Add tests for the /exchange HTTP endpoint

7ab9e359 · ale · godog · ad26ddab · 7ab9e359 · 7ab9e359
Commit 7ab9e359 authored 5 years ago by ale Committed by godog 5 years ago
--- a/server/http_test.go
+++ b/server/http_test.go
@@ -142,12 +142,18 @@ func checkStatusOk(t testing.TB, resp *http.Response) {
 	}
 }
+func checkStatusForbidden(t testing.TB, resp *http.Response) {
+	if resp.StatusCode != 403 {
+		t.Fatalf("expected status 403, got %s", resp.Status)
+	}
+}
 func checkStatusNotFound(t testing.TB, resp *http.Response) {
 	if resp.StatusCode != 404 {
 		t.Fatalf("expected status 404, got %s", resp.Status)
 	}
 }
 func checkRedirectToTargetService(t testing.TB, resp *http.Response) {
 	if resp.StatusCode != 302 {
 		t.Fatalf("expected status 302, got %s", resp.Status)
@@ -424,3 +430,45 @@ func TestHTTP_CORS(t *testing.T) {
 		t.Fatalf("Bad Access-Control-Allow-Origin returned to OPTIONS request: %s", s)
 	}
 }
+func TestHTTP_LoginAndExchange(t *testing.T) {
+	tmpdir, httpSrv := startTestHTTPServer(t)
+	defer os.RemoveAll(tmpdir)
+	defer httpSrv.Close()
+	c := newTestHTTPClient()
+	// Simulate an authorization request from a service, expect to
+	// see the login page.
+	v := make(url.Values)
+	v.Set("s", "service.example.com/")
+	v.Set("d", "https://service.example.com/admin/")
+	v.Set("n", "averysecretnonce")
+	doGet(t, c, httpSrv.URL+"/?"+v.Encode(), checkStatusOk, checkLoginPageURL, checkLoginPasswordPage)
+	// Attempt to login by submitting the form. We expect the
+	// result to be a 302 redirect to the target service.
+	v = make(url.Values)
+	v.Set("username", "testuser")
+	v.Set("password", "password")
+	var ssoTkt string
+	doPostForm(t, c, httpSrv.URL+"/login", v, checkRedirectToTargetService, extractSSOTicket(&ssoTkt))
+	// Make an exchange request for a new service.
+	v = make(url.Values)
+	v.Set("cur_tkt", ssoTkt)
+	v.Set("cur_svc", "service.example.com/")
+	v.Set("cur_nonce", "averysecretnonce")
+	v.Set("new_svc", "service2.example.com/")
+	v.Set("new_nonce", "anothernonce")
+	doPostForm(t, c, httpSrv.URL+"/exchange", v, checkStatusOk)
+	// Make an exchange request for a forbidden service.
+	v = make(url.Values)
+	v.Set("cur_tkt", ssoTkt)
+	v.Set("cur_svc", "service.example.com/")
+	v.Set("cur_nonce", "averysecretnonce")
+	v.Set("new_svc", "service3.example.com/")
+	v.Set("new_nonce", "anothernonce")
+	doPostForm(t, c, httpSrv.URL+"/exchange", v, checkStatusForbidden)
+}
--- a/server/service_test.go
+++ b/server/service_test.go
@@ -39,9 +39,10 @@ domain: example.com
 allowed_services:
  - "^service\\.example\\.com/$"
  - "^service2\\.example\\.com/$"
+  - "^service3\\.example\\.com/$"
 allowed_exchanges:
  - src_regexp: "^service\\.example\\.com/$"
-    dst_regexp: "\\.example\\.com/.*$"
+    dst_regexp: "^service2\\.example\\.com/$"
 allowed_cors_origins:
  - "https://origin.example.com"
 service_ttls:
@@ -139,9 +140,10 @@ func TestLoginService_Exchange(t *testing.T) {
 		service, destination string
 		ok                   bool
 	}{
+		{"service.example.com/", "service.example.com/", false},
 		{"service.example.com/", "service2.example.com/", true},
+		{"service.example.com/", "service3.example.com/", false},
 		{"service.example.com/", "bad-service.another.com/", false},
-		{"service.example.com/", "service.example.com/", true}, // self-exchange??
 	}
 	for _, td := range testdata {