Test IsValidRedirect method

2017-10-02 10:19:24 +01:00 · 2017-10-02 10:19:24 +01:00 · 768a6ce989
commit 768a6ce989
parent 2a1691a994
1 changed files with 38 additions and 0 deletions
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@ -93,6 +93,44 @@ func TestRobotsTxt(t *testing.T) {
 	assert.Equal(t, "User-agent: *\nDisallow: /", rw.Body.String())
 }

+func TestIsValidRedirect(t *testing.T) {
+	opts := NewOptions()
+	opts.ClientID = "bazquux"
+	opts.ClientSecret = "foobar"
+	opts.CookieSecret = "xyzzyplugh"
+	opts.WhitelistDomains = []string{"foo.bar"}
+	opts.Validate()
+
+	proxy := NewOAuthProxy(opts, func(string) bool { return true })
+
+	noRD := proxy.IsValidRedirect("")
+	assert.Equal(t, false, noRD)
+
+	singleSlash := proxy.IsValidRedirect("/redirect")
+	assert.Equal(t, true, singleSlash)
+
+	doubleSlash := proxy.IsValidRedirect("//redirect")
+	assert.Equal(t, false, doubleSlash)
+
+	validHTTP := proxy.IsValidRedirect("http://baz.foo.bar/redirect")
+	assert.Equal(t, true, validHTTP)
+
+	validHTTPS := proxy.IsValidRedirect("https://baz.foo.bar/redirect")
+	assert.Equal(t, true, validHTTPS)
+
+	invalidHTTP1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect")
+	assert.Equal(t, false, invalidHTTP1)
+
+	invalidHTTPS1 := proxy.IsValidRedirect("https://foo.bar.evil.corp/redirect")
+	assert.Equal(t, false, invalidHTTPS1)
+
+	invalidHTTP2 := proxy.IsValidRedirect("http://evil.corp/redirect?rd=foo.bar")
+	assert.Equal(t, false, invalidHTTP2)
+
+	invalidHTTPS2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar")
+	assert.Equal(t, false, invalidHTTPS2)
+}
+
 type TestProvider struct {
 	*providers.ProviderData
 	EmailAddress string