refactor: http verbs etc (#5248)
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>pull/5249/head
James Elliott
GitHub
parent
d2cdbb23f3
commit
eaddf11df6
|
|
@ -12,6 +12,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/valyala/fasthttp"
|
||||
"gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
|
|
@ -24,7 +25,7 @@ func newDocsDateCmd() *cobra.Command {
|
|||
DisableAutoGenTag: true,
|
||||
}
|
||||
|
||||
cmd.Flags().String("commit-until", "HEAD", "The commit to check the logs until")
|
||||
cmd.Flags().String("commit-until", fasthttp.MethodHead, "The commit to check the logs until")
|
||||
cmd.Flags().String("commit-since", "", "The commit to check the logs since")
|
||||
|
||||
return cmd
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
)
|
||||
|
|
@ -113,20 +114,20 @@ func (s *AuthorizerSuite) TestShouldCheckDefaultBypassConfig() {
|
|||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(bypass).Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckDefaultDeniedConfig() {
|
||||
tester := NewAuthorizerBuilder().
|
||||
WithDefaultPolicy(deny).Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
|
||||
|
|
@ -138,12 +139,12 @@ func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
|
||||
|
|
@ -159,10 +160,10 @@ func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
|
||||
|
|
@ -174,15 +175,15 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
|
||||
|
|
@ -202,10 +203,10 @@ func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
||||
|
|
@ -326,7 +327,7 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
|
|||
|
||||
for _, tc := range testCases {
|
||||
s.T().Run(tc.name, func(t *testing.T) {
|
||||
tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, "GET", tc.expected)
|
||||
tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, fasthttp.MethodGet, tc.expected)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -349,9 +350,9 @@ func (s *AuthorizerSuite) TestShouldCheckRulePrecedence() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckDomainMatching() {
|
||||
|
|
@ -379,23 +380,23 @@ func (s *AuthorizerSuite) TestShouldCheckDomainMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://x.example.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://x.example.com", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
s.Require().Len(tester.rules, 5)
|
||||
|
||||
|
|
@ -487,12 +488,12 @@ func (s *AuthorizerSuite) TestShouldCheckDomainRegexMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", fasthttp.MethodGet, Denied)
|
||||
|
||||
s.Require().Len(tester.rules, 5)
|
||||
|
||||
|
|
@ -564,43 +565,43 @@ func (s *AuthorizerSuite) TestShouldCheckResourceSubjectMatching() {
|
|||
Build()
|
||||
|
||||
// Accessing the unprotected root.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", fasthttp.MethodGet, Bypass)
|
||||
|
||||
// Accessing Personal page.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
// Accessing an invalid users Personal page.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
// Accessing another users Personal page.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
// Accessing a Group page.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
// Accessing an invalid group's Group page.
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
s.Require().Len(tester.rules, 3)
|
||||
|
||||
|
|
@ -635,8 +636,8 @@ func (s *AuthorizerSuite) TestShouldCheckUserMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
|
||||
|
|
@ -649,8 +650,8 @@ func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
|
||||
|
|
@ -663,10 +664,10 @@ func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
|
||||
|
|
@ -679,9 +680,9 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
|
||||
|
|
@ -714,18 +715,18 @@ func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, Denied)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", fasthttp.MethodGet, Denied)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckMethodMatching() {
|
||||
|
|
@ -734,31 +735,31 @@ func (s *AuthorizerSuite) TestShouldCheckMethodMatching() {
|
|||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: bypass,
|
||||
Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"},
|
||||
Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
|
||||
}).
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: oneFactor,
|
||||
Methods: []string{"PUT", "PATCH", "POST"},
|
||||
Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodPost},
|
||||
}).
|
||||
WithRule(schema.ACLRule{
|
||||
Domains: []string{"protected.example.com"},
|
||||
Policy: twoFactor,
|
||||
Methods: []string{"DELETE"},
|
||||
Methods: []string{fasthttp.MethodDelete},
|
||||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "OPTIONS", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "HEAD", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "CONNECT", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "TRACE", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodOptions, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodHead, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodConnect, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodTrace, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "PUT", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "PATCH", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "POST", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodPut, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodPatch, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodPost, OneFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "DELETE", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodDelete, TwoFactor)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
|
||||
|
|
@ -799,34 +800,34 @@ func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", fasthttp.MethodGet, TwoFactor)
|
||||
}
|
||||
|
||||
// This test assures that rules without domains (not allowed by schema validator at this time) will pass validation correctly.
|
||||
|
|
@ -834,33 +835,33 @@ func (s *AuthorizerSuite) TestShouldMatchAnyDomainIfBlank() {
|
|||
tester := NewAuthorizerBuilder().
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: bypass,
|
||||
Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"},
|
||||
Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
|
||||
}).
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: oneFactor,
|
||||
Methods: []string{"PUT", "PATCH"},
|
||||
Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch},
|
||||
}).
|
||||
WithRule(schema.ACLRule{
|
||||
Policy: twoFactor,
|
||||
Methods: []string{"DELETE"},
|
||||
Methods: []string{fasthttp.MethodDelete},
|
||||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "OPTIONS", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodOptions, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "PUT", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "PATCH", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "PUT", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPut, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPatch, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPut, OneFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "DELETE", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "DELETE", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "DELETE", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodDelete, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodDelete, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodDelete, TwoFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "POST", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "POST", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "POST", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPost, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPost, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPost, Denied)
|
||||
}
|
||||
|
||||
func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() {
|
||||
|
|
@ -911,29 +912,29 @@ func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() {
|
|||
}).
|
||||
Build()
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", "GET", OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", fasthttp.MethodGet, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Denied)
|
||||
|
||||
// This test returns this result since we validate the schema instead of validating it in code.
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", "GET", Bypass)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass)
|
||||
|
||||
tester.CheckAuthorizations(s.T(), John, "https://private.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", "GET", Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", "GET", TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), John, "https://private.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", fasthttp.MethodGet, Denied)
|
||||
tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", fasthttp.MethodGet, TwoFactor)
|
||||
|
||||
results := tester.GetRuleMatchResults(John, "https://private.example.com", "GET")
|
||||
results := tester.GetRuleMatchResults(John, "https://private.example.com", fasthttp.MethodGet)
|
||||
|
||||
s.Require().Len(results, 7)
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
func TestShouldAppendQueryParamToURL(t *testing.T) {
|
||||
|
|
@ -13,12 +14,12 @@ func TestShouldAppendQueryParamToURL(t *testing.T) {
|
|||
|
||||
require.NoError(t, err)
|
||||
|
||||
object := NewObject(targetURL, "GET")
|
||||
object := NewObject(targetURL, fasthttp.MethodGet)
|
||||
|
||||
assert.Equal(t, "https", object.URL.Scheme)
|
||||
assert.Equal(t, "domain.example.com", object.Domain)
|
||||
assert.Equal(t, "/api?type=none", object.Path)
|
||||
assert.Equal(t, "GET", object.Method)
|
||||
assert.Equal(t, fasthttp.MethodGet, object.Method)
|
||||
}
|
||||
|
||||
func TestShouldCreateNewObjectFromRaw(t *testing.T) {
|
||||
|
|
@ -26,13 +27,13 @@ func TestShouldCreateNewObjectFromRaw(t *testing.T) {
|
|||
|
||||
require.NoError(t, err)
|
||||
|
||||
object := NewObjectRaw(targetURL, []byte("GET"))
|
||||
object := NewObjectRaw(targetURL, []byte(fasthttp.MethodGet))
|
||||
|
||||
assert.Equal(t, "https", object.URL.Scheme)
|
||||
assert.Equal(t, "domain.example.com", object.Domain)
|
||||
assert.Equal(t, "/api", object.URL.Path)
|
||||
assert.Equal(t, "/api", object.Path)
|
||||
assert.Equal(t, "GET", object.Method)
|
||||
assert.Equal(t, fasthttp.MethodGet, object.Method)
|
||||
}
|
||||
|
||||
func TestShouldCleanURL(t *testing.T) {
|
||||
|
|
@ -43,14 +44,14 @@ func TestShouldCleanURL(t *testing.T) {
|
|||
|
||||
expectedScheme, expectedDomain, expectedPath, expectedPathClean string
|
||||
}{
|
||||
{"https://a.com", "/a/../t", "GET", "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2f/t", "GET", "https", "a.com", "/a/..//t", "/t"},
|
||||
{"https://a.com", "/a/..%2ft", "GET", "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2F/t", "GET", "https", "a.com", "/a/..//t", "/t"},
|
||||
{"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/%2F..%2Ft", "GET", "https", "a.com", "/a//../t", "/t"},
|
||||
{"https://a.com", "/a/%2F%2e%2e%2Ft", "GET", "https", "a.com", "/a//../t", "/t"},
|
||||
{"https://a.com", "/a/../t", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2f/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"},
|
||||
{"https://a.com", "/a/..%2ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2F/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"},
|
||||
{"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
|
||||
{"https://a.com", "/a/%2F..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"},
|
||||
{"https://a.com", "/a/%2F%2e%2e%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authorization"
|
||||
"github.com/authelia/authelia/v4/internal/configuration/validator"
|
||||
|
|
@ -45,7 +46,7 @@ func newAccessControlCheckCommand(ctx *CmdCtx) (cmd *cobra.Command) {
|
|||
}
|
||||
|
||||
cmd.Flags().String("url", "", "the url of the object")
|
||||
cmd.Flags().String("method", "GET", "the HTTP method of the object")
|
||||
cmd.Flags().String("method", fasthttp.MethodGet, "the HTTP method of the object")
|
||||
cmd.Flags().String("username", "", "the username of the subject")
|
||||
cmd.Flags().StringSlice("groups", nil, "the groups of the subject")
|
||||
cmd.Flags().String("ip", "", "the ip of the subject")
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
)
|
||||
|
|
@ -185,7 +186,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
|
|||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
Methods: []string{"GET", "HOP"},
|
||||
Methods: []string{fasthttp.MethodGet, "HOP"},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -202,7 +203,7 @@ func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
|
|||
{
|
||||
Domains: []string{"public.example.com"},
|
||||
Policy: "bypass",
|
||||
Methods: []string{"GET", "GET"},
|
||||
Methods: []string{fasthttp.MethodGet, fasthttp.MethodGet},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"regexp"
|
||||
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/v4/internal/oidc"
|
||||
|
|
@ -380,7 +381,7 @@ var (
|
|||
validLogLevels = []string{"trace", "debug", "info", "warn", "error"}
|
||||
validWebAuthnConveyancePreferences = []string{string(protocol.PreferNoAttestation), string(protocol.PreferIndirectAttestation), string(protocol.PreferDirectAttestation)}
|
||||
validWebAuthnUserVerificationRequirement = []string{string(protocol.VerificationDiscouraged), string(protocol.VerificationPreferred), string(protocol.VerificationRequired)}
|
||||
validRFC7231HTTPMethodVerbs = []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "TRACE", "CONNECT", "OPTIONS"}
|
||||
validRFC7231HTTPMethodVerbs = []string{fasthttp.MethodGet, fasthttp.MethodHead, fasthttp.MethodPost, fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodDelete, fasthttp.MethodTrace, fasthttp.MethodConnect, fasthttp.MethodOptions}
|
||||
validRFC4918HTTPMethodVerbs = []string{"COPY", "LOCK", "MKCOL", "MOVE", "PROPFIND", "PROPPATCH", "UNLOCK"}
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
"net/url"
|
||||
|
||||
duoapi "github.com/duosecurity/duo_api_golang"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/middlewares"
|
||||
"github.com/authelia/authelia/v4/internal/session"
|
||||
|
|
@ -47,7 +48,7 @@ func (d *APIImpl) Call(ctx *middlewares.AutheliaCtx, userSession *session.UserSe
|
|||
func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*PreAuthResponse, error) {
|
||||
var preAuthResponse PreAuthResponse
|
||||
|
||||
response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/preauth")
|
||||
response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/preauth")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -64,7 +65,7 @@ func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session
|
|||
func (d *APIImpl) AuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*AuthResponse, error) {
|
||||
var authResponse AuthResponse
|
||||
|
||||
response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/auth")
|
||||
response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/auth")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -477,7 +477,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuth() { // TestShouldVeri
|
|||
s.ConfigureMockSessionProviderWithAutomaticAutheliaURLs(mock)
|
||||
|
||||
mock.Ctx.QueryArgs().Add("auth", "basic")
|
||||
mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set("X-Original-URL", "https://one-factor.example.com")
|
||||
|
||||
gomock.InOrder(
|
||||
|
|
@ -510,19 +510,19 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() {
|
|||
{
|
||||
"HeaderEmpty", // TestShouldVerifyAuthBasicArgFailingEmptyHeader.
|
||||
func(mock *mocks.MockAutheliaCtx) {
|
||||
mock.Ctx.Request.Header.Set("Authorization", "")
|
||||
mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "")
|
||||
},
|
||||
},
|
||||
{
|
||||
"HeaderIncorrect", // TestShouldVerifyAuthBasicArgFailingWrongHeader.
|
||||
func(mock *mocks.MockAutheliaCtx) {
|
||||
mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set(fasthttp.HeaderProxyAuthorization, "Basic am9objpwYXNzd29yZA==")
|
||||
},
|
||||
},
|
||||
{
|
||||
"IncorrectPassword", // TestShouldVerifyAuthBasicArgFailingWrongPassword.
|
||||
func(mock *mocks.MockAutheliaCtx) {
|
||||
mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
|
||||
|
||||
mock.UserProviderMock.EXPECT().
|
||||
CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
|
||||
|
|
@ -532,7 +532,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() {
|
|||
{
|
||||
"NoAccess", // TestShouldVerifyAuthBasicArgFailingWrongPassword.
|
||||
func(mock *mocks.MockAutheliaCtx) {
|
||||
mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
|
||||
mock.Ctx.Request.Header.Set("X-Original-URL", "https://admin.example.com/")
|
||||
|
||||
gomock.InOrder(
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
)
|
||||
|
|
@ -41,7 +42,7 @@ func (s *PasswordPolicySuite) TestShouldBeDisabled() {
|
|||
err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
|
||||
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), "disabled", response.Data.Mode)
|
||||
}
|
||||
|
||||
|
|
@ -57,7 +58,7 @@ func (s *PasswordPolicySuite) TestShouldBeStandard() {
|
|||
err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
|
||||
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), "standard", response.Data.Mode)
|
||||
assert.Equal(s.T(), 4, response.Data.MinLength)
|
||||
assert.Equal(s.T(), 8, response.Data.MaxLength)
|
||||
|
|
@ -73,7 +74,7 @@ func (s *PasswordPolicySuite) TestShouldBeZXCVBN() {
|
|||
err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
|
||||
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), "zxcvbn", response.Data.Mode)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/authorization"
|
||||
|
|
@ -206,7 +207,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeChecked() {
|
|||
FirstFactorPOST(nil)(s.mock.Ctx)
|
||||
|
||||
// Respond with 200.
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
||||
|
||||
userSession, err := s.mock.Ctx.GetSession()
|
||||
|
|
@ -248,7 +249,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeUnchecked() {
|
|||
FirstFactorPOST(nil)(s.mock.Ctx)
|
||||
|
||||
// Respond with 200.
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
||||
|
||||
userSession, err := s.mock.Ctx.GetSession()
|
||||
|
|
@ -293,7 +294,7 @@ func (s *FirstFactorSuite) TestShouldSaveUsernameFromAuthenticationBackendInSess
|
|||
FirstFactorPOST(nil)(s.mock.Ctx)
|
||||
|
||||
// Respond with 200.
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
|
||||
|
||||
userSession, err := s.mock.Ctx.GetSession()
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
|
|
@ -21,6 +22,6 @@ func TestHealthOk(t *testing.T) {
|
|||
|
||||
HealthGET(mock.Ctx)
|
||||
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, okMessageBytes, mock.Ctx.Response.Body())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/duo"
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
|
|
@ -136,7 +137,7 @@ func (s *RegisterDuoDeviceSuite) TestShouldRespondOK() {
|
|||
|
||||
DuoDevicePOST(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *RegisterDuoDeviceSuite) TestShouldRespondKOOnInvalidMethod() {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import (
|
|||
"github.com/golang/mock/gomock"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/v4/internal/duo"
|
||||
|
|
@ -122,7 +123,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldAutoSelect() {
|
|||
s.mock.Ctx.Request.SetBody(bodyBytes)
|
||||
|
||||
DuoPOST(duoMock)(s.mock.Ctx)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *SecondFactorDuoPostSuite) TestShouldDenyAutoSelect() {
|
||||
|
|
@ -328,7 +329,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldUseInvalidMethodAndAutoSelect() {
|
|||
s.mock.Ctx.Request.SetBody(bodyBytes)
|
||||
|
||||
DuoPOST(duoMock)(s.mock.Ctx)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() {
|
||||
|
|
@ -352,7 +353,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() {
|
|||
|
||||
DuoPOST(duoMock)(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() {
|
||||
|
|
@ -382,7 +383,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() {
|
|||
|
||||
DuoPOST(duoMock)(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndFail() {
|
||||
|
|
@ -452,7 +453,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndDenyAccess() {
|
|||
|
||||
DuoPOST(duoMock)(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndFail() {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/authentication"
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
|
|
@ -52,7 +53,7 @@ func (s *StateGetSuite) TestShouldReturnUsernameFromSession() {
|
|||
|
||||
err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType())
|
||||
assert.Equal(s.T(), expectedBody, actualBody)
|
||||
}
|
||||
|
|
@ -84,7 +85,7 @@ func (s *StateGetSuite) TestShouldReturnAuthenticationLevelFromSession() {
|
|||
|
||||
err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody)
|
||||
require.NoError(s.T(), err)
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType())
|
||||
assert.Equal(s.T(), expectedBody, actualBody)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
|
|
@ -116,7 +117,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
|
|||
|
||||
if resp.err == nil {
|
||||
t.Run("expected status code", func(t *testing.T) {
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
})
|
||||
|
||||
actualPreferences := model.UserInfo{}
|
||||
|
|
@ -140,7 +141,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
|
|||
})
|
||||
} else {
|
||||
t.Run("expected status code", func(t *testing.T) {
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
})
|
||||
|
||||
errResponse := mock.GetResponseError(t)
|
||||
|
|
@ -310,7 +311,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
|
|||
|
||||
if resp.loadErr == nil && resp.saveErr == nil {
|
||||
t.Run(fmt.Sprintf("%s/%s", resp.description, "expected status code"), func(t *testing.T) {
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
})
|
||||
|
||||
actualPreferences := model.UserInfo{}
|
||||
|
|
@ -334,7 +335,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
|
|||
})
|
||||
} else {
|
||||
t.Run("expected status code", func(t *testing.T) {
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
})
|
||||
|
||||
errResponse := mock.GetResponseError(t)
|
||||
|
|
@ -440,7 +441,7 @@ func (s *SaveSuite) TestShouldReturn200WhenMethodIsSuccessfullySaved() {
|
|||
|
||||
MethodPreferencePOST(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func TestSaveSuite(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/mocks"
|
||||
"github.com/authelia/authelia/v4/internal/model"
|
||||
|
|
@ -146,7 +147,7 @@ func TestWebAuthnGetUserWithErr(t *testing.T) {
|
|||
|
||||
func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T) {
|
||||
ctx := mocks.NewMockAutheliaCtx(t)
|
||||
ctx.Ctx.Request.Header.Del("X-Forwarded-Host")
|
||||
ctx.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
|
||||
|
||||
w, err := newWebAuthn(ctx.Ctx)
|
||||
|
||||
|
|
@ -157,9 +158,9 @@ func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T)
|
|||
func TestWebAuthnNewWebAuthnShouldReturnErrWhenWebAuthnNotConfigured(t *testing.T) {
|
||||
ctx := mocks.NewMockAutheliaCtx(t)
|
||||
|
||||
ctx.Ctx.Request.Header.Set("X-Forwarded-Host", "example.com")
|
||||
ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
|
||||
ctx.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
|
||||
ctx.Ctx.Request.Header.Set("X-Forwarded-Proto", "https")
|
||||
ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
|
||||
w, err := newWebAuthn(ctx.Ctx)
|
||||
|
||||
|
|
|
|||
|
|
@ -182,7 +182,7 @@ func TestShouldGetOriginalURLFromForwardedHeadersWithURI(t *testing.T) {
|
|||
|
||||
func TestShouldFallbackToNonXForwardedHeaders(t *testing.T) {
|
||||
mock := mocks.NewMockAutheliaCtx(t)
|
||||
mock.Ctx.Request.Header.Del("X-Forwarded-Host")
|
||||
mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
|
||||
|
||||
defer mock.Close()
|
||||
|
||||
|
|
@ -198,19 +198,19 @@ func TestShouldOnlyFallbackToNonXForwardedHeadersWhenNil(t *testing.T) {
|
|||
mock := mocks.NewMockAutheliaCtx(t)
|
||||
defer mock.Close()
|
||||
|
||||
mock.Ctx.Request.Header.Del("X-Forwarded-Host")
|
||||
mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
|
||||
|
||||
mock.Ctx.RequestCtx.Request.SetRequestURI("/2fa/one-time-password")
|
||||
mock.Ctx.RequestCtx.Request.SetHost("localhost")
|
||||
mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "auth.example.com:1234")
|
||||
mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-URI", "/base/2fa/one-time-password")
|
||||
mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", "GET")
|
||||
mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
|
||||
|
||||
assert.Equal(t, []byte("https"), mock.Ctx.XForwardedProto())
|
||||
assert.Equal(t, []byte("auth.example.com:1234"), mock.Ctx.GetXForwardedHost())
|
||||
assert.Equal(t, []byte("/base/2fa/one-time-password"), mock.Ctx.GetXForwardedURI())
|
||||
assert.Equal(t, []byte("GET"), mock.Ctx.XForwardedMethod())
|
||||
assert.Equal(t, []byte(fasthttp.MethodGet), mock.Ctx.XForwardedMethod())
|
||||
}
|
||||
|
||||
func TestShouldDetectXHR(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -56,13 +56,13 @@ func TestCORSPolicyBuilder_WithAllowedMethods(t *testing.T) {
|
|||
|
||||
assert.Nil(t, cors.methods)
|
||||
|
||||
cors.WithAllowedMethods("GET")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet)
|
||||
|
||||
assert.Equal(t, []string{"GET"}, cors.methods)
|
||||
assert.Equal(t, []string{fasthttp.MethodGet}, cors.methods)
|
||||
|
||||
cors.WithAllowedMethods("POST", "PATCH")
|
||||
cors.WithAllowedMethods(fasthttp.MethodPost, fasthttp.MethodPatch)
|
||||
|
||||
assert.Equal(t, []string{"POST", "PATCH"}, cors.methods)
|
||||
assert.Equal(t, []string{fasthttp.MethodPost, fasthttp.MethodPatch}, cors.methods)
|
||||
|
||||
cors.WithAllowedMethods()
|
||||
|
||||
|
|
@ -167,7 +167,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS(t *testing.T) {
|
|||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
|
||||
cors.WithAllowedMethods("GET", "OPTIONS")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy = cors.Build()
|
||||
policy.HandleOPTIONS(ctx)
|
||||
|
|
@ -245,7 +245,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS_WithoutOrigin(t *testing.T) {
|
|||
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
|
||||
cors.WithAllowedMethods("GET", "OPTIONS")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy = cors.Build()
|
||||
policy.HandleOPTIONS(ctx)
|
||||
|
|
@ -311,7 +311,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedOrigins(t *testing.T) {
|
|||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
|
||||
cors.WithAllowedOrigins("*")
|
||||
cors.WithAllowedMethods("GET", "OPTIONS")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy = cors.Build()
|
||||
policy.HandleOPTIONS(ctx)
|
||||
|
|
@ -383,7 +383,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithVaryOnly(t *testing.T) {
|
|||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
|
||||
cors.WithAllowedMethods("GET", "OPTIONS")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy = cors.Build()
|
||||
policy.HandleOPTIONS(ctx)
|
||||
|
|
@ -429,7 +429,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedHeaders(t *testing.T) {
|
|||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
|
||||
cors.WithAllowedMethods("GET", "OPTIONS")
|
||||
cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy = cors.Build()
|
||||
policy.HandleOPTIONS(ctx)
|
||||
|
|
@ -516,7 +516,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) {
|
|||
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
|
||||
|
||||
cors := NewCORSPolicyBuilder()
|
||||
|
||||
|
|
@ -528,7 +528,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) {
|
|||
assert.Equal(t, headerValueFalse, ctx.Response.Header.PeekBytes(headerAccessControlAllowCredentials))
|
||||
assert.Equal(t, headerValueMaxAge, ctx.Response.Header.PeekBytes(headerAccessControlMaxAge))
|
||||
assert.Equal(t, []byte("X-Example-Header"), ctx.Response.Header.PeekBytes(headerAccessControlAllowHeaders))
|
||||
assert.Equal(t, []byte("GET"), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods))
|
||||
assert.Equal(t, []byte(fasthttp.MethodGet), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods))
|
||||
}
|
||||
|
||||
func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t *testing.T) {
|
||||
|
|
@ -538,7 +538,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t
|
|||
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
|
||||
|
||||
cors := NewCORSPolicyBuilder().WithVary()
|
||||
|
||||
|
|
@ -560,11 +560,11 @@ func Test_CORSMiddleware_AsMiddleware(t *testing.T) {
|
|||
|
||||
ctx.Request.Header.SetBytesKV(headerOrigin, origin)
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
|
||||
ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
|
||||
|
||||
middleware := NewBridgeBuilder(schema.Configuration{}, Providers{}).Build()
|
||||
|
||||
cors := NewCORSPolicyBuilder().WithAllowedMethods("GET", "OPTIONS")
|
||||
cors := NewCORSPolicyBuilder().WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
|
||||
|
||||
policy := cors.Build()
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ func TestShouldFailStartingProcessIfUserHasNoEmailAddress(t *testing.T) {
|
|||
|
||||
middlewares.IdentityVerificationStart(newArgs(retriever), nil)(mock.Ctx)
|
||||
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, "User does not have any email", mock.Hook.LastEntry().Message)
|
||||
}
|
||||
|
||||
|
|
@ -65,7 +65,7 @@ func TestShouldFailIfJWTCannotBeSaved(t *testing.T) {
|
|||
args := newArgs(defaultRetriever)
|
||||
middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
|
||||
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, "cannot save", mock.Hook.LastEntry().Message)
|
||||
}
|
||||
|
||||
|
|
@ -88,7 +88,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) {
|
|||
args := newArgs(defaultRetriever)
|
||||
middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
|
||||
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, "no notif", mock.Hook.LastEntry().Message)
|
||||
}
|
||||
|
||||
|
|
@ -110,7 +110,7 @@ func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) {
|
|||
args := newArgs(defaultRetriever)
|
||||
middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
|
||||
|
||||
assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
|
||||
|
||||
defer mock.Close()
|
||||
}
|
||||
|
|
@ -272,7 +272,7 @@ func (s *IdentityVerificationFinishProcess) TestShouldReturn200OnFinishComplete(
|
|||
|
||||
middlewares.IdentityVerificationFinish(newFinishArgs(), next)(s.mock.Ctx)
|
||||
|
||||
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
||||
assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
|
||||
}
|
||||
|
||||
func TestRunIdentityVerificationFinish(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
|
|||
// request.Request.Header.SetCookie("authelia_session", "client_cookie").
|
||||
|
||||
// Set X-Forwarded-Host for compatibility with multi-root-domain implementation.
|
||||
request.Request.Header.Set("X-Forwarded-Host", "example.com")
|
||||
request.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
|
||||
|
||||
ctx := middlewares.NewAutheliaCtx(request, config, providers)
|
||||
mockAuthelia.Ctx = ctx
|
||||
|
|
@ -256,19 +256,19 @@ func (m *MockAutheliaCtx) SetRequestBody(t *testing.T, body interface{}) {
|
|||
|
||||
// Assert401KO assert an error response from the service.
|
||||
func (m *MockAutheliaCtx) Assert401KO(t *testing.T, message string) {
|
||||
assert.Equal(t, 401, m.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusUnauthorized, m.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body()))
|
||||
}
|
||||
|
||||
// Assert200KO assert an error response from the service.
|
||||
func (m *MockAutheliaCtx) Assert200KO(t *testing.T, message string) {
|
||||
assert.Equal(t, 200, m.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body()))
|
||||
}
|
||||
|
||||
// Assert200OK assert a successful response from the service.
|
||||
func (m *MockAutheliaCtx) Assert200OK(t *testing.T, data interface{}) {
|
||||
assert.Equal(t, 200, m.Ctx.Response.StatusCode())
|
||||
assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode())
|
||||
|
||||
response := middlewares.OKResponse{
|
||||
Status: "OK",
|
||||
|
|
|
|||
|
|
@ -200,7 +200,7 @@ func TestShouldRaiseErrorWhenClientDoesNotSkipVerify(t *testing.T) {
|
|||
|
||||
defer tlsServerContext.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = http.DefaultClient.Do(req)
|
||||
|
|
@ -228,7 +228,7 @@ func TestShouldServeOverTLSWhenClientDoesSkipVerify(t *testing.T) {
|
|||
|
||||
defer tlsServerContext.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
tr := &http.Transport{
|
||||
|
|
@ -265,7 +265,7 @@ func TestShouldServeOverTLSWhenClientHasProperRootCA(t *testing.T) {
|
|||
|
||||
defer tlsServerContext.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
block, _ := pem.Decode(certificateContext.Certificates[0].CertificatePEM)
|
||||
|
|
@ -317,7 +317,7 @@ func TestShouldRaiseWhenMutualTLSIsConfiguredAndClientIsNotAuthenticated(t *test
|
|||
|
||||
defer tlsServerContext.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Create a root CA for the client to properly validate server cert.
|
||||
|
|
@ -360,7 +360,7 @@ func TestShouldServeProperlyWhenMutualTLSIsConfiguredAndClientIsAuthenticated(t
|
|||
|
||||
defer tlsServerContext.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
// Create a root CA for the client to properly validate server cert.
|
||||
|
|
|
|||
|
|
@ -6,14 +6,15 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
func doHTTPGetQuery(t *testing.T, url string) []byte {
|
||||
client := NewHTTPClient()
|
||||
req, err := http.NewRequest("GET", url, nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, url, nil)
|
||||
assert.NoError(t, err)
|
||||
|
||||
req.Header.Add("Accept", "application/json")
|
||||
req.Header.Add(fasthttp.HeaderAccept, "application/json")
|
||||
resp, err := client.Do(req)
|
||||
assert.NoError(t, err)
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/duo"
|
||||
)
|
||||
|
|
@ -29,13 +30,13 @@ func ConfigureDuo(t *testing.T, allowDeny DuoPolicy) {
|
|||
url = fmt.Sprintf("%s/deny", DuoBaseURL)
|
||||
}
|
||||
|
||||
req, err := http.NewRequest("POST", url, nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodPost, url, nil)
|
||||
require.NoError(t, err)
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 200, res.StatusCode)
|
||||
require.Equal(t, fasthttp.StatusOK, res.StatusCode)
|
||||
}
|
||||
|
||||
// ConfigureDuoPreAuth configure duo api to respond with available devices or enrollment Url.
|
||||
|
|
@ -45,12 +46,12 @@ func ConfigureDuoPreAuth(t *testing.T, response duo.PreAuthResponse) {
|
|||
body, err := json.Marshal(response)
|
||||
require.NoError(t, err)
|
||||
|
||||
req, err := http.NewRequest("POST", url, bytes.NewReader(body))
|
||||
req, err := http.NewRequest(fasthttp.MethodPost, url, bytes.NewReader(body))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
require.NoError(t, err)
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, 200, res.StatusCode)
|
||||
require.Equal(t, fasthttp.StatusOK, res.StatusCode)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,32 +48,32 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
|
|||
}
|
||||
|
||||
func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), 403)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden)
|
||||
}
|
||||
|
||||
func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
|
||||
}
|
||||
|
||||
func (s *BackendProtectionScenario) TestInvalidEndpointsReturn405() {
|
||||
s.AssertRequestStatusCode("PUT", fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 405)
|
||||
s.AssertRequestStatusCode(fasthttp.MethodPut, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusMethodNotAllowed)
|
||||
}
|
||||
|
||||
func TestRunBackendProtection(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import (
|
|||
log "github.com/sirupsen/logrus"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
type HighAvailabilityWebDriverSuite struct {
|
||||
|
|
@ -282,7 +283,7 @@ func NewHighAvailabilitySuite() *HighAvailabilitySuite {
|
|||
|
||||
func DoGetWithAuth(t *testing.T, username, password string) int {
|
||||
client := NewHTTPClient()
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil)
|
||||
assert.NoError(t, err)
|
||||
req.SetBasicAuth(username, password)
|
||||
|
||||
|
|
@ -293,9 +294,9 @@ func DoGetWithAuth(t *testing.T, username, password string) int {
|
|||
}
|
||||
|
||||
func (s *HighAvailabilitySuite) TestBasicAuth() {
|
||||
s.Assert().Equal(DoGetWithAuth(s.T(), "john", "password"), 200)
|
||||
s.Assert().Equal(DoGetWithAuth(s.T(), "john", "bad-password"), 302)
|
||||
s.Assert().Equal(DoGetWithAuth(s.T(), "dontexist", "password"), 302)
|
||||
s.Assert().Equal(fasthttp.StatusOK, DoGetWithAuth(s.T(), "john", "password"))
|
||||
s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "john", "bad-password"))
|
||||
s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "dontexist", "password"))
|
||||
}
|
||||
|
||||
func (s *HighAvailabilitySuite) Test1FAScenario() {
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/valyala/fasthttp"
|
||||
|
||||
"github.com/authelia/authelia/v4/internal/storage"
|
||||
"github.com/authelia/authelia/v4/internal/utils"
|
||||
|
|
@ -185,55 +186,55 @@ func NewStandaloneSuite() *StandaloneSuite {
|
|||
}
|
||||
|
||||
func (s *StandaloneSuite) TestShouldRespectMethodsACL() {
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
s.Assert().NoError(err)
|
||||
req.Header.Set("X-Forwarded-Method", "GET")
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain))
|
||||
req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain))
|
||||
req.Header.Set("X-Forwarded-URI", "/")
|
||||
req.Header.Set("Accept", "text/html; charset=utf8")
|
||||
req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 302)
|
||||
s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
|
||||
urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/")
|
||||
s.Assert().Equal(fmt.Sprintf("<a href=\"%s\">302 Found</a>", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body))
|
||||
|
||||
req.Header.Set("X-Forwarded-Method", "OPTIONS")
|
||||
req.Header.Set("X-Forwarded-Method", fasthttp.MethodOptions)
|
||||
|
||||
res, err = client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 200)
|
||||
s.Assert().Equal(fasthttp.StatusOK, res.StatusCode)
|
||||
}
|
||||
|
||||
func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() {
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
s.Assert().NoError(err)
|
||||
req.Header.Set("X-Forwarded-Method", "GET")
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain))
|
||||
req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain))
|
||||
req.Header.Set("X-Forwarded-URI", "/")
|
||||
req.Header.Set("Accept", "text/html; charset=utf8")
|
||||
req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 302)
|
||||
s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
|
||||
urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/")
|
||||
s.Assert().Equal(fmt.Sprintf("<a href=\"%s\">302 Found</a>", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body))
|
||||
|
||||
req.Header.Set("X-Forwarded-Method", "POST")
|
||||
req.Header.Set("X-Forwarded-Method", fasthttp.MethodPost)
|
||||
|
||||
res, err = client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 303)
|
||||
s.Assert().Equal(fasthttp.StatusSeeOther, res.StatusCode)
|
||||
body, err = io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
|
||||
|
|
@ -243,16 +244,16 @@ func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() {
|
|||
|
||||
// Standard case using nginx.
|
||||
func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() {
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil)
|
||||
s.Assert().NoError(err)
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set("X-Original-URL", AdminBaseURL)
|
||||
req.Header.Set("Accept", "text/html; charset=utf8")
|
||||
req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 401)
|
||||
s.Assert().Equal(fasthttp.StatusUnauthorized, res.StatusCode)
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal("401 Unauthorized", string(body))
|
||||
|
|
@ -260,16 +261,16 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() {
|
|||
|
||||
// Standard case using Kubernetes.
|
||||
func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() {
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
s.Assert().NoError(err)
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set("X-Original-URL", AdminBaseURL)
|
||||
req.Header.Set("Accept", "text/html; charset=utf8")
|
||||
req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 302)
|
||||
s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
|
||||
|
|
@ -278,17 +279,17 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() {
|
|||
}
|
||||
|
||||
func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI() {
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
|
||||
s.Assert().NoError(err)
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set("X-Forwarded-Host", "secure.example.com:8080")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedHost, "secure.example.com:8080")
|
||||
req.Header.Set("X-Forwarded-URI", "/")
|
||||
req.Header.Set("Accept", "text/html; charset=utf8")
|
||||
req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
|
||||
|
||||
client := NewHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
s.Assert().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 302)
|
||||
s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Assert().NoError(err)
|
||||
|
||||
|
|
@ -299,19 +300,19 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI(
|
|||
func (s *StandaloneSuite) TestShouldRecordMetrics() {
|
||||
client := NewHTTPClient()
|
||||
|
||||
req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/health", LoginBaseURL), nil)
|
||||
req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/health", LoginBaseURL), nil)
|
||||
s.Require().NoError(err)
|
||||
|
||||
res, err := client.Do(req)
|
||||
s.Require().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 200)
|
||||
s.Assert().Equal(fasthttp.StatusOK, fasthttp.StatusOK, res.StatusCode)
|
||||
|
||||
req, err = http.NewRequest("GET", fmt.Sprintf("%s/metrics", LoginBaseURL), nil)
|
||||
req, err = http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/metrics", LoginBaseURL), nil)
|
||||
s.Require().NoError(err)
|
||||
|
||||
res, err = client.Do(req)
|
||||
s.Require().NoError(err)
|
||||
s.Assert().Equal(res.StatusCode, 200)
|
||||
s.Assert().Equal(fasthttp.StatusOK, res.StatusCode)
|
||||
|
||||
body, err := io.ReadAll(res.Body)
|
||||
s.Require().NoError(err)
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import (
|
|||
"github.com/go-rod/rod"
|
||||
"github.com/google/uuid"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
var browserPaths = []string{"/usr/bin/chromium-browser", "/usr/bin/chromium"}
|
||||
|
|
@ -264,8 +265,8 @@ func getDomainEnvInfo(domain string) (info map[string]string, err error) {
|
|||
return info, err
|
||||
}
|
||||
|
||||
req.Header.Set("X-Forwarded-Proto", "https")
|
||||
req.Header.Set("X-Forwarded-Host", domain)
|
||||
req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
|
||||
req.Header.Set(fasthttp.HeaderXForwardedHost, domain)
|
||||
|
||||
if resp, err = client.Do(req); err != nil {
|
||||
return info, err
|
||||
|
|
|
|||
Loading…
Reference in New Issue