summaryrefslogtreecommitdiff
path: root/internal/handlers/handler_sign_u2f_step2_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/handlers/handler_sign_u2f_step2_test.go')
-rw-r--r--internal/handlers/handler_sign_u2f_step2_test.go111
1 files changed, 111 insertions, 0 deletions
diff --git a/internal/handlers/handler_sign_u2f_step2_test.go b/internal/handlers/handler_sign_u2f_step2_test.go
new file mode 100644
index 000000000..5453fe95e
--- /dev/null
+++ b/internal/handlers/handler_sign_u2f_step2_test.go
@@ -0,0 +1,111 @@
+package handlers
+
+import (
+ "encoding/json"
+ "testing"
+
+ "github.com/authelia/authelia/internal/mocks"
+ "github.com/authelia/authelia/internal/session"
+ "github.com/golang/mock/gomock"
+ "github.com/stretchr/testify/suite"
+ "github.com/tstranex/u2f"
+)
+
+type HandlerSignU2FStep2Suite struct {
+ suite.Suite
+
+ mock *mocks.MockAutheliaCtx
+}
+
+func (s *HandlerSignU2FStep2Suite) SetupTest() {
+ s.mock = mocks.NewMockAutheliaCtx(s.T())
+ userSession := s.mock.Ctx.GetSession()
+ userSession.Username = "john"
+ userSession.U2FChallenge = &u2f.Challenge{}
+ userSession.U2FRegistration = &session.U2FRegistration{}
+ s.mock.Ctx.SaveSession(userSession)
+}
+
+func (s *HandlerSignU2FStep2Suite) TearDownTest() {
+ s.mock.Close()
+}
+
+func (s *HandlerSignU2FStep2Suite) TestShouldRedirectUserToDefaultURL() {
+ u2fVerifier := NewMockU2FVerifier(s.mock.Ctrl)
+
+ u2fVerifier.EXPECT().
+ Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
+ Return(nil)
+
+ s.mock.Ctx.Configuration.DefaultRedirectionURL = "http://redirection.local"
+
+ bodyBytes, err := json.Marshal(signU2FRequestBody{
+ SignResponse: u2f.SignResponse{},
+ })
+ s.Require().NoError(err)
+ s.mock.Ctx.Request.SetBody(bodyBytes)
+
+ SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
+ s.mock.Assert200OK(s.T(), redirectResponse{
+ Redirect: "http://redirection.local",
+ })
+}
+
+func (s *HandlerSignU2FStep2Suite) TestShouldNotReturnRedirectURL() {
+ u2fVerifier := NewMockU2FVerifier(s.mock.Ctrl)
+
+ u2fVerifier.EXPECT().
+ Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
+ Return(nil)
+
+ bodyBytes, err := json.Marshal(signU2FRequestBody{
+ SignResponse: u2f.SignResponse{},
+ })
+ s.Require().NoError(err)
+ s.mock.Ctx.Request.SetBody(bodyBytes)
+
+ SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
+ s.mock.Assert200OK(s.T(), nil)
+}
+
+func (s *HandlerSignU2FStep2Suite) TestShouldRedirectUserToSafeTargetURL() {
+ u2fVerifier := NewMockU2FVerifier(s.mock.Ctrl)
+
+ u2fVerifier.EXPECT().
+ Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
+ Return(nil)
+
+ bodyBytes, err := json.Marshal(signU2FRequestBody{
+ SignResponse: u2f.SignResponse{},
+ TargetURL: "https://mydomain.local",
+ })
+ s.Require().NoError(err)
+ s.mock.Ctx.Request.SetBody(bodyBytes)
+
+ SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
+ s.mock.Assert200OK(s.T(), redirectResponse{
+ Redirect: "https://mydomain.local",
+ })
+}
+
+func (s *HandlerSignU2FStep2Suite) TestShouldNotRedirectToUnsafeURL() {
+ u2fVerifier := NewMockU2FVerifier(s.mock.Ctrl)
+
+ u2fVerifier.EXPECT().
+ Verify(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
+ Return(nil)
+
+ bodyBytes, err := json.Marshal(signU2FRequestBody{
+ SignResponse: u2f.SignResponse{},
+ TargetURL: "http://mydomain.local",
+ })
+ s.Require().NoError(err)
+ s.mock.Ctx.Request.SetBody(bodyBytes)
+
+ SecondFactorU2FSignPost(u2fVerifier)(s.mock.Ctx)
+ s.mock.Assert200OK(s.T(), nil)
+}
+
+func TestRunHandlerSignU2FStep2Suite(t *testing.T) {
+ suite.Run(t, new(HandlerSignU2FStep2Suite))
+}