From bfe20b840269c1a6af3cb0d3f4203f98371921cf Mon Sep 17 00:00:00 2001 From: Rohith Jayawardene <gambol99@gmail.com> Date: Fri, 24 Mar 2017 11:07:19 +0000 Subject: [PATCH] Abort On Request (#205) - aborting on the requests to /oauth/ --- handlers_test.go | 13 +++++++++---- middleware.go | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/handlers_test.go b/handlers_test.go index 6e52a5f..cc36ffc 100644 --- a/handlers_test.go +++ b/handlers_test.go @@ -247,10 +247,6 @@ func TestAuthorizationURL(t *testing.T) { ExpectedURL string ExpectedCode int }{ - { - URL: "/", - ExpectedCode: http.StatusOK, - }, { URL: "/admin", ExpectedURL: "/oauth/authorize?state=L2FkbWlu", @@ -271,11 +267,20 @@ func TestAuthorizationURL(t *testing.T) { ExpectedURL: "/oauth/authorize?state=L2FkbWluP3Rlc3Q9eWVzJnRlc3QxPXRlc3Q=", ExpectedCode: http.StatusTemporaryRedirect, }, + { + URL: "/oauth/test", + ExpectedCode: http.StatusNotFound, + }, + { + URL: "/oauth/callback/..//test", + ExpectedCode: http.StatusNotFound, + }, } for i, x := range cs { resp, _ := client.Get(u + x.URL) assert.Equal(t, x.ExpectedCode, resp.StatusCode, "case %d, expect: %v, got: %s", i, x.ExpectedCode, resp.StatusCode) assert.Equal(t, x.ExpectedURL, resp.Header.Get("Location"), "case %d, expect: %v, got: %s", i, x.ExpectedURL, resp.Header.Get("Location")) + assert.Empty(t, resp.Header.Get(testProxyAccepted)) } } diff --git a/middleware.go b/middleware.go index c82854d..fb06824 100644 --- a/middleware.go +++ b/middleware.go @@ -96,6 +96,7 @@ func (r *oauthProxy) entrypointMiddleware() gin.HandlerFunc { return func(cx *gin.Context) { // step: we can skip if under oauth prefix if strings.HasPrefix(cx.Request.URL.Path, oauthURL) { + cx.Abort() return } -- GitLab