Skip to content

Commit 4a20270

Browse files
jaredhansonjaredhanson
committed
Clarify test cases.
1 parent 15abeaa commit 4a20270

File tree

2 files changed

+127
-0
lines changed

2 files changed

+127
-0
lines changed

test/oauth2.options.test.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,7 @@ describe('OAuth2Strategy', function() {
242242
});
243243
});
244244

245+
// OK
245246
describe('handling a request to be redirected for authorization from behind a secure proxy that is trusted by app', function() {
246247
var url;
247248

@@ -271,6 +272,7 @@ describe('OAuth2Strategy', function() {
271272
});
272273
});
273274

275+
// OK
274276
describe('handling a request to be redirected for authorization from behind a secure proxy that sets x-forwarded-host that is trusted by app', function() {
275277
var url;
276278

@@ -301,6 +303,7 @@ describe('OAuth2Strategy', function() {
301303
});
302304
});
303305

306+
// OK
304307
describe('handling a request to be redirected for authorization that contains untrusted x-forwarded-proto header', function() {
305308
var url;
306309

@@ -330,6 +333,7 @@ describe('OAuth2Strategy', function() {
330333
});
331334
});
332335

336+
// OK
333337
describe('handling a request to be redirected for authorization that contains untrusted x-forwarded-host header', function() {
334338
var url;
335339

test/oauth2.test.js

Lines changed: 123 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1276,6 +1276,129 @@ describe('OAuth2Strategy', function() {
12761276
expect(url).to.equal('https://www.example.com/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
12771277
});
12781278
}); // that redirects to service provider from insecure connection
1279+
1280+
1281+
describe('from behind a secure proxy', function() {
1282+
1283+
describe('that is trusted by app and sets x-forwarded-proto', function() {
1284+
var url;
1285+
1286+
before(function(done) {
1287+
chai.passport.use(strategy)
1288+
.redirect(function(u) {
1289+
url = u;
1290+
done();
1291+
})
1292+
.req(function(req) {
1293+
req.app = {
1294+
get: function(name) {
1295+
return name == 'trust proxy' ? true : false;
1296+
}
1297+
}
1298+
1299+
req.url = '/auth/example';
1300+
req.headers.host = 'www.example.net';
1301+
req.headers['x-forwarded-proto'] = 'https';
1302+
req.connection = {};
1303+
})
1304+
.authenticate();
1305+
});
1306+
1307+
it('should be redirected', function() {
1308+
expect(url).to.equal('https://www.example.com/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
1309+
});
1310+
}); // that is trusted by app and sets x-forwarded-proto
1311+
1312+
describe('that is trusted by app and sets x-forwarded-proto and x-forwarded-host', function() {
1313+
var url;
1314+
1315+
before(function(done) {
1316+
chai.passport.use(strategy)
1317+
.redirect(function(u) {
1318+
url = u;
1319+
done();
1320+
})
1321+
.req(function(req) {
1322+
req.app = {
1323+
get: function(name) {
1324+
return name == 'trust proxy' ? true : false;
1325+
}
1326+
}
1327+
1328+
req.url = '/auth/example';
1329+
req.headers.host = 'server.internal';
1330+
req.headers['x-forwarded-proto'] = 'https';
1331+
req.headers['x-forwarded-host'] = 'www.example.net';
1332+
req.connection = {};
1333+
})
1334+
.authenticate();
1335+
});
1336+
1337+
it('should be redirected', function() {
1338+
expect(url).to.equal('https://www.example.com/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
1339+
});
1340+
}); // that is trusted by app and sets x-forwarded-proto and x-forwarded-host
1341+
1342+
describe('that is not trusted by app and sets x-forwarded-proto', function() {
1343+
var url;
1344+
1345+
before(function(done) {
1346+
chai.passport.use(strategy)
1347+
.redirect(function(u) {
1348+
url = u;
1349+
done();
1350+
})
1351+
.req(function(req) {
1352+
req.app = {
1353+
get: function(name) {
1354+
return name == 'trust proxy' ? false : false;
1355+
}
1356+
}
1357+
1358+
req.url = '/auth/example';
1359+
req.headers.host = 'www.example.net';
1360+
req.headers['x-forwarded-proto'] = 'https';
1361+
req.connection = {};
1362+
})
1363+
.authenticate();
1364+
});
1365+
1366+
it('should be redirected', function() {
1367+
expect(url).to.equal('https://www.example.com/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fwww.example.net%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
1368+
});
1369+
}); // that is trusted by app and sets x-forwarded-proto and x-forwarded-host
1370+
1371+
describe('that is not trusted by app and sets x-forwarded-proto and x-forwarded-host', function() {
1372+
var url;
1373+
1374+
before(function(done) {
1375+
chai.passport.use(strategy)
1376+
.redirect(function(u) {
1377+
url = u;
1378+
done();
1379+
})
1380+
.req(function(req) {
1381+
req.app = {
1382+
get: function(name) {
1383+
return name == 'trust proxy' ? false : false;
1384+
}
1385+
}
1386+
1387+
req.url = '/auth/example';
1388+
req.headers.host = 'server.internal';
1389+
req.headers['x-forwarded-proto'] = 'https';
1390+
req.headers['x-forwarded-host'] = 'www.example.net';
1391+
req.connection = {};
1392+
})
1393+
.authenticate();
1394+
});
1395+
1396+
it('should be redirected', function() {
1397+
expect(url).to.equal('https://www.example.com/oauth2/authorize?response_type=code&redirect_uri=http%3A%2F%2Fserver.internal%2Fauth%2Fexample%2Fcallback&client_id=ABC123');
1398+
});
1399+
}); // that is not trusted by app and sets x-forwarded-proto and x-forwarded-host
1400+
1401+
}); // from behind a secure proxy
12791402

12801403
}); // issuing authorization request
12811404

0 commit comments

Comments
 (0)