3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 07:37:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: handle XHR redirect flow (#387)

Browse source 
- authenticate: add cors preflight check support for sign_in endpoint
- internal/httputil: indicate responses that originate from pomerium vs the app
- proxy: detect XHR requests and do not redirect on failure.
- authenticate: removed default session duration; should be maintained out of band with rpc.
This commit is contained in:
Bobby DeSimone 2019-11-14 19:37:31 -08:00 committed by GitHub
parent 9030bd32cb
commit 00c29f4e77
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 128 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

19
authenticate/handlers_test.go
View file

@ -69,6 +69,25 @@ func TestAuthenticate_Handler(t *testing.T) {
if body != expected {
t.Errorf("handler returned unexpected body: got %v want %v", body, expected)
}
// cors preflight
req = httptest.NewRequest(http.MethodOptions, "/.pomerium/sign_in", nil)
req.Header.Set("Accept", "application/json")
req.Header.Set("Access-Control-Request-Method", "GET")
req.Header.Set("Access-Control-Request-Headers", "X-Requested-With")
rr = httptest.NewRecorder()
h.ServeHTTP(rr, req)
expected = fmt.Sprintf("User-agent: *\nDisallow: /")
code := rr.Code
if code != http.StatusOK {
t.Errorf("bad preflight code")
}
resp := rr.Result()
body = resp.Header.Get("vary")
if body == "" {
t.Errorf("handler returned unexpected body: got %v want %v", body, expected)
}
}
func TestAuthenticate_SignIn(t *testing.T) {