diff options
| author | Manuel Nuñez <10672208+mind-ar@users.noreply.github.com> | 2022-07-04 20:58:35 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-05 09:58:35 +1000 |
| commit | da012ab2d660e742f03e321a38fa5569fd93cd3f (patch) | |
| tree | 836f905d91cff729215639009fb463b7b831aea6 /internal/handlers/handler_verify_test.go | |
| parent | 4c7a9ef5b26a7562c38bb7fe771d18c7a627625a (diff) | |
fix(handlers): fix redirect with timed out sessions on rules with bypass policy (#3599)
This change replaced a returned error with a warning when the idle timeout was exceeded.
Fixes #3587
Diffstat (limited to 'internal/handlers/handler_verify_test.go')
| -rw-r--r-- | internal/handlers/handler_verify_test.go | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go index 088197a4c..e7f99a8e7 100644 --- a/internal/handlers/handler_verify_test.go +++ b/internal/handlers/handler_verify_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/valyala/fasthttp" "github.com/authelia/authelia/v4/internal/authentication" "github.com/authelia/authelia/v4/internal/authorization" @@ -1264,3 +1265,52 @@ func TestGetProfileRefreshSettings(t *testing.T) { assert.Equal(t, true, refresh) assert.Equal(t, time.Duration(0), interval) } + +func TestShouldNotRedirectRequestsForBypassACLWhenInactiveForTooLong(t *testing.T) { + mock := mocks.NewMockAutheliaCtx(t) + defer mock.Close() + + clock := mocks.TestingClock{} + clock.Set(time.Now()) + past := clock.Now().Add(-1 * time.Hour) + + mock.Ctx.Configuration.Session.Inactivity = testInactivity + // Reload the session provider since the configuration is indirect. + mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session, nil) + assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity) + + userSession := mock.Ctx.GetSession() + userSession.Username = testUsername + userSession.AuthenticationLevel = authentication.TwoFactor + userSession.LastActivity = past.Unix() + + err := mock.Ctx.SaveSession(userSession) + require.NoError(t, err) + + // Should respond 200 OK. + mock.Ctx.QueryArgs().Add("rd", "https://login.example.com") + mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET") + mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8") + mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com") + VerifyGET(verifyGetCfg)(mock.Ctx) + assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode()) + assert.Nil(t, mock.Ctx.Response.Header.Peek("Location")) + + // Should respond 302 Found. + mock.Ctx.QueryArgs().Add("rd", "https://login.example.com") + mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com") + mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET") + mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8") + VerifyGET(verifyGetCfg)(mock.Ctx) + assert.Equal(t, fasthttp.StatusFound, mock.Ctx.Response.StatusCode()) + assert.Equal(t, "https://login.example.com/?rd=https%3A%2F%2Ftwo-factor.example.com&rm=GET", string(mock.Ctx.Response.Header.Peek("Location"))) + + // Should respond 401 Unauthorized. + mock.Ctx.QueryArgs().Del("rd") + mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com") + mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET") + mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8") + VerifyGET(verifyGetCfg)(mock.Ctx) + assert.Equal(t, fasthttp.StatusUnauthorized, mock.Ctx.Response.StatusCode()) + assert.Nil(t, mock.Ctx.Response.Header.Peek("Location")) +} |