all: support route scoped sessions

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-05-10 15:47:36 +02:00 · 2019-11-06 17:30:27 -08:00 · 2019-11-06 17:30:27 -08:00 · d3d60d1055
commit d3d60d1055
parent 83342112bb
53 changed files with 2092 additions and 2416 deletions
--- a/internal/middleware/middleware_test.go
+++ b/internal/middleware/middleware_test.go
@ -17,36 +17,6 @@ func hmacHelperFunc(rawRedirect string, timestamp time.Time, secret string) []by
 	return cryptutil.GenerateHMAC(data, secret)
 }

-func Test_SameDomain(t *testing.T) {
-	t.Parallel()
-	tests := []struct {
-		name        string
-		uri         string
-		rootDomains string
-		want        bool
-	}{
-		{"good url redirect", "https://example.com/redirect", "https://example.com", true},
-		{"good multilevel", "https://httpbin.a.corp.example.com", "https://auth.b.corp.example.com", true},
-		{"good complex tld", "https://httpbin.a.corp.example.co.uk", "https://auth.b.corp.example.co.uk", true},
-		{"bad complex tld", "https://httpbin.a.corp.notexample.co.uk", "https://auth.b.corp.example.co.uk", false},
-		{"simple sub", "https://auth.example.com", "https://test.example.com", true},
-		{"bad domain", "https://auth.example.com/redirect", "https://test.notexample.com", false},
-		{"malformed url", "^example.com/redirect", "https://notexample.com", false},
-		{"empty domain list", "https://example.com/redirect", ".com", false},
-		{"empty domain", "https://example.com/redirect", "", false},
-		{"empty url", "", "example.com", false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			u, _ := url.Parse(tt.uri)
-			j, _ := url.Parse(tt.rootDomains)
-			if got := SameDomain(u, j); got != tt.want {
-				t.Errorf("SameDomain() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func Test_ValidSignature(t *testing.T) {
 	t.Parallel()
 	goodURL := "https://example.com/redirect"
@ -109,87 +79,6 @@ func TestSetHeaders(t *testing.T) {
 	}
 }

-func TestValidateRedirectURI(t *testing.T) {
-	t.Parallel()
-	tests := []struct {
-		name        string
-		rootDomain  string
-		redirectURI string
-		status      int
-	}{
-		{"simple", "https://auth.google.com", "redirect_uri=https://b.google.com", http.StatusOK},
-		{"deep ok", "https://a.some.really.deep.sub.domain.google.com", "redirect_uri=https://b.some.really.deep.sub.domain.google.com", http.StatusOK},
-		{"bad match", "https://auth.aol.com", "redirect_uri=https://test.google.com", http.StatusBadRequest},
-		{"bad simple", "https://auth.corp.aol.com", "redirect_uri=https://test.corp.google.com", http.StatusBadRequest},
-		{"deep bad", "https://a.some.really.deep.sub.domain.scroogle.com", "redirect_uri=https://b.some.really.deep.sub.domain.google.com", http.StatusBadRequest},
-		{"with cname", "https://auth.google.com", "redirect_uri=https://www.google.com", http.StatusOK},
-		{"with path", "https://auth.google.com", "redirect_uri=https://www.google.com/path", http.StatusOK},
-		{"http mistmatch", "https://auth.google.com", "redirect_uri=http://www.google.com/path", http.StatusOK},
-		{"http", "http://auth.google.com", "redirect_uri=http://www.google.com/path", http.StatusOK},
-		{"ip", "http://1.1.1.1", "redirect_uri=http://8.8.8.8", http.StatusBadRequest},
-		{"redirect get param not set", "https://auth.google.com", "not_redirect_uri!=https://b.google.com", http.StatusBadRequest},
-		{"malformed, invalid get params", "https://auth.google.com", "redirect_uri=https://%zzzzz", http.StatusBadRequest},
-		{"malformed, invalid url", "https://auth.google.com", "redirect_uri=https://accounts.google.^", http.StatusBadRequest},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			req := &http.Request{
-				Method: http.MethodGet,
-				URL:    &url.URL{RawQuery: tt.redirectURI},
-			}
-			testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				w.Write([]byte("Hi"))
-			})
-			rr := httptest.NewRecorder()
-			u, _ := url.Parse(tt.rootDomain)
-			handler := ValidateRedirectURI(u)(testHandler)
-			handler.ServeHTTP(rr, req)
-			if rr.Code != tt.status {
-				t.Errorf("Status code differs. got %d want %d", rr.Code, tt.status)
-				t.Errorf("%s", rr.Body)
-			}
-		})
-	}
-}
-
-func TestValidateClientSecret(t *testing.T) {
-	t.Parallel()
-	tests := []struct {
-		name              string
-		sharedSecret      string
-		clientGetValue    string
-		clientHeaderValue string
-		status            int
-	}{
-		{"simple", "secret", "secret", "secret", http.StatusOK},
-		{"missing get param, valid header", "secret", "", "secret", http.StatusOK},
-		{"missing both", "secret", "", "", http.StatusBadRequest},
-		{"simple bad", "bad-secret", "secret", "", http.StatusBadRequest},
-		{"malformed, invalid hex digits", "secret", "%zzzzz", "", http.StatusBadRequest},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			req := &http.Request{
-				Method: http.MethodGet,
-				Header: http.Header{"X-Client-Secret": []string{tt.clientHeaderValue}},
-				URL:    &url.URL{RawQuery: fmt.Sprintf("shared_secret=%s", tt.clientGetValue)},
-			}
-			testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				w.Write([]byte("Hi"))
-			})
-			rr := httptest.NewRecorder()
-			handler := ValidateClientSecret(tt.sharedSecret)(testHandler)
-			handler.ServeHTTP(rr, req)
-			if rr.Code != tt.status {
-				t.Errorf("Status code differs. got %d want %d", rr.Code, tt.status)
-				t.Errorf("%s", rr.Body)
-			}
-		})
-	}
-}
-
 func TestValidateSignature(t *testing.T) {
 	t.Parallel()
 	secretA := "41aOD7VNtQ1/KZDCGrkYpaHwB50JC1y6BDs2KPRVd2A="