From fa30d4fd8e766bd7b088dbcc4d6e3082118009fb Mon Sep 17 00:00:00 2001
From: Niko Abeler <niko@rerere.org>
Date: Sun, 6 Nov 2022 16:50:31 +0100
Subject: [PATCH] test for same host

---
 cmd/owl/web/auth_test.go | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/cmd/owl/web/auth_test.go b/cmd/owl/web/auth_test.go
index 67d443d..f23019f 100644
--- a/cmd/owl/web/auth_test.go
+++ b/cmd/owl/web/auth_test.go
@@ -251,7 +251,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) {
 	repo, user := getSingleUserTestRepo()
 	repo.HttpClient = &mocks.MockHttpClient{}
 	repo.Parser = &mocks.MockParseLinksHtmlParser{
-		Links: []string{"http://example.com/response"},
+		Links: []string{"http://example2.com/response"},
 	}
 	user.ResetPassword("testpassword")
 
@@ -261,7 +261,7 @@ func TestAuthRedirectUriNotSet(t *testing.T) {
 	form := url.Values{}
 	form.Add("password", "wrongpassword")
 	form.Add("client_id", "http://example.com")
-	form.Add("redirect_uri", "http://example.com/response_not_set")
+	form.Add("redirect_uri", "http://example2.com/response_not_set")
 	form.Add("response_type", "code")
 	form.Add("state", "test_state")
 	form.Add("csrf_token", csrfToken)
@@ -308,3 +308,34 @@ func TestAuthRedirectUriSet(t *testing.T) {
 
 	assertions.AssertStatus(t, rr, http.StatusOK)
 }
+
+func TestAuthRedirectUriSameHost(t *testing.T) {
+	repo, user := getSingleUserTestRepo()
+	repo.HttpClient = &mocks.MockHttpClient{}
+	repo.Parser = &mocks.MockParseLinksHtmlParser{
+		Links: []string{},
+	}
+	user.ResetPassword("testpassword")
+
+	csrfToken := "test_csrf_token"
+
+	// Create Request and Response
+	form := url.Values{}
+	form.Add("password", "wrongpassword")
+	form.Add("client_id", "http://example.com")
+	form.Add("redirect_uri", "http://example.com/response")
+	form.Add("response_type", "code")
+	form.Add("state", "test_state")
+	form.Add("csrf_token", csrfToken)
+
+	req, err := http.NewRequest("GET", user.AuthUrl()+"?"+form.Encode(), nil)
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
+	req.AddCookie(&http.Cookie{Name: "csrf_token", Value: csrfToken})
+	assertions.AssertNoError(t, err, "Error creating request")
+	rr := httptest.NewRecorder()
+	router := main.SingleUserRouter(&repo)
+	router.ServeHTTP(rr, req)
+
+	assertions.AssertStatus(t, rr, http.StatusOK)
+}