Test IsValidRedirect method

2017-10-02 10:19:24 +01:00 · 2017-10-02 10:19:24 +01:00 · 7c09fed40f
commit 7c09fed40f
parent d3e0f88346
1 changed files with 38 additions and 0 deletions
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@ -92,6 +92,44 @@ func TestRobotsTxt(t *testing.T) {
 	assert.Equal(t, "User-agent: *\nDisallow: /", rw.Body.String())
 }

+func TestIsValidRedirect(t *testing.T) {
+	opts := NewOptions()
+	opts.ClientID = "bazquux"
+	opts.ClientSecret = "foobar"
+	opts.CookieSecret = "xyzzyplugh"
+	opts.WhitelistDomains = []string{"foo.bar"}
+	opts.Validate()
+
+	proxy := NewOAuthProxy(opts, func(string) bool { return true })
+
+	noRD := proxy.IsValidRedirect("")
+	assert.Equal(t, false, noRD)
+
+	singleSlash := proxy.IsValidRedirect("/redirect")
+	assert.Equal(t, true, singleSlash)
+
+	doubleSlash := proxy.IsValidRedirect("//redirect")
+	assert.Equal(t, false, doubleSlash)
+
+	validHttp := proxy.IsValidRedirect("http://baz.foo.bar/redirect")
+	assert.Equal(t, true, validHttp)
+
+	validHttps := proxy.IsValidRedirect("https://baz.foo.bar/redirect")
+	assert.Equal(t, true, validHttps)
+
+	invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect")
+	assert.Equal(t, false, invalidHttp1)
+
+	invalidHttps1 := proxy.IsValidRedirect("https://foo.bar.evil.corp/redirect")
+	assert.Equal(t, false, invalidHttps1)
+
+	invalidHttp2 := proxy.IsValidRedirect("http://evil.corp/redirect?rd=foo.bar")
+	assert.Equal(t, false, invalidHttp2)
+
+	invalidHttps2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar")
+	assert.Equal(t, false, invalidHttps2)
+}
+
 type TestProvider struct {
 	*providers.ProviderData
 	EmailAddress string