3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/authenticate/middleware_test.go
Bobby 0766725ff8
proxy : add HTTP endpoint support (#13) 
proxy : Add HTTP (insecure) endpoint support, closes #11.

* Fix typos
* Fixed additional typos and an ineffectual assignment
* Update route configuration in docs
2019-01-15 15:06:16 -08:00

85 lines
2.7 KiB
Go
Raw Blame History

package authenticate
import (
"encoding/base64"
"fmt"
"testing"
"time"
)
func Test_validRedirectURI(t *testing.T) {
tests := []struct {
name string
uri string
rootDomains []string
want bool
}{
{"good url redirect", "https://example.com/redirect", []string{"example.com"}, true},
{"bad domain", "https://example.com/redirect", []string{"notexample.com"}, false},
{"malformed url", "^example.com/redirect", []string{"notexample.com"}, false},
{"empty domain list", "https://example.com/redirect", []string{}, false},
{"empty domain", "https://example.com/redirect", []string{""}, false},
{"empty url", "", []string{"example.com"}, false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := validRedirectURI(tt.uri, tt.rootDomains); got != tt.want {
t.Errorf("validRedirectURI() = %v, want %v", got, tt.want)
}
})
}
}
func Test_validSignature(t *testing.T) {
goodURL := "https://example.com/redirect"
secretA := "41aOD7VNtQ1/KZDCGrkYpaHwB50JC1y6BDs2KPRVd2A="
now := fmt.Sprint(time.Now().Unix())
rawSig := redirectURLSignature(goodURL, time.Now(), secretA)
sig := base64.URLEncoding.EncodeToString(rawSig)
staleTime := fmt.Sprint(time.Now().Add(-6 * time.Minute).Unix())
tests := []struct {
name string
redirectURI string
sigVal string
timestamp string
secret string
want bool
}{
{"good signature", goodURL, string(sig), now, secretA, true},
{"empty redirect url", "", string(sig), now, secretA, false},
{"bad redirect url", "https://google.com^", string(sig), now, secretA, false},
{"malformed signature", goodURL, string(sig + "^"), now, "&*&@**($&#(", false},
{"malformed timestamp", goodURL, string(sig), now + "^", secretA, false},
{"stale timestamp", goodURL, string(sig), staleTime, secretA, false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := validSignature(tt.redirectURI, tt.sigVal, tt.timestamp, tt.secret); got != tt.want {
t.Errorf("validSignature() = %v, want %v", got, tt.want)
}
})
}
}
func Test_redirectURLSignature(t *testing.T) {
tests := []struct {
name string
rawRedirect string
timestamp time.Time
secret string
want string
}{
{"good signature", "https://example.com/redirect", time.Unix(1546797901, 0), "41aOD7VNtQ1/KZDCGrkYpaHwB50JC1y6BDs2KPRVd2A=", "GIDyWKjrG_7MwXwIq1o51f2pDT_rH9aLHdsHxSBEwy8="},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := redirectURLSignature(tt.rawRedirect, tt.timestamp, tt.secret)
out := base64.URLEncoding.EncodeToString(got)
if out != tt.want {
t.Errorf("redirectURLSignature() = %v, want %v", tt.want, out)
}
})
}
}
Reference in a new issue View git blame Copy permalink