webauthn: require session when accessing /.pomerium/webauthn (#3814)

* webauthn: require session when accessing /.pomerium/webauthn * remove dead code * remove unusued PomeriumDomains field
2025-07-23 11:39:32 +02:00 · 2022-12-16 10:59:21 -07:00 · 2022-12-16 10:59:21 -07:00 · c86ca6f76f
commit c86ca6f76f
parent 44a5c1b2fb
8 changed files with 67 additions and 78 deletions
--- a/config/envoyconfig/routes_test.go
+++ b/config/envoyconfig/routes_test.go
@ -88,6 +88,7 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {

 		testutil.AssertProtoJSONEqual(t, `[
 			`+routeString("path", "/.pomerium/jwt", true)+`,
+			`+routeString("path", "/.pomerium/webauthn", true)+`,
 			`+routeString("path", "/ping", false)+`,
 			`+routeString("path", "/healthz", false)+`,
 			`+routeString("path", "/.pomerium", false)+`,
@ -126,6 +127,7 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {

 		testutil.AssertProtoJSONEqual(t, `[
 			`+routeString("path", "/.pomerium/jwt", true)+`,
+			`+routeString("path", "/.pomerium/webauthn", true)+`,
 			`+routeString("path", "/ping", false)+`,
 			`+routeString("path", "/healthz", false)+`,
 			`+routeString("path", "/.pomerium", false)+`,
@ -153,6 +155,7 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {

 		testutil.AssertProtoJSONEqual(t, `[
 			`+routeString("path", "/.pomerium/jwt", true)+`,
+			`+routeString("path", "/.pomerium/webauthn", true)+`,
 			`+routeString("path", "/ping", false)+`,
 			`+routeString("path", "/healthz", false)+`,
 			`+routeString("path", "/.pomerium", false)+`,
@ -249,7 +252,8 @@ func TestTimeouts(t *testing.T) {
 					UpstreamTimeout: getDuration(tc.upstream),
 					IdleTimeout:     getDuration(tc.idle),
 					AllowWebsockets: tc.allowWebsockets,
-				}},
+				},
+			},
 		}, "example.com")
 		if !assert.NoError(t, err, "%v", tc) || !assert.Len(t, routes, 1, tc) || !assert.NotNil(t, routes[0].GetRoute(), "%v", tc) {
 			continue