diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2021-03-05 15:18:31 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-05 15:18:31 +1100 |
| commit | 4dce8f94962d3bd0099bbb202f76696a551d099b (patch) | |
| tree | fdc3bba51d8f23b6866ddbbbd9e9feb50e9fb293 /internal/handlers/handler_verify_test.go | |
| parent | 455b8590477f0ec7841e6766294937cecb94640f (diff) | |
perf(authorizer): preload access control lists (#1640)
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
Diffstat (limited to 'internal/handlers/handler_verify_test.go')
| -rw-r--r-- | internal/handlers/handler_verify_test.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go index eab127dec..9f9c61a25 100644 --- a/internal/handlers/handler_verify_test.go +++ b/internal/handlers/handler_verify_test.go @@ -196,7 +196,7 @@ func TestShouldCheckAuthorizationMatching(t *testing.T) { username = testUsername } - matching := isTargetURLAuthorized(authorizer, *url, username, []string{}, net.ParseIP("127.0.0.1"), rule.AuthLevel) + matching := isTargetURLAuthorized(authorizer, *url, username, []string{}, net.ParseIP("127.0.0.1"), []byte("GET"), rule.AuthLevel) assert.Equal(t, rule.ExpectedMatching, matching, "policy=%s, authLevel=%v, expected=%v, actual=%v", rule.Policy, rule.AuthLevel, rule.ExpectedMatching, matching) } @@ -762,10 +762,11 @@ func TestShouldRedirectWhenSessionInactiveForTooLongAndRDParamProvided(t *testin mock.Ctx.QueryArgs().Add("rd", "https://login.example.com") mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com") + mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET") VerifyGet(verifyGetCfg)(mock.Ctx) - assert.Equal(t, "Found. Redirecting to https://login.example.com?rd=https%3A%2F%2Ftwo-factor.example.com", + assert.Equal(t, "Found. Redirecting to https://login.example.com?rd=https%3A%2F%2Ftwo-factor.example.com&rm=GET", string(mock.Ctx.Response.Body())) assert.Equal(t, 302, mock.Ctx.Response.StatusCode()) |