From 074b91bc2f154ca50211fad51de0e733bf21beb0 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 6 Mar 2019 14:59:25 -0700 Subject: [PATCH] add tests for implicit issuer --- keyfetch/issuer_test.go | 56 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/keyfetch/issuer_test.go b/keyfetch/issuer_test.go index dedf771..5ef181f 100644 --- a/keyfetch/issuer_test.go +++ b/keyfetch/issuer_test.go @@ -2,6 +2,8 @@ package keyfetch import ( "errors" + "net/http" + "net/url" "testing" ) @@ -132,3 +134,57 @@ func TestIssuerMatches(t *testing.T) { t.Fatal("A bad URL slipped past", iss) } } + +func TestImplicitIssuer(t *testing.T) { + var r *http.Request + var iss string + + r = &http.Request{ + Host: "example.com", + URL: &url.URL{Path: "/foo/bar/baz"}, + Header: http.Header(map[string][]string{ + "x-forwarded-host": []string{"example.com"}, + }), + } + iss = "https://example.com/foo" + if !IsTrustedIssuer(iss, nil, r) { + t.Fatal("A good URL didn't make it:", iss) + } + + r = &http.Request{ + Host: "example.com", + URL: &url.URL{Path: "/"}, + Header: http.Header(map[string][]string{ + "x-forwarded-host": []string{"example.com"}, + "x-forwarded-proto": []string{"http"}, + }), + } + iss = "http://example.com/foo" + if IsTrustedIssuer(iss, nil, r) { + t.Fatal("A bad URL slipped past:", iss) + } + + r = &http.Request{ + Host: "example.com", + URL: &url.URL{Path: "/foo"}, + Header: http.Header(map[string][]string{ + "x-forwarded-host": []string{"example.com"}, + }), + } + iss = "https://example.com/foo/bar/baz" + if IsTrustedIssuer(iss, nil, r) { + t.Fatal("A bad URL slipped past:", iss) + } + + r = &http.Request{ + Host: "example.com", + URL: &url.URL{Path: "/"}, + Header: http.Header(map[string][]string{ + "x-forwarded-proto": []string{"https"}, + }), + } + iss = "https://example.com/" + if !IsTrustedIssuer(iss, nil, r) { + t.Fatal("A good URL didn't make it:", iss) + } +}