From 8d1bbf33b1f232e2228586a29a42438ca83807a8 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Wed, 28 Oct 2020 20:08:09 +0000 Subject: [PATCH] Add tests for headers validation --- pkg/validation/header_test.go | 164 ++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 pkg/validation/header_test.go diff --git a/pkg/validation/header_test.go b/pkg/validation/header_test.go new file mode 100644 index 00000000..fee4525d --- /dev/null +++ b/pkg/validation/header_test.go @@ -0,0 +1,164 @@ +package validation + +import ( + "encoding/base64" + + "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options" + . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/extensions/table" + . "github.com/onsi/gomega" +) + +var _ = Describe("Headers", func() { + type validateHeaderTableInput struct { + headers []options.Header + expectedMsgs []string + } + + validHeader1 := options.Header{ + Name: "X-Email", + Values: []options.HeaderValue{ + { + ClaimSource: &options.ClaimSource{ + Claim: "email", + }, + }, + }, + } + + validHeader2 := options.Header{ + Name: "X-Forwarded-Auth", + Values: []options.HeaderValue{ + { + SecretSource: &options.SecretSource{ + Value: []byte(base64.StdEncoding.EncodeToString([]byte("secret"))), + }, + }, + }, + } + + validHeader3 := options.Header{ + Name: "Authorization", + Values: []options.HeaderValue{ + { + ClaimSource: &options.ClaimSource{ + Claim: "email", + BasicAuthPassword: &options.SecretSource{ + Value: []byte(base64.StdEncoding.EncodeToString([]byte("secret"))), + }, + }, + }, + }, + } + + DescribeTable("validateHeaders", + func(in validateHeaderTableInput) { + Expect(validateHeaders(in.headers)).To(ConsistOf(in.expectedMsgs)) + }, + Entry("with no headers", validateHeaderTableInput{ + headers: []options.Header{}, + expectedMsgs: []string{}, + }), + Entry("with valid headers", validateHeaderTableInput{ + headers: []options.Header{ + validHeader1, + validHeader2, + validHeader3, + }, + expectedMsgs: []string{}, + }), + Entry("with multiple headers with the same name", validateHeaderTableInput{ + headers: []options.Header{ + validHeader1, + validHeader1, + validHeader2, + validHeader2, + }, + expectedMsgs: []string{ + "multiple headers found with name \"X-Email\": header names must be unique", + "multiple headers found with name \"X-Forwarded-Auth\": header names must be unique", + }, + }), + Entry("with an unamed header", validateHeaderTableInput{ + headers: []options.Header{ + {}, + validHeader2, + }, + expectedMsgs: []string{ + "header has empty name: names are required for all headers", + }, + }), + Entry("with a header which has a claim and secret source", validateHeaderTableInput{ + headers: []options.Header{ + { + Name: "With-Claim-And-Secret", + Values: []options.HeaderValue{ + { + ClaimSource: &options.ClaimSource{}, + SecretSource: &options.SecretSource{}, + }, + }, + }, + validHeader1, + }, + expectedMsgs: []string{ + "invalid header \"With-Claim-And-Secret\": invalid values: header value has multiple entries: only one entry per value is allowed", + }, + }), + Entry("with a header which has a claim without a claim", validateHeaderTableInput{ + headers: []options.Header{ + { + Name: "Without-Claim", + Values: []options.HeaderValue{ + { + ClaimSource: &options.ClaimSource{ + Prefix: "prefix", + }, + }, + }, + }, + validHeader3, + }, + expectedMsgs: []string{ + "invalid header \"Without-Claim\": invalid values: claim should not be empty", + }, + }), + Entry("with a header with invalid secret source", validateHeaderTableInput{ + headers: []options.Header{ + { + Name: "With-Invalid-Secret", + Values: []options.HeaderValue{ + { + SecretSource: &options.SecretSource{}, + }, + }, + }, + validHeader1, + }, + expectedMsgs: []string{ + "invalid header \"With-Invalid-Secret\": invalid values: multiple values specified for secret source: specify either value, fromEnv of fromFile", + }, + }), + Entry("with a header with invalid basicAuthPassword source", validateHeaderTableInput{ + headers: []options.Header{ + { + Name: "With-Invalid-Basic-Auth", + Values: []options.HeaderValue{ + { + ClaimSource: &options.ClaimSource{ + Claim: "user", + BasicAuthPassword: &options.SecretSource{ + Value: []byte("secret"), + }, + }, + }, + }, + }, + validHeader1, + }, + expectedMsgs: []string{ + "invalid header \"With-Invalid-Basic-Auth\": invalid values: invalid basicAuthPassword: error decoding secret value: illegal base64 data at input byte 4", + }, + }), + ) +})