mirror of
https://github.com/tailscale/tailscale.git
synced 2025-10-31 08:11:32 +01:00
259bab9bff
Updates tailscale/corp#29650 Change-Id: Iad4e4ccd9d68ebb1d1a12f335cc5295d0bd05b60 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
79 lines
2.1 KiB
Go
79 lines
2.1 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"tailscale.com/client/tailscale/apitype"
|
|
"tailscale.com/tailcfg"
|
|
)
|
|
|
|
type mockWhoisSource struct {
|
|
id *apitype.WhoIsResponse
|
|
}
|
|
|
|
func (m *mockWhoisSource) WhoIs(ctx context.Context, remoteAddr string) (*apitype.WhoIsResponse, error) {
|
|
if m.id == nil {
|
|
return nil, fmt.Errorf("missing mock identity")
|
|
}
|
|
return m.id, nil
|
|
}
|
|
|
|
var whois = &apitype.WhoIsResponse{
|
|
UserProfile: &tailcfg.UserProfile{
|
|
LoginName: "foobar@example.com",
|
|
DisplayName: "Foobar",
|
|
},
|
|
Node: &tailcfg.Node{
|
|
ID: 1,
|
|
},
|
|
}
|
|
|
|
func TestModifyRequest_Login(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/login", nil)
|
|
modifyRequest(req, &mockWhoisSource{id: whois})
|
|
|
|
if got := req.Header.Get("X-Webauth-User"); got != "foobar@example.com" {
|
|
t.Errorf("X-Webauth-User = %q; want %q", got, "foobar@example.com")
|
|
}
|
|
|
|
if got := req.Header.Get("X-Webauth-Role"); got != "Viewer" {
|
|
t.Errorf("X-Webauth-Role = %q; want %q", got, "Viewer")
|
|
}
|
|
}
|
|
|
|
func TestModifyRequest_RemoveHeaders_Login(t *testing.T) {
|
|
req := httptest.NewRequest("GET", "/login", nil)
|
|
req.Header.Set("X-Webauth-User", "malicious@example.com")
|
|
req.Header.Set("X-Webauth-Role", "Admin")
|
|
|
|
modifyRequest(req, &mockWhoisSource{id: whois})
|
|
|
|
if got := req.Header.Get("X-Webauth-User"); got != "foobar@example.com" {
|
|
t.Errorf("X-Webauth-User = %q; want %q", got, "foobar@example.com")
|
|
}
|
|
if got := req.Header.Get("X-Webauth-Role"); got != "Viewer" {
|
|
t.Errorf("X-Webauth-Role = %q; want %q", got, "Viewer")
|
|
}
|
|
}
|
|
|
|
func TestModifyRequest_RemoveHeaders_API(t *testing.T) {
|
|
req := httptest.NewRequest("DELETE", "/api/org/users/1", nil)
|
|
req.Header.Set("X-Webauth-User", "malicious@example.com")
|
|
req.Header.Set("X-Webauth-Role", "Admin")
|
|
|
|
modifyRequest(req, &mockWhoisSource{id: whois})
|
|
|
|
if got := req.Header.Get("X-Webauth-User"); got != "" {
|
|
t.Errorf("X-Webauth-User = %q; want %q", got, "")
|
|
}
|
|
if got := req.Header.Get("X-Webauth-Role"); got != "" {
|
|
t.Errorf("X-Webauth-Role = %q; want %q", got, "")
|
|
}
|
|
}
|