From bfe20b840269c1a6af3cb0d3f4203f98371921cf Mon Sep 17 00:00:00 2001
From: Rohith Jayawardene <gambol99@gmail.com>
Date: Fri, 24 Mar 2017 11:07:19 +0000
Subject: [PATCH] Abort On Request (#205)

- aborting on the requests to /oauth/
---
 handlers_test.go | 13 +++++++++----
 middleware.go    |  1 +
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/handlers_test.go b/handlers_test.go
index 6e52a5f..cc36ffc 100644
--- a/handlers_test.go
+++ b/handlers_test.go
@@ -247,10 +247,6 @@ func TestAuthorizationURL(t *testing.T) {
 		ExpectedURL  string
 		ExpectedCode int
 	}{
-		{
-			URL:          "/",
-			ExpectedCode: http.StatusOK,
-		},
 		{
 			URL:          "/admin",
 			ExpectedURL:  "/oauth/authorize?state=L2FkbWlu",
@@ -271,11 +267,20 @@ func TestAuthorizationURL(t *testing.T) {
 			ExpectedURL:  "/oauth/authorize?state=L2FkbWluP3Rlc3Q9eWVzJnRlc3QxPXRlc3Q=",
 			ExpectedCode: http.StatusTemporaryRedirect,
 		},
+		{
+			URL:          "/oauth/test",
+			ExpectedCode: http.StatusNotFound,
+		},
+		{
+			URL:          "/oauth/callback/..//test",
+			ExpectedCode: http.StatusNotFound,
+		},
 	}
 	for i, x := range cs {
 		resp, _ := client.Get(u + x.URL)
 		assert.Equal(t, x.ExpectedCode, resp.StatusCode, "case %d, expect: %v, got: %s", i, x.ExpectedCode, resp.StatusCode)
 		assert.Equal(t, x.ExpectedURL, resp.Header.Get("Location"), "case %d, expect: %v, got: %s", i, x.ExpectedURL, resp.Header.Get("Location"))
+		assert.Empty(t, resp.Header.Get(testProxyAccepted))
 	}
 }
 
diff --git a/middleware.go b/middleware.go
index c82854d..fb06824 100644
--- a/middleware.go
+++ b/middleware.go
@@ -96,6 +96,7 @@ func (r *oauthProxy) entrypointMiddleware() gin.HandlerFunc {
 	return func(cx *gin.Context) {
 		// step: we can skip if under oauth prefix
 		if strings.HasPrefix(cx.Request.URL.Path, oauthURL) {
+			cx.Abort()
 			return
 		}
 
-- 
GitLab