3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-09 23:27:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

proxy: remove unused setting AuthorizeInternalAddr (#93)

Browse source 
- Added unit tests for policy validation.
- Removed extraneous policy validation for URLs.
- Add dependency caching to dockerfile.
This commit is contained in:
Bobby DeSimone 2019-04-24 13:28:29 -07:00 committed by GitHub
parent 96f4b8bd61
commit fbe1cae482
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 61 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

23
proxy/proxy_test.go
View file

@ -136,8 +136,12 @@ func TestOptions_Validate(t *testing.T) {
badAuthURL := testOptions()
badAuthURL.AuthenticateURL = nil
authurl, _ := url.Parse("http://authenticate.corp.beyondperimeter.com")
httpAuthURL := testOptions()
httpAuthURL.AuthenticateURL = authurl
authenticateBadScheme := testOptions()
authenticateBadScheme.AuthenticateURL = authurl
authorizeBadSCheme := testOptions()
authorizeBadSCheme.AuthorizeURL = authurl
authorizeNil := testOptions()
authorizeNil.AuthorizeURL = nil
emptyCookieSecret := testOptions()
emptyCookieSecret.CookieSecret = ""
invalidCookieSecret := testOptions()
@ -148,6 +152,12 @@ func TestOptions_Validate(t *testing.T) {
invalidSignKey.SigningKey = "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw^"
badSharedKey := testOptions()
badSharedKey.SharedKey = ""
policyBadBase64 := testOptions()
policyBadBase64.Policy = "^"
badPolicyToURL := testOptions()
badPolicyToURL.Policy = "LSBmcm9tOiBodHRwYmluLmNvcnAuYmV5b25kcGVyaW1ldGVyLmNvbQogIHRvOiBodHRwOi8vaHR0cGJpbl4KICBhbGxvd2VkX2RvbWFpbnM6CiAgICAtIHBvbWVyaXVtLmlv"
badPolicyFromURL := testOptions()
badPolicyFromURL.Policy = "LSBmcm9tOiBodHRwYmluLmNvcnAuYmV5b25kcGVyaW1ldGVyLmNvbQogIHRvOiBodHRwOi8vaHR0cGJpbl4KICBhbGxvd2VkX2RvbWFpbnM6CiAgICAtIHBvbWVyaXVtLmlv"
tests := []struct {
name string
@ -158,13 +168,18 @@ func TestOptions_Validate(t *testing.T) {
{"nil options", &Options{}, true},
{"from route", badFromRoute, true},
{"to route", badToRoute, true},
{"auth service url", badAuthURL, true},
{"auth service url not https", httpAuthURL, true},
{"authenticate service url", badAuthURL, true},
{"authenticate service url not https", authenticateBadScheme, true},
{"authorize service url not https", authorizeBadSCheme, true},
{"authorize service cannot be nil", authorizeNil, true},
{"no cookie secret", emptyCookieSecret, true},
{"invalid cookie secret", invalidCookieSecret, true},
{"short cookie secret", shortCookieLength, true},
{"no shared secret", badSharedKey, true},
{"invalid signing key", invalidSignKey, true},
{"policy invalid base64", policyBadBase64, true},
{"policy bad to url", badPolicyFromURL, true},
{"policy bad from url", badPolicyFromURL, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {