Skip to content

Commit

Permalink
Added some test for dev ui cors
Browse files Browse the repository at this point in the history
Signed-off-by: Phillip Kruger <[email protected]>
  • Loading branch information
phillip-kruger committed May 30, 2023
1 parent e9c57ea commit 646100d
Show file tree
Hide file tree
Showing 4 changed files with 233 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ void registerDevUiHandlers(
if (devUIConfig.cors.enabled) {
routeProducer.produce(nonApplicationRootPathBuildItem.routeBuilder()
.orderedRoute(DEVUI + SLASH_ALL, -1 * FilterBuildItem.CORS)
//.route(DEVUI + SLASH_ALL)
.handler(new DevConsoleCORSFilter())
.build());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -495,7 +495,6 @@ public void setupDevConsoleRoutes(
if (devUIConfig.cors.enabled) {
routeBuildItemBuildProducer.produce(nonApplicationRootPathBuildItem.routeBuilder()
.orderedRoute("dev-v1/*", -1 * FilterBuildItem.CORS)
//.route("dev-v1/*")
.handler(new DevConsoleCORSFilter())
.build());
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
package io.quarkus.vertx.http.devui;

import static org.hamcrest.Matchers.emptyOrNullString;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusDevModeTest;
import io.restassured.RestAssured;

public class DevUICorsTest {

@RegisterExtension
static final QuarkusDevModeTest config = new QuarkusDevModeTest()
.withEmptyApplication();

@Test
public void testPreflightHttpLocalhostOrigin() {
String origin = "http://localhost:8080";
String methods = "GET,POST";
RestAssured.given()
.header("Origin", origin)
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", methods)
.body(emptyOrNullString());
}

@Test
public void testPreflightHttpLocalhostIpOrigin() {
String origin = "http://127.0.0.1:8080";
String methods = "GET,POST";
RestAssured.given()
.header("Origin", origin)
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", methods)
.body(emptyOrNullString());
}

@Test
public void testPreflightHttpsLocalhostOrigin() {
String origin = "https://localhost:8443";
String methods = "GET,POST";
RestAssured.given()
.header("Origin", origin)
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", methods)
.body(emptyOrNullString());
}

@Test
public void testPreflightHttpsLocalhostIpOrigin() {
String origin = "https://127.0.0.1:8443";
String methods = "GET,POST";
RestAssured.given()
.header("Origin", origin)
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", methods)
.body(emptyOrNullString());
}

@Test
public void testPreflightNonLocalhostOrigin() {
String methods = "GET,POST";
RestAssured.given()
.header("Origin", "https://quarkus.io/http://localhost")
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue())
.header("Access-Control-Allow-Methods", nullValue())
.body(emptyOrNullString());
}

@Test
public void testPreflightBadLocalhostOrigin() {
String methods = "GET,POST";
RestAssured.given()
.header("Origin", "http://localhost:8080/devui")
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue())
.body(emptyOrNullString());
}

@Test
public void testPreflightBadLocalhostIpOrigin() {
String methods = "GET,POST";
RestAssured.given()
.header("Origin", "http://127.0.0.1:8080/devui")
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue())
.body(emptyOrNullString());
}

@Test
public void testPreflightLocalhostOriginWithoutPort() {
String methods = "GET,POST";
RestAssured.given()
.header("Origin", "http://localhost")
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue())
.body(emptyOrNullString());
}

@Test
public void testSimpleRequestHttpLocalhostOrigin() {
String origin = "http://localhost:8080";
RestAssured.given()
.header("Origin", origin)
.when()
.get("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", nullValue())
.body(not(emptyOrNullString()));
}

@Test
public void testSimpleRequestHttpLocalhostIpOrigin() {
String origin = "http://127.0.0.1:8080";
RestAssured.given()
.header("Origin", origin)
.when()
.get("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", nullValue())
.body(not(emptyOrNullString()));
}

@Test
public void testSimpleRequestHttpsLocalhostOrigin() {
String origin = "https://localhost:8443";
RestAssured.given()
.header("Origin", origin)
.when()
.get("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", nullValue())
.body(not(emptyOrNullString()));
}

@Test
public void testSimpleRequestHttpsLocalhostIpOrigin() {
String origin = "https://127.0.0.1:8443";
RestAssured.given()
.header("Origin", origin)
.when()
.get("q/dev-ui/configuration-form-editor").then()
.statusCode(200)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", nullValue())
.body(not(emptyOrNullString()));
}

@Test
public void testSimpleRequestNonLocalhostOrigin() {
RestAssured.given()
.header("Origin", "https://quarkus.io/http://localhost")
.when()
.get("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.header("Access-Control-Allow-Origin", nullValue())
.body(emptyOrNullString());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package io.quarkus.vertx.http.devui;

import static org.hamcrest.Matchers.emptyOrNullString;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.quarkus.test.QuarkusDevModeTest;
import io.restassured.RestAssured;
import java.net.Inet4Address;
import java.net.UnknownHostException;

public class DevUIRemoteCorsTest {

@RegisterExtension
static final QuarkusDevModeTest config = new QuarkusDevModeTest()
.setBuildSystemProperty("quarkus.http.host", "0.0.0.0")
.withEmptyApplication();

@Test
public void test() throws UnknownHostException {
String origin = Inet4Address.getLocalHost().toString();
if(origin.contains("/")){
origin = "http://" + origin.split("/")[1] + ":8080";
}
String methods = "GET,POST";
RestAssured.given()
.header("Origin", origin)
.header("Access-Control-Request-Method", methods)
.when()
.options("q/dev-ui/configuration-form-editor").then()
.statusCode(403)
.body(emptyOrNullString());
}


}

0 comments on commit 646100d

Please sign in to comment.