summaryrefslogtreecommitdiff
path: root/internal/handlers/handler_verify_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/handlers/handler_verify_test.go')
-rw-r--r--internal/handlers/handler_verify_test.go50
1 files changed, 50 insertions, 0 deletions
diff --git a/internal/handlers/handler_verify_test.go b/internal/handlers/handler_verify_test.go
index 088197a4c..e7f99a8e7 100644
--- a/internal/handlers/handler_verify_test.go
+++ b/internal/handlers/handler_verify_test.go
@@ -12,6 +12,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
+ "github.com/valyala/fasthttp"
"github.com/authelia/authelia/v4/internal/authentication"
"github.com/authelia/authelia/v4/internal/authorization"
@@ -1264,3 +1265,52 @@ func TestGetProfileRefreshSettings(t *testing.T) {
assert.Equal(t, true, refresh)
assert.Equal(t, time.Duration(0), interval)
}
+
+func TestShouldNotRedirectRequestsForBypassACLWhenInactiveForTooLong(t *testing.T) {
+ mock := mocks.NewMockAutheliaCtx(t)
+ defer mock.Close()
+
+ clock := mocks.TestingClock{}
+ clock.Set(time.Now())
+ past := clock.Now().Add(-1 * time.Hour)
+
+ mock.Ctx.Configuration.Session.Inactivity = testInactivity
+ // Reload the session provider since the configuration is indirect.
+ mock.Ctx.Providers.SessionProvider = session.NewProvider(mock.Ctx.Configuration.Session, nil)
+ assert.Equal(t, time.Second*10, mock.Ctx.Providers.SessionProvider.Inactivity)
+
+ userSession := mock.Ctx.GetSession()
+ userSession.Username = testUsername
+ userSession.AuthenticationLevel = authentication.TwoFactor
+ userSession.LastActivity = past.Unix()
+
+ err := mock.Ctx.SaveSession(userSession)
+ require.NoError(t, err)
+
+ // Should respond 200 OK.
+ mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+ mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
+ mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
+ mock.Ctx.Request.Header.Set("X-Original-URL", "https://bypass.example.com")
+ VerifyGET(verifyGetCfg)(mock.Ctx)
+ assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
+ assert.Nil(t, mock.Ctx.Response.Header.Peek("Location"))
+
+ // Should respond 302 Found.
+ mock.Ctx.QueryArgs().Add("rd", "https://login.example.com")
+ mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
+ mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
+ mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
+ VerifyGET(verifyGetCfg)(mock.Ctx)
+ assert.Equal(t, fasthttp.StatusFound, mock.Ctx.Response.StatusCode())
+ assert.Equal(t, "https://login.example.com/?rd=https%3A%2F%2Ftwo-factor.example.com&rm=GET", string(mock.Ctx.Response.Header.Peek("Location")))
+
+ // Should respond 401 Unauthorized.
+ mock.Ctx.QueryArgs().Del("rd")
+ mock.Ctx.Request.Header.Set("X-Original-URL", "https://two-factor.example.com")
+ mock.Ctx.Request.Header.Set("X-Forwarded-Method", "GET")
+ mock.Ctx.Request.Header.Set("Accept", "text/html; charset=utf-8")
+ VerifyGET(verifyGetCfg)(mock.Ctx)
+ assert.Equal(t, fasthttp.StatusUnauthorized, mock.Ctx.Response.StatusCode())
+ assert.Nil(t, mock.Ctx.Response.Header.Peek("Location"))
+}