Abort On Request (#205)

- aborting on the requests to /oauth/

Abort On Request (#205)
- aborting on the requests to /oauth/
bfe20b84 · Rohith Jayawardene · GitHub · de270d18 · bfe20b84 · bfe20b84
Commit bfe20b84 authored Mar 24, 2017 by Rohith Jayawardene Committed by GitHub Mar 24, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

handlers_test.go handlers_test.go +9 -4

middleware.go middleware.go +1 -0

No files found.
--- a/handlers_test.go
+++ b/handlers_test.go
@@ -247,10 +247,6 @@ func TestAuthorizationURL(t *testing.T) {
 		ExpectedURL  string
 		ExpectedCode int
 	}{
-		{
-			URL:          "/",
-			ExpectedCode: http.StatusOK,
-		},
 		{
 			URL:          "/admin",
 			ExpectedURL:  "/oauth/authorize?state=L2FkbWlu",
@@ -271,11 +267,20 @@ func TestAuthorizationURL(t *testing.T) {
 			ExpectedURL:  "/oauth/authorize?state=L2FkbWluP3Rlc3Q9eWVzJnRlc3QxPXRlc3Q=",
 			ExpectedCode: http.StatusTemporaryRedirect,
 		},
+		{
+			URL:          "/oauth/test",
+			ExpectedCode: http.StatusNotFound,
+		},
+		{
+			URL:          "/oauth/callback/..//test",
+			ExpectedCode: http.StatusNotFound,
+		},
 	}
 	for i, x := range cs {
 		resp, _ := client.Get(u + x.URL)
 		assert.Equal(t, x.ExpectedCode, resp.StatusCode, "case %d, expect: %v, got: %s", i, x.ExpectedCode, resp.StatusCode)
 		assert.Equal(t, x.ExpectedURL, resp.Header.Get("Location"), "case %d, expect: %v, got: %s", i, x.ExpectedURL, resp.Header.Get("Location"))
+		assert.Empty(t, resp.Header.Get(testProxyAccepted))
 	}
 }


--- a/middleware.go
+++ b/middleware.go
@@ -96,6 +96,7 @@ func (r *oauthProxy) entrypointMiddleware() gin.HandlerFunc {
 	return func(cx *gin.Context) {
 		// step: we can skip if under oauth prefix
 		if strings.HasPrefix(cx.Request.URL.Path, oauthURL) {
+			cx.Abort()
 			return
 		}