true) + + require.NoError(t, err) + defer authrsp.Body.Close() + + // Will redirect to the page + cookie = authrsp.Header.Get("Set-Cookie") + require.Equal(t, http.StatusFound, authrsp.StatusCode) + + url, err = url.Parse(authrsp.Header.Get("Location")) + require.NoError(t, err) + + // Will redirect to custom domain + require.Equal(t, "https://private.domain.com/", url.String()) + // Fetch page in custom domain + authrsp, err = GetProxyRedirectPageWithCookie(t, proxyListener, "private.domain.com", "/", + cookie, true) + require.Equal(t, http.StatusOK, authrsp.StatusCode) +} + func TestAccessControlGroupDomain404RedirectsAuth(t *testing.T) { skipUnlessEnabled(t) teardown := RunPagesProcessWithAuth(t, *pagesBinary, listeners, "") |