public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rewrite OpenRedirect tests in ginkgo

This commit is contained in:
Joel Speed 2021-03-24 22:50:50 +00:00
parent 4daa66e1c9
commit 8c91adcaf0
No known key found for this signature in database
GPG Key ID: 6E80578D6751DEFB
2 changed files with 34 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -8,6 +8,8 @@
## Changes since v7.1.1 ## Changes since v7.1.1
- [#1129](https://github.com/oauth2-proxy/oauth2-proxy/pull/1129) Rewrite OpenRedirect tests in ginkgo (@JoelSpeed)
# V7.1.1 # V7.1.1
## Release Highlights ## Release Highlights

69
oauthproxy_test.go
View File

@ -27,6 +27,8 @@ import (
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/upstream" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/upstream"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/validation"
"github.com/oauth2-proxy/oauth2-proxy/v7/providers" "github.com/oauth2-proxy/oauth2-proxy/v7/providers"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -316,54 +318,47 @@ func TestIsValidRedirect(t *testing.T) {
} }
} }
func TestOpenRedirects(t *testing.T) { var _ = Describe("OpenRedirect Tests", func() {
opts := baseTestOptions() var proxy *OAuthProxy
// Should match domains that are exactly foo.bar and any subdomain of bar.foo
opts.WhitelistDomains = []string{
"foo.bar",
".bar.foo",
"port.bar:8080",
".sub.port.bar:8080",
"anyport.bar:*",
".sub.anyport.bar:*",
"www.whitelisteddomain.tld",
}
err := validation.Validate(opts)
assert.NoError(t, err)
proxy, err := NewOAuthProxy(opts, func(string) bool { return true }) BeforeEach(func() {
if err != nil { opts := baseTestOptions()
t.Fatal(err) // Should match domains that are exactly foo.bar and any subdomain of bar.foo
} opts.WhitelistDomains = []string{
"foo.bar",
".bar.foo",
"port.bar:8080",
".sub.port.bar:8080",
"anyport.bar:*",
".sub.anyport.bar:*",
"www.whitelisteddomain.tld",
}
Expect(validation.Validate(opts)).To(Succeed())
var err error
proxy, err = NewOAuthProxy(opts, func(string) bool { return true })
Expect(err).ToNot(HaveOccurred())
})
file, err := os.Open("./testdata/openredirects.txt") file, err := os.Open("./testdata/openredirects.txt")
if err != nil { Expect(err).ToNot(HaveOccurred())
t.Fatal(err) defer func() {
} Expect(file.Close()).To(Succeed())
defer func(t *testing.T) { }()
if err := file.Close(); err != nil {
t.Fatal(err)
}
}(t)
scanner := bufio.NewScanner(file) scanner := bufio.NewScanner(file)
for scanner.Scan() { for scanner.Scan() {
rd := scanner.Text() rd := scanner.Text()
t.Run(rd, func(t *testing.T) { It(rd, func() {
rdUnescaped, err := url.QueryUnescape(rd) rdUnescaped, err := url.QueryUnescape(rd)
if err != nil { Expect(err).ToNot(HaveOccurred())
t.Fatal(err)
} Expect(proxy.IsValidRedirect(rdUnescaped)).To(BeFalse(), "Expected redirect not to be valid")
if proxy.IsValidRedirect(rdUnescaped) {
t.Errorf("Expected %q to not be valid (unescaped: %q)", rd, rdUnescaped)
}
}) })
} }
if err := scanner.Err(); err != nil { Expect(scanner.Err()).ToNot(HaveOccurred())
t.Fatal(err) })
}
}
type TestProvider struct { type TestProvider struct {
*providers.ProviderData *providers.ProviderData