Test explicit subdomain whitelisting
This commit is contained in:
parent
3940d7e1cd
commit
dace5cde18
@ -97,7 +97,8 @@ func TestIsValidRedirect(t *testing.T) {
|
|||||||
opts.ClientID = "bazquux"
|
opts.ClientID = "bazquux"
|
||||||
opts.ClientSecret = "foobar"
|
opts.ClientSecret = "foobar"
|
||||||
opts.CookieSecret = "xyzzyplugh"
|
opts.CookieSecret = "xyzzyplugh"
|
||||||
opts.WhitelistDomains = []string{"foo.bar"}
|
// Should match domains that are exactly foo.bar and any subdomain of bar.foo
|
||||||
|
opts.WhitelistDomains = []string{"foo.bar", ".bar.foo"}
|
||||||
opts.Validate()
|
opts.Validate()
|
||||||
|
|
||||||
proxy := NewOAuthProxy(opts, func(string) bool { return true })
|
proxy := NewOAuthProxy(opts, func(string) bool { return true })
|
||||||
@ -111,12 +112,24 @@ func TestIsValidRedirect(t *testing.T) {
|
|||||||
doubleSlash := proxy.IsValidRedirect("//redirect")
|
doubleSlash := proxy.IsValidRedirect("//redirect")
|
||||||
assert.Equal(t, false, doubleSlash)
|
assert.Equal(t, false, doubleSlash)
|
||||||
|
|
||||||
validHttp := proxy.IsValidRedirect("http://baz.foo.bar/redirect")
|
validHttp := proxy.IsValidRedirect("http://foo.bar/redirect")
|
||||||
assert.Equal(t, true, validHttp)
|
assert.Equal(t, true, validHttp)
|
||||||
|
|
||||||
validHttps := proxy.IsValidRedirect("https://baz.foo.bar/redirect")
|
validHttps := proxy.IsValidRedirect("https://foo.bar/redirect")
|
||||||
assert.Equal(t, true, validHttps)
|
assert.Equal(t, true, validHttps)
|
||||||
|
|
||||||
|
invalidHttpSubdomain := proxy.IsValidRedirect("http://baz.foo.bar/redirect")
|
||||||
|
assert.Equal(t, false, invalidHttpSubdomain)
|
||||||
|
|
||||||
|
invalidHttpsSubdomain := proxy.IsValidRedirect("https://baz.foo.bar/redirect")
|
||||||
|
assert.Equal(t, false, invalidHttpsSubdomain)
|
||||||
|
|
||||||
|
validHttpSubdomain := proxy.IsValidRedirect("http://baz.bar.foo/redirect")
|
||||||
|
assert.Equal(t, true, validHttpSubdomain)
|
||||||
|
|
||||||
|
validHttpsSubdomain := proxy.IsValidRedirect("https://baz.bar.foo/redirect")
|
||||||
|
assert.Equal(t, true, validHttpsSubdomain)
|
||||||
|
|
||||||
invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect")
|
invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect")
|
||||||
assert.Equal(t, false, invalidHttp1)
|
assert.Equal(t, false, invalidHttp1)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user