mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
92d328926d
* refactor(handlers): lower case error messages also refactor verifyAuth function to detect malicious activity both with session cookie and authorization header. * refacto(handlers): simplify error construction * fix(handlers): check prefix in authorization header to determine auth method * fix(handlers): determining the method should be done with headers instead of query arg * refacto(handlers): rollback changes of verifyAuth * don't lowercase log messages * Apply suggestions from code review Make sure logger errors are not lowercased. * fix: uppercase logger errors and remove unused param * Do not lowercase logger errors * Remove unused param targetURL * Rename url variable to not conflict with imported package Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
94 lines
2.7 KiB
Go
94 lines
2.7 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v4"
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/stretchr/testify/suite"
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
|
"github.com/authelia/authelia/v4/internal/mocks"
|
|
)
|
|
|
|
type HandlerRegisterU2FStep1Suite struct {
|
|
suite.Suite
|
|
|
|
mock *mocks.MockAutheliaCtx
|
|
}
|
|
|
|
func (s *HandlerRegisterU2FStep1Suite) SetupTest() {
|
|
s.mock = mocks.NewMockAutheliaCtx(s.T())
|
|
|
|
userSession := s.mock.Ctx.GetSession()
|
|
userSession.Username = testUsername
|
|
err := s.mock.Ctx.SaveSession(userSession)
|
|
require.NoError(s.T(), err)
|
|
}
|
|
|
|
func (s *HandlerRegisterU2FStep1Suite) TearDownTest() {
|
|
s.mock.Close()
|
|
}
|
|
|
|
func createToken(secret string, username string, action string, expiresAt time.Time) string {
|
|
claims := &middlewares.IdentityVerificationClaim{
|
|
StandardClaims: jwt.StandardClaims{
|
|
ExpiresAt: expiresAt.Unix(),
|
|
Issuer: "Authelia",
|
|
},
|
|
Action: action,
|
|
Username: username,
|
|
}
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
ss, _ := token.SignedString([]byte(secret))
|
|
|
|
return ss
|
|
}
|
|
|
|
func (s *HandlerRegisterU2FStep1Suite) TestShouldRaiseWhenXForwardedProtoIsMissing() {
|
|
token := createToken(s.mock.Ctx.Configuration.JWTSecret, "john", ActionU2FRegistration,
|
|
time.Now().Add(1*time.Minute))
|
|
s.mock.Ctx.Request.SetBodyString(fmt.Sprintf("{\"token\":\"%s\"}", token))
|
|
|
|
s.mock.StorageProviderMock.EXPECT().
|
|
FindIdentityVerificationToken(gomock.Eq(token)).
|
|
Return(true, nil)
|
|
|
|
s.mock.StorageProviderMock.EXPECT().
|
|
RemoveIdentityVerificationToken(gomock.Eq(token)).
|
|
Return(nil)
|
|
|
|
SecondFactorU2FIdentityFinish(s.mock.Ctx)
|
|
|
|
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
|
assert.Equal(s.T(), "missing header X-Forwarded-Proto", s.mock.Hook.LastEntry().Message)
|
|
}
|
|
|
|
func (s *HandlerRegisterU2FStep1Suite) TestShouldRaiseWhenXForwardedHostIsMissing() {
|
|
s.mock.Ctx.Request.Header.Add("X-Forwarded-Proto", "http")
|
|
token := createToken(s.mock.Ctx.Configuration.JWTSecret, "john", ActionU2FRegistration,
|
|
time.Now().Add(1*time.Minute))
|
|
s.mock.Ctx.Request.SetBodyString(fmt.Sprintf("{\"token\":\"%s\"}", token))
|
|
|
|
s.mock.StorageProviderMock.EXPECT().
|
|
FindIdentityVerificationToken(gomock.Eq(token)).
|
|
Return(true, nil)
|
|
|
|
s.mock.StorageProviderMock.EXPECT().
|
|
RemoveIdentityVerificationToken(gomock.Eq(token)).
|
|
Return(nil)
|
|
|
|
SecondFactorU2FIdentityFinish(s.mock.Ctx)
|
|
|
|
assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
|
|
assert.Equal(s.T(), "missing header X-Forwarded-Host", s.mock.Hook.LastEntry().Message)
|
|
}
|
|
|
|
func TestShouldRunHandlerRegisterU2FStep1Suite(t *testing.T) {
|
|
suite.Run(t, new(HandlerRegisterU2FStep1Suite))
|
|
}
|