From fa30d4fd8e766bd7b088dbcc4d6e3082118009fb Mon Sep 17 00:00:00 2001 From: Niko Abeler Date: Sun, 6 Nov 2022 16:50:31 +0100 Subject: [PATCH] test for same host --- cmd/owl/web/auth_test.go | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/cmd/owl/web/auth_test.go b/cmd/owl/web/auth_test.go index 67d443d..f23019f 100644 --- a/cmd/owl/web/auth_test.go +++ b/cmd/owl/web/auth_test.go @@ -251,7 +251,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) { repo, user := getSingleUserTestRepo() repo.HttpClient = &mocks.MockHttpClient{} repo.Parser = &mocks.MockParseLinksHtmlParser{ - Links: []string{"http://example.com/response"}, + Links: []string{"http://example2.com/response"}, } user.ResetPassword("testpassword") @@ -261,7 +261,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) { form := url.Values{} form.Add("password", "wrongpassword") form.Add("client_id", "http://example.com") - form.Add("redirect_uri", "http://example.com/response_not_set") + form.Add("redirect_uri", "http://example2.com/response_not_set") form.Add("response_type", "code") form.Add("state", "test_state") form.Add("csrf_token", csrfToken) @@ -308,3 +308,34 @@ func TestAuthRedirectUriSet(t *testing.T) { assertions.AssertStatus(t, rr, http.StatusOK) } + +func TestAuthRedirectUriSameHost(t *testing.T) { + repo, user := getSingleUserTestRepo() + repo.HttpClient = &mocks.MockHttpClient{} + repo.Parser = &mocks.MockParseLinksHtmlParser{ + Links: []string{}, + } + user.ResetPassword("testpassword") + + csrfToken := "test_csrf_token" + + // Create Request and Response + form := url.Values{} + form.Add("password", "wrongpassword") + form.Add("client_id", "http://example.com") + form.Add("redirect_uri", "http://example.com/response") + form.Add("response_type", "code") + form.Add("state", "test_state") + form.Add("csrf_token", csrfToken) + + req, err := http.NewRequest("GET", user.AuthUrl()+"?"+form.Encode(), nil) + req.Header.Add("Content-Type", "application/x-www-form-urlencoded") + req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode()))) + req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken}) + assertions.AssertNoError(t, err, "Error creating request") + rr := httptest.NewRecorder() + router := main.SingleUserRouter(&repo) + router.ServeHTTP(rr, req) + + assertions.AssertStatus(t, rr, http.StatusOK) +}