Test explicit subdomain whitelisting

This commit is contained in:
Joel Speed 2017-12-11 09:33:52 +00:00
parent 3940d7e1cd
commit dace5cde18
No known key found for this signature in database
GPG Key ID: 83695B8B3A376982

View File

@ -97,7 +97,8 @@ func TestIsValidRedirect(t *testing.T) {
opts.ClientID = "bazquux" opts.ClientID = "bazquux"
opts.ClientSecret = "foobar" opts.ClientSecret = "foobar"
opts.CookieSecret = "xyzzyplugh" opts.CookieSecret = "xyzzyplugh"
opts.WhitelistDomains = []string{"foo.bar"} // Should match domains that are exactly foo.bar and any subdomain of bar.foo
opts.WhitelistDomains = []string{"foo.bar", ".bar.foo"}
opts.Validate() opts.Validate()
proxy := NewOAuthProxy(opts, func(string) bool { return true }) proxy := NewOAuthProxy(opts, func(string) bool { return true })
@ -111,12 +112,24 @@ func TestIsValidRedirect(t *testing.T) {
doubleSlash := proxy.IsValidRedirect("//redirect") doubleSlash := proxy.IsValidRedirect("//redirect")
assert.Equal(t, false, doubleSlash) assert.Equal(t, false, doubleSlash)
validHttp := proxy.IsValidRedirect("http://baz.foo.bar/redirect") validHttp := proxy.IsValidRedirect("http://foo.bar/redirect")
assert.Equal(t, true, validHttp) assert.Equal(t, true, validHttp)
validHttps := proxy.IsValidRedirect("https://baz.foo.bar/redirect") validHttps := proxy.IsValidRedirect("https://foo.bar/redirect")
assert.Equal(t, true, validHttps) assert.Equal(t, true, validHttps)
invalidHttpSubdomain := proxy.IsValidRedirect("http://baz.foo.bar/redirect")
assert.Equal(t, false, invalidHttpSubdomain)
invalidHttpsSubdomain := proxy.IsValidRedirect("https://baz.foo.bar/redirect")
assert.Equal(t, false, invalidHttpsSubdomain)
validHttpSubdomain := proxy.IsValidRedirect("http://baz.bar.foo/redirect")
assert.Equal(t, true, validHttpSubdomain)
validHttpsSubdomain := proxy.IsValidRedirect("https://baz.bar.foo/redirect")
assert.Equal(t, true, validHttpsSubdomain)
invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect") invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect")
assert.Equal(t, false, invalidHttp1) assert.Equal(t, false, invalidHttp1)