authentik/internal/outpost/proxyv2/application/oauth_test.go

package application

import (
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
	"goauthentik.io/api/v3"
)

func TestCheckRedirectParam(t *testing.T) {
	a := newTestApplication()
	req, _ := http.NewRequest("GET", "/outpost.goauthentik.io/auth/start", nil)

	rd, ok := a.checkRedirectParam(req)

	assert.Equal(t, false, ok)
	assert.Equal(t, "", rd)

	req, _ = http.NewRequest("GET", "/outpost.goauthentik.io/auth/start?rd=https://google.com", nil)

	rd, ok = a.checkRedirectParam(req)

	assert.Equal(t, false, ok)
	assert.Equal(t, "", rd)

	req, _ = http.NewRequest("GET", "/outpost.goauthentik.io/auth/start?rd=https://ext.t.goauthentik.io/test?foo", nil)

	rd, ok = a.checkRedirectParam(req)

	assert.Equal(t, true, ok)
	assert.Equal(t, "https://ext.t.goauthentik.io/test?foo", rd)
}

func TestCheckRedirectParam_Domain(t *testing.T) {
	a := newTestApplication()
	a.proxyConfig.Mode = api.PROXYMODE_FORWARD_DOMAIN.Ptr()
	a.proxyConfig.CookieDomain = api.PtrString("t.goauthentik.io")
	req, _ := http.NewRequest("GET", "https://a.t.goauthentik.io/outpost.goauthentik.io/auth/start", nil)

	rd, ok := a.checkRedirectParam(req)

	assert.Equal(t, false, ok)
	assert.Equal(t, "", rd)
	req, _ = http.NewRequest("GET", "/outpost.goauthentik.io/auth/start?rd=https://ext.t.goauthentik.io/test", nil)

	rd, ok = a.checkRedirectParam(req)

	assert.Equal(t, true, ok)
	assert.Equal(t, "https://ext.t.goauthentik.io/test", rd)
}