diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2024-03-17 14:17:50 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-17 14:17:50 +1100 |
| commit | b64c19a673191c19766c50fd2ac38e4ed0690b30 (patch) | |
| tree | bc4de5c28f697bad8ce8befe21da04318fa4f94e /internal/handlers/handler_authz_test.go | |
| parent | 890737cfdb19160a55b301b6b312fa1df60688be (diff) | |
fix(handlers): bypass fails with authorization header (#6919)
This fixes an issue where the failure to perform authorization via a header causes the bypass rule to fail to process the request. This just logs the error and continues as normal.
Fixes #6914
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/handlers/handler_authz_test.go')
| -rw-r--r-- | internal/handlers/handler_authz_test.go | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/internal/handlers/handler_authz_test.go b/internal/handlers/handler_authz_test.go index dbba67e46..63f22b0bd 100644 --- a/internal/handlers/handler_authz_test.go +++ b/internal/handlers/handler_authz_test.go @@ -244,7 +244,7 @@ func (s *AuthzSuite) TestShouldVerifyFailureToGetDetailsUsingBasicScheme() { s.ConfigureMockSessionProviderWithAutomaticAutheliaURLs(mock) - targetURI := s.RequireParseRequestURI("https://bypass.example.com") + targetURI := s.RequireParseRequestURI("https://onefactor.example.com") s.setRequest(mock.Ctx, fasthttp.MethodGet, targetURI, true, false) @@ -274,6 +274,40 @@ func (s *AuthzSuite) TestShouldVerifyFailureToGetDetailsUsingBasicScheme() { } } +func (s *AuthzSuite) TestShouldVerifyBypassWithErrorToGetDetailsUsingBasicScheme() { + if s.setRequest == nil { + s.T().Skip() + } + + authz := s.Builder().Build() + + mock := mocks.NewMockAutheliaCtx(s.T()) + + defer mock.Close() + + s.ConfigureMockSessionProviderWithAutomaticAutheliaURLs(mock) + + targetURI := s.RequireParseRequestURI("https://bypass.example.com") + + s.setRequest(mock.Ctx, fasthttp.MethodGet, targetURI, true, false) + + mock.Ctx.Request.Header.Set(fasthttp.HeaderProxyAuthorization, "Basic am9objpwYXNzd29yZA==") + + gomock.InOrder( + mock.UserProviderMock.EXPECT(). + CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")). + Return(true, nil), + + mock.UserProviderMock.EXPECT(). + GetDetails(gomock.Eq("john")). + Return(nil, fmt.Errorf("generic failure")), + ) + + authz.Handler(mock.Ctx) + + s.Equal(fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) +} + func (s *AuthzSuite) TestShouldNotFailOnMissingEmail() { if s.setRequest == nil { s.T().Skip() |