diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2022-02-07 00:37:28 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-07 00:37:28 +1100 |
| commit | 26236f491e6d2b16ae2bc8297e33a9dc883f44e5 (patch) | |
| tree | 4eee1e5ee3744ce6e929a9c848ee5c056009c8d7 /internal/middlewares/authelia_context_test.go | |
| parent | 7775d2af0e18d822c4e02c6ae53ee1dea0feb5de (diff) | |
fix(server): use of inconsistent methods for determining origin (#2848)
This unifies the methods to obtain the X-Forwarded-* header values and provides logical fallbacks. In addition, so we can ensure this functionality extends to the templated files we've converted the ServeTemplatedFile method into a function that operates as a middlewares.RequestHandler.
Fixes #2765
Diffstat (limited to 'internal/middlewares/authelia_context_test.go')
| -rw-r--r-- | internal/middlewares/authelia_context_test.go | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/internal/middlewares/authelia_context_test.go b/internal/middlewares/authelia_context_test.go index f5ea62813..5a26f1c78 100644 --- a/internal/middlewares/authelia_context_test.go +++ b/internal/middlewares/authelia_context_test.go @@ -57,7 +57,7 @@ func TestShouldGetOriginalURLFromForwardedHeadersWithoutURI(t *testing.T) { originalURL, err := mock.Ctx.GetOriginalURL() assert.NoError(t, err) - expectedURL, err := url.ParseRequestURI("https://home.example.com") + expectedURL, err := url.ParseRequestURI("https://home.example.com/") assert.NoError(t, err) assert.Equal(t, expectedURL, originalURL) } @@ -70,3 +70,48 @@ func TestShouldGetOriginalURLFromForwardedHeadersWithURI(t *testing.T) { assert.Error(t, err) assert.Equal(t, "Unable to parse URL extracted from X-Original-URL header: parse \"htt-ps//home?-.example.com\": invalid URI for request", err.Error()) } + +func TestShouldFallbackToNonXForwardedHeaders(t *testing.T) { + mock := mocks.NewMockAutheliaCtx(t) + defer mock.Close() + + mock.Ctx.RequestCtx.Request.SetRequestURI("/2fa/one-time-password") + mock.Ctx.RequestCtx.Request.SetHost("auth.example.com:1234") + + assert.Equal(t, []byte("http"), mock.Ctx.XForwardedProto()) + assert.Equal(t, []byte("auth.example.com:1234"), mock.Ctx.XForwardedHost()) + assert.Equal(t, []byte("/2fa/one-time-password"), mock.Ctx.XForwardedURI()) +} + +func TestShouldOnlyFallbackToNonXForwardedHeadersWhenNil(t *testing.T) { + mock := mocks.NewMockAutheliaCtx(t) + defer mock.Close() + + mock.Ctx.RequestCtx.Request.SetRequestURI("/2fa/one-time-password") + mock.Ctx.RequestCtx.Request.SetHost("localhost") + mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "auth.example.com:1234") + mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-URI", "/base/2fa/one-time-password") + mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Proto", "https") + mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", "GET") + + assert.Equal(t, []byte("https"), mock.Ctx.XForwardedProto()) + assert.Equal(t, []byte("auth.example.com:1234"), mock.Ctx.XForwardedHost()) + assert.Equal(t, []byte("/base/2fa/one-time-password"), mock.Ctx.XForwardedURI()) + assert.Equal(t, []byte("GET"), mock.Ctx.XForwardedMethod()) +} + +func TestShouldDetectXHR(t *testing.T) { + mock := mocks.NewMockAutheliaCtx(t) + defer mock.Close() + + mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXRequestedWith, "XMLHttpRequest") + + assert.True(t, mock.Ctx.IsXHR()) +} + +func TestShouldDetectNonXHR(t *testing.T) { + mock := mocks.NewMockAutheliaCtx(t) + defer mock.Close() + + assert.False(t, mock.Ctx.IsXHR()) +} |