core/authorize: result denied improvements (#4952)

* core/authorize: result denied improvements * add authenticate robots.txt * fix tests
2025-06-22 04:28:25 +02:00 · 2024-02-01 16:16:33 -07:00 · 2024-02-01 16:16:33 -07:00 · 55eb2fa3dc
commit 55eb2fa3dc
parent 61a9bd7c6b
8 changed files with 19 additions and 91 deletions
--- a/config/envoyconfig/routes_test.go
+++ b/config/envoyconfig/routes_test.go
@ -110,9 +110,9 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {
 			`+routeString("prefix", "/.pomerium/")+`,
 			`+routeString("path", "/.well-known/pomerium")+`,
 			`+routeString("prefix", "/.well-known/pomerium/")+`,
-			`+routeString("path", "/robots.txt")+`,
 			`+routeString("path", "/oauth2/callback")+`,
-			`+routeString("path", "/")+`
+			`+routeString("path", "/")+`,
+			`+routeString("path", "/robots.txt")+`
 		]`, routes)
 	})
 	t.Run("proxy fronting authenticate", func(t *testing.T) {
@ -125,56 +125,6 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {
 		require.NoError(t, err)
 		testutil.AssertProtoJSONEqual(t, "null", routes)
 	})
-
-	t.Run("with robots", func(t *testing.T) {
-		options := &config.Options{
-			Services:                 "all",
-			AuthenticateURLString:    "https://authenticate.example.com",
-			AuthenticateCallbackPath: "/oauth2/callback",
-			Policies: []config.Policy{{
-				From: "https://from.example.com",
-				To:   mustParseWeightedURLs(t, "https://to.example.com"),
-			}},
-		}
-		_ = options.Policies[0].Validate()
-		routes, err := b.buildPomeriumHTTPRoutes(options, "from.example.com")
-		require.NoError(t, err)
-
-		testutil.AssertProtoJSONEqual(t, `[
-			`+routeString("path", "/ping")+`,
-			`+routeString("path", "/healthz")+`,
-			`+routeString("path", "/.pomerium")+`,
-			`+routeString("prefix", "/.pomerium/")+`,
-			`+routeString("path", "/.well-known/pomerium")+`,
-			`+routeString("prefix", "/.well-known/pomerium/")+`,
-			`+routeString("path", "/robots.txt")+`
-		]`, routes)
-	})
-
-	t.Run("without robots", func(t *testing.T) {
-		options := &config.Options{
-			Services:                 "all",
-			AuthenticateURLString:    "https://authenticate.example.com",
-			AuthenticateCallbackPath: "/oauth2/callback",
-			Policies: []config.Policy{{
-				From:                             "https://from.example.com",
-				To:                               mustParseWeightedURLs(t, "https://to.example.com"),
-				AllowPublicUnauthenticatedAccess: true,
-			}},
-		}
-		_ = options.Policies[0].Validate()
-		routes, err := b.buildPomeriumHTTPRoutes(options, "from.example.com")
-		require.NoError(t, err)
-
-		testutil.AssertProtoJSONEqual(t, `[
-			`+routeString("path", "/ping")+`,
-			`+routeString("path", "/healthz")+`,
-			`+routeString("path", "/.pomerium")+`,
-			`+routeString("prefix", "/.pomerium/")+`,
-			`+routeString("path", "/.well-known/pomerium")+`,
-			`+routeString("prefix", "/.well-known/pomerium/")+`
-		]`, routes)
-	})
 }

 func Test_buildControlPlanePathRoute(t *testing.T) {