2022-02-26 21:29:56 +00:00
|
|
|
package application
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/url"
|
|
|
|
"regexp"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2022-03-03 09:40:07 +00:00
|
|
|
"goauthentik.io/api/v3"
|
2022-02-26 21:29:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func urlMustParse(u string) *url.URL {
|
|
|
|
ur, err := url.Parse(u)
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
return ur
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestIsAllowlisted_Proxy_Single(t *testing.T) {
|
|
|
|
a := newTestApplication()
|
|
|
|
a.proxyConfig.Mode = api.PROXYMODE_PROXY.Ptr()
|
|
|
|
|
|
|
|
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
|
|
|
|
a.UnauthenticatedRegex = []*regexp.Regexp{
|
|
|
|
regexp.MustCompile("^/foo"),
|
|
|
|
}
|
|
|
|
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestIsAllowlisted_Proxy_Domain(t *testing.T) {
|
|
|
|
a := newTestApplication()
|
|
|
|
a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
|
|
|
|
|
|
|
|
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("")))
|
|
|
|
a.UnauthenticatedRegex = []*regexp.Regexp{
|
|
|
|
regexp.MustCompile("^/foo"),
|
|
|
|
}
|
|
|
|
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
|
|
|
a.UnauthenticatedRegex = []*regexp.Regexp{
|
|
|
|
regexp.MustCompile("^http://some-host/foo"),
|
|
|
|
}
|
|
|
|
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
|
|
|
a.UnauthenticatedRegex = []*regexp.Regexp{
|
|
|
|
regexp.MustCompile("https://health.domain.tld/ping/*"),
|
|
|
|
}
|
|
|
|
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("http://some-host/foo")))
|
|
|
|
assert.Equal(t, false, a.IsAllowlisted(urlMustParse("https://health.domain.tld/")))
|
|
|
|
assert.Equal(t, true, a.IsAllowlisted(urlMustParse("https://health.domain.tld/ping/qq")))
|
|
|
|
}
|