diff options
author | Vladimir Shushlin <v.shushlin@gmail.com> | 2021-01-05 17:41:40 +0300 |
---|---|---|
committer | Vladimir Shushlin <v.shushlin@gmail.com> | 2021-01-05 17:41:40 +0300 |
commit | ad8f7ff5423cde7b5f56d12b8fe592eb9b8193e0 (patch) | |
tree | be0d07c09f4c8b59c6217d0bf542161824627f89 /test | |
parent | e4ddf96500cab8587671147848e51da91ff6e300 (diff) | |
parent | 68a4f5bec4e3863c48b533c662839f4b3383a6b7 (diff) |
Merge branch 'master' into security-master
Diffstat (limited to 'test')
-rw-r--r-- | test/acceptance/auth_test.go | 96 | ||||
-rw-r--r-- | test/acceptance/serving_test.go | 19 |
2 files changed, 74 insertions, 41 deletions
diff --git a/test/acceptance/auth_test.go b/test/acceptance/auth_test.go index 40aec47a..fa2d768d 100644 --- a/test/acceptance/auth_test.go +++ b/test/acceptance/auth_test.go @@ -189,62 +189,76 @@ func TestAccessControlUnderCustomDomain(t *testing.T) { teardown := RunPagesProcessWithAuthServer(t, *pagesBinary, listeners, "", testServer.URL) defer teardown() - rsp, err := GetRedirectPage(t, httpListener, "private.domain.com", "/") - require.NoError(t, err) - defer rsp.Body.Close() + tests := map[string]struct { + domain string + path string + }{ + "private_domain": { + domain: "private.domain.com", + path: "", + }, + "private_domain_with_query": { + domain: "private.domain.com", + path: "?q=test", + }, + } + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + rsp, err := GetRedirectPage(t, httpListener, tt.domain, tt.path) + require.NoError(t, err) + defer rsp.Body.Close() - cookie := rsp.Header.Get("Set-Cookie") + cookie := rsp.Header.Get("Set-Cookie") - url, err := url.Parse(rsp.Header.Get("Location")) - require.NoError(t, err) + url, err := url.Parse(rsp.Header.Get("Location")) + require.NoError(t, err) - state := url.Query().Get("state") - require.Equal(t, url.Query().Get("domain"), "http://private.domain.com") + state := url.Query().Get("state") + require.Equal(t, "http://"+tt.domain, url.Query().Get("domain")) - pagesrsp, err := GetRedirectPage(t, httpListener, url.Host, url.Path+"?"+url.RawQuery) - require.NoError(t, err) - defer pagesrsp.Body.Close() + pagesrsp, err := GetRedirectPage(t, httpListener, url.Host, url.Path+"?"+url.RawQuery) + require.NoError(t, err) + defer pagesrsp.Body.Close() - pagescookie := pagesrsp.Header.Get("Set-Cookie") + pagescookie := pagesrsp.Header.Get("Set-Cookie") - // Go to auth page with correct state will cause fetching the token - authrsp, err := GetRedirectPageWithCookie(t, httpListener, "projects.gitlab-example.com", "/auth?code=1&state="+ - state, pagescookie) + // Go to auth page with correct state will cause fetching the token + authrsp, err := GetRedirectPageWithCookie(t, httpListener, tt.domain, "/auth?code=1&state="+ + state, pagescookie) - require.NoError(t, err) - defer authrsp.Body.Close() + require.NoError(t, err) + defer authrsp.Body.Close() - url, err = url.Parse(authrsp.Header.Get("Location")) - require.NoError(t, err) + url, err = url.Parse(authrsp.Header.Get("Location")) + require.NoError(t, err) - // Will redirect to custom domain - require.Equal(t, "private.domain.com", url.Host) - // code must have changed since it's encrypted - code := url.Query().Get("code") - require.NotEqual(t, "1", code) - require.Equal(t, state, url.Query().Get("state")) + // Will redirect to custom domain + require.Equal(t, tt.domain, url.Host) + code := url.Query().Get("code") + require.NotEqual(t, "1", code) - // Run auth callback in custom domain - authrsp, err = GetRedirectPageWithCookie(t, httpListener, "private.domain.com", "/auth?code="+code+"&state="+ - state, cookie) + authrsp, err = GetRedirectPageWithCookie(t, httpListener, tt.domain, "/auth?code="+code+"&state="+ + state, cookie) - require.NoError(t, err) - defer authrsp.Body.Close() + require.NoError(t, err) + defer authrsp.Body.Close() - // Will redirect to the page - cookie = authrsp.Header.Get("Set-Cookie") - require.Equal(t, http.StatusFound, authrsp.StatusCode) + // Will redirect to the page + cookie = authrsp.Header.Get("Set-Cookie") + require.Equal(t, http.StatusFound, authrsp.StatusCode) - url, err = url.Parse(authrsp.Header.Get("Location")) - require.NoError(t, err) + url, err = url.Parse(authrsp.Header.Get("Location")) + require.NoError(t, err) - // Will redirect to custom domain - require.Equal(t, "http://private.domain.com/", url.String()) + // Will redirect to custom domain + require.Equal(t, "http://"+tt.domain+"/"+tt.path, url.String()) - // Fetch page in custom domain - authrsp, err = GetRedirectPageWithCookie(t, httpListener, "private.domain.com", "/", cookie) - require.NoError(t, err) - require.Equal(t, http.StatusOK, authrsp.StatusCode) + // Fetch page in custom domain + authrsp, err = GetRedirectPageWithCookie(t, httpListener, tt.domain, tt.path, cookie) + require.NoError(t, err) + require.Equal(t, http.StatusOK, authrsp.StatusCode) + }) + } } func TestCustomErrorPageWithAuth(t *testing.T) { diff --git a/test/acceptance/serving_test.go b/test/acceptance/serving_test.go index da2843a0..66b5fa47 100644 --- a/test/acceptance/serving_test.go +++ b/test/acceptance/serving_test.go @@ -552,3 +552,22 @@ func doCrossOriginRequest(t *testing.T, spec ListenSpec, method, reqMethod, url rsp.Body.Close() return rsp } + +func TestQueryStringPersistedInSlashRewrite(t *testing.T) { + skipUnlessEnabled(t) + teardown := RunPagesProcess(t, *pagesBinary, listeners, "") + defer teardown() + + rsp, err := GetRedirectPage(t, httpsListener, "group.gitlab-example.com", "project?q=test") + require.NoError(t, err) + defer rsp.Body.Close() + + require.Equal(t, http.StatusFound, rsp.StatusCode) + require.Equal(t, 1, len(rsp.Header["Location"])) + require.Equal(t, "//group.gitlab-example.com/project/?q=test", rsp.Header.Get("Location")) + + rsp, err = GetPageFromListener(t, httpsListener, "group.gitlab-example.com", "project/?q=test") + require.NoError(t, err) + defer rsp.Body.Close() + require.Equal(t, http.StatusOK, rsp.StatusCode) +} |