diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 43e165a2c..6fcf067b5 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -92,6 +92,44 @@ func TestRobotsTxt(t *testing.T) { assert.Equal(t, "User-agent: *\nDisallow: /", rw.Body.String()) } +func TestIsValidRedirect(t *testing.T) { + opts := NewOptions() + opts.ClientID = "bazquux" + opts.ClientSecret = "foobar" + opts.CookieSecret = "xyzzyplugh" + opts.WhitelistDomains = []string{"foo.bar"} + opts.Validate() + + proxy := NewOAuthProxy(opts, func(string) bool { return true }) + + noRD := proxy.IsValidRedirect("") + assert.Equal(t, false, noRD) + + singleSlash := proxy.IsValidRedirect("/redirect") + assert.Equal(t, true, singleSlash) + + doubleSlash := proxy.IsValidRedirect("//redirect") + assert.Equal(t, false, doubleSlash) + + validHttp := proxy.IsValidRedirect("http://baz.foo.bar/redirect") + assert.Equal(t, true, validHttp) + + validHttps := proxy.IsValidRedirect("https://baz.foo.bar/redirect") + assert.Equal(t, true, validHttps) + + invalidHttp1 := proxy.IsValidRedirect("http://foo.bar.evil.corp/redirect") + assert.Equal(t, false, invalidHttp1) + + invalidHttps1 := proxy.IsValidRedirect("https://foo.bar.evil.corp/redirect") + assert.Equal(t, false, invalidHttps1) + + invalidHttp2 := proxy.IsValidRedirect("http://evil.corp/redirect?rd=foo.bar") + assert.Equal(t, false, invalidHttp2) + + invalidHttps2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar") + assert.Equal(t, false, invalidHttps2) +} + type TestProvider struct { *providers.ProviderData EmailAddress string