grafana/pkg/util/proxyutil/proxyutil_test.go

package proxyutil

import (
	"net/http"
	"testing"

	"github.com/stretchr/testify/require"

	"github.com/grafana/grafana/pkg/services/user"
)

func TestPrepareProxyRequest(t *testing.T) {
	t.Run("Prepare proxy request should clear Origin and Referer headers", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("Origin", "https://host.com")
		req.Header.Set("Referer", "https://host.com/dashboard")

		PrepareProxyRequest(req)
		require.NotContains(t, req.Header, "Origin")
		require.NotContains(t, req.Header, "Referer")
	})

	t.Run("Prepare proxy request should set X-Grafana-Referer header", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("Referer", "https://host.com/dashboard")

		PrepareProxyRequest(req)
		require.Contains(t, req.Header, "X-Grafana-Referer")
		require.Equal(t, "https://host.com/dashboard", req.Header.Get("X-Grafana-Referer"))
	})

	t.Run("Prepare proxy request X-Grafana-Referer handles multiline", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("Referer", "https://www.google.ch\r\nOtherHeader:https://www.somethingelse.com")

		PrepareProxyRequest(req)
		require.Contains(t, req.Header, "X-Grafana-Referer")
		require.NotContains(t, req.Header, "OtherHeader")
		require.Equal(t, "https://www.google.ch\r\nOtherHeader:https://www.somethingelse.com", req.Header.Get("X-Grafana-Referer"))
	})

	t.Run("Prepare proxy request should clear X-Forwarded headers", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("X-Forwarded-Host", "host")
		req.Header.Set("X-Forwarded-Port", "123")
		req.Header.Set("X-Forwarded-Proto", "http1")

		PrepareProxyRequest(req)
		require.NotContains(t, req.Header, "X-Forwarded-Host")
		require.NotContains(t, req.Header, "X-Forwarded-Port")
		require.NotContains(t, req.Header, "X-Forwarded-Proto")
	})

	t.Run("Prepare proxy request should set X-Forwarded-For", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		req.RemoteAddr = "127.0.0.1:1234"
		require.NoError(t, err)

		PrepareProxyRequest(req)
		require.Contains(t, req.Header, "X-Forwarded-For")
		require.Equal(t, "127.0.0.1", req.Header.Get("X-Forwarded-For"))
	})

	t.Run("Prepare proxy request should append client ip at the end of X-Forwarded-For", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		req.RemoteAddr = "127.0.0.1:1234"
		req.Header.Set("X-Forwarded-For", "192.168.0.1")
		require.NoError(t, err)

		PrepareProxyRequest(req)
		require.Contains(t, req.Header, "X-Forwarded-For")
		require.Equal(t, "192.168.0.1, 127.0.0.1", req.Header.Get("X-Forwarded-For"))
	})
}

func TestClearCookieHeader(t *testing.T) {
	t.Run("Clear cookie header should clear Cookie header", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie"})

		ClearCookieHeader(req, nil, nil)
		require.NotContains(t, req.Header, "Cookie")
	})

	t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "cookie2"})
		req.AddCookie(&http.Cookie{Name: "cookie3"})

		ClearCookieHeader(req, []string{"cookie1", "cookie3"}, nil)
		require.Contains(t, req.Header, "Cookie")
		require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
	})

	t.Run("Clear cookie header with cookies to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "cookie2"})
		req.AddCookie(&http.Cookie{Name: "cookie3"})

		ClearCookieHeader(req, []string{"cookie1", "cookie3"}, []string{"cookie3"})
		require.Contains(t, req.Header, "Cookie")
		require.Equal(t, "cookie1=", req.Header.Get("Cookie"))
	})

	t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies with optional matching", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "cookie3"})

		ClearCookieHeader(req, []string{"cookie[]"}, nil)
		require.Contains(t, req.Header, "Cookie")
		require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
	})

	t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies with matching pattern but with empty matching option", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "cookie2"})
		req.AddCookie(&http.Cookie{Name: "cookie3"})

		ClearCookieHeader(req, []string{"cookie[]"}, []string{"cookie2"})
		require.Contains(t, req.Header, "Cookie")
		require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
	})

	t.Run("Clear cookie header with cookie match pattern to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cook1"})
		req.AddCookie(&http.Cookie{Name: "special23"})
		req.AddCookie(&http.Cookie{Name: "special_1asd987dsf9a"})
		req.AddCookie(&http.Cookie{Name: "c00k1e"})

		ClearCookieHeader(req, []string{"special_[]"}, nil)
		require.Contains(t, req.Header, "Cookie")
		require.Equal(t, "special_1asd987dsf9a=", req.Header.Get("Cookie"))
	})

	t.Run("Clear cookie header with cookie should not match BAD pattern and return no cookies", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "special23"})

		ClearCookieHeader(req, []string{"[]cookie"}, nil)
		require.NotContains(t, req.Header, "Cookie")
	})

	t.Run("Clear cookie header with cookie should match all cookies when keepCookies is *", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.AddCookie(&http.Cookie{Name: "cookie1"})
		req.AddCookie(&http.Cookie{Name: "special23"})

		ClearCookieHeader(req, []string{"[]"}, nil)
		require.Equal(t, "cookie1=; special23=", req.Header.Get("Cookie"))
	})
}

func TestApplyUserHeader(t *testing.T) {
	t.Run("Should not apply user header when not enabled, should remove the existing", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("X-Grafana-User", "admin")

		ApplyUserHeader(false, req, &user.SignedInUser{Login: "admin"})
		require.NotContains(t, req.Header, "X-Grafana-User")
	})

	t.Run("Should not apply user header when user is nil, should remove the existing", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)
		req.Header.Set("X-Grafana-User", "admin")

		ApplyUserHeader(false, req, nil)
		require.NotContains(t, req.Header, "X-Grafana-User")
	})

	t.Run("Should not apply user header for anonomous user", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)

		ApplyUserHeader(true, req, &user.SignedInUser{IsAnonymous: true})
		require.NotContains(t, req.Header, "X-Grafana-User")
	})

	t.Run("Should apply user header for non-anonomous user", func(t *testing.T) {
		req, err := http.NewRequest(http.MethodGet, "/", nil)
		require.NoError(t, err)

		ApplyUserHeader(true, req, &user.SignedInUser{Login: "admin"})
		require.Equal(t, "admin", req.Header.Get("X-Grafana-User"))
	})
}
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`package proxyutil`

			`import (`
			`"net/http"`
			`"testing"`

			`"github.com/stretchr/testify/require"`
Chore: Fix goimports grouping (#62423) * fix goimports * fix goimports order 2023-01-30 09:25:58 +01:00
			`"github.com/grafana/grafana/pkg/services/user"`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`)`

			`func TestPrepareProxyRequest(t *testing.T) {`
DataProxy: Populate X-Grafana-Referer header (#60040) * ProxyUtil: Populate X-Grafana-Referer header * ProxyUtil: Move Referer/Origin header removal So that the removal and setting X-Grafana-Referer logic applies to all proxied requests and not just datasource proxy. * ProxyUtil: Test to guard against multiline headers * ProxyUtil: Explicitly check injected header isn't parsed 2022-12-15 09:08:10 +00:00			`t.Run("Prepare proxy request should clear Origin and Referer headers", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Origin", "https://host.com")`
			`req.Header.Set("Referer", "https://host.com/dashboard")`

			`PrepareProxyRequest(req)`
			`require.NotContains(t, req.Header, "Origin")`
			`require.NotContains(t, req.Header, "Referer")`
			`})`

			`t.Run("Prepare proxy request should set X-Grafana-Referer header", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Referer", "https://host.com/dashboard")`

			`PrepareProxyRequest(req)`
			`require.Contains(t, req.Header, "X-Grafana-Referer")`
			`require.Equal(t, "https://host.com/dashboard", req.Header.Get("X-Grafana-Referer"))`
			`})`

			`t.Run("Prepare proxy request X-Grafana-Referer handles multiline", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Referer", "https://www.google.ch\r\nOtherHeader:https://www.somethingelse.com")`

			`PrepareProxyRequest(req)`
			`require.Contains(t, req.Header, "X-Grafana-Referer")`
			`require.NotContains(t, req.Header, "OtherHeader")`
			`require.Equal(t, "https://www.google.ch\r\nOtherHeader:https://www.somethingelse.com", req.Header.Get("X-Grafana-Referer"))`
			`})`

Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`t.Run("Prepare proxy request should clear X-Forwarded headers", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
Chore: Use Header.Set method instead of Header.Add (#29804) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-12-14 15:13:01 +01:00			`req.Header.Set("X-Forwarded-Host", "host")`
			`req.Header.Set("X-Forwarded-Port", "123")`
			`req.Header.Set("X-Forwarded-Proto", "http1")`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00
			`PrepareProxyRequest(req)`
			`require.NotContains(t, req.Header, "X-Forwarded-Host")`
			`require.NotContains(t, req.Header, "X-Forwarded-Port")`
			`require.NotContains(t, req.Header, "X-Forwarded-Proto")`
			`})`

			`t.Run("Prepare proxy request should set X-Forwarded-For", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`req.RemoteAddr = "127.0.0.1:1234"`
			`require.NoError(t, err)`

			`PrepareProxyRequest(req)`
			`require.Contains(t, req.Header, "X-Forwarded-For")`
			`require.Equal(t, "127.0.0.1", req.Header.Get("X-Forwarded-For"))`
			`})`

Fix misspell issues (#23905) * Fix misspell issues See, $ golangci-lint run --timeout 10m --disable-all -E misspell ./... Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com> * Fix codespell issues See, $ codespell -S './.git' -L 'uint,thru,pres,unknwon,serie,referer,uptodate,durationm' Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com> ci please? * non-empty commit - ci? * Trigger build Co-authored-by: bergquist <carl.bergquist@gmail.com> Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-04-29 21:37:21 +02:00			`t.Run("Prepare proxy request should append client ip at the end of X-Forwarded-For", func(t *testing.T) {`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`req.RemoteAddr = "127.0.0.1:1234"`
Chore: Use Header.Set method instead of Header.Add (#29804) Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-12-14 15:13:01 +01:00			`req.Header.Set("X-Forwarded-For", "192.168.0.1")`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`require.NoError(t, err)`

			`PrepareProxyRequest(req)`
			`require.Contains(t, req.Header, "X-Forwarded-For")`
			`require.Equal(t, "192.168.0.1, 127.0.0.1", req.Header.Get("X-Forwarded-For"))`
			`})`
			`}`

			`func TestClearCookieHeader(t *testing.T) {`
			`t.Run("Clear cookie header should clear Cookie header", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie"})`

[main] Plugin fixes (#57399) * Plugins: Remove support for V1 manifests * Plugins: Make proxy endpoints not leak sensitive HTTP headers * Security: Fix do not forward login cookie in outgoing requests (cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-10-21 13:54:55 +02:00			`ClearCookieHeader(req, nil, nil)`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`require.NotContains(t, req.Header, "Cookie")`
			`})`

			`t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "cookie2"})`
			`req.AddCookie(&http.Cookie{Name: "cookie3"})`

[main] Plugin fixes (#57399) * Plugins: Remove support for V1 manifests * Plugins: Make proxy endpoints not leak sensitive HTTP headers * Security: Fix do not forward login cookie in outgoing requests (cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-10-21 13:54:55 +02:00			`ClearCookieHeader(req, []string{"cookie1", "cookie3"}, nil)`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`require.Contains(t, req.Header, "Cookie")`
			`require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))`
			`})`
[main] Plugin fixes (#57399) * Plugins: Remove support for V1 manifests * Plugins: Make proxy endpoints not leak sensitive HTTP headers * Security: Fix do not forward login cookie in outgoing requests (cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-10-21 13:54:55 +02:00
			`t.Run("Clear cookie header with cookies to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "cookie2"})`
			`req.AddCookie(&http.Cookie{Name: "cookie3"})`

			`ClearCookieHeader(req, []string{"cookie1", "cookie3"}, []string{"cookie3"})`
			`require.Contains(t, req.Header, "Cookie")`
			`require.Equal(t, "cookie1=", req.Header.Get("Cookie"))`
			`})`
Feat: Match allowed cookies with optional character (#71047) * Match allowed cookies with optional character * Use strings package 2023-07-05 17:12:56 +03:00
			`t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies with optional matching", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "cookie3"})`

			`ClearCookieHeader(req, []string{"cookie[]"}, nil)`
			`require.Contains(t, req.Header, "Cookie")`
			`require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))`
			`})`

			`t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies with matching pattern but with empty matching option", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "cookie2"})`
			`req.AddCookie(&http.Cookie{Name: "cookie3"})`

			`ClearCookieHeader(req, []string{"cookie[]"}, []string{"cookie2"})`
			`require.Contains(t, req.Header, "Cookie")`
			`require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))`
			`})`

			`t.Run("Clear cookie header with cookie match pattern to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cook1"})`
			`req.AddCookie(&http.Cookie{Name: "special23"})`
			`req.AddCookie(&http.Cookie{Name: "special_1asd987dsf9a"})`
			`req.AddCookie(&http.Cookie{Name: "c00k1e"})`

			`ClearCookieHeader(req, []string{"special_[]"}, nil)`
			`require.Contains(t, req.Header, "Cookie")`
			`require.Equal(t, "special_1asd987dsf9a=", req.Header.Get("Cookie"))`
			`})`

			`t.Run("Clear cookie header with cookie should not match BAD pattern and return no cookies", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "special23"})`

			`ClearCookieHeader(req, []string{"[]cookie"}, nil)`
			`require.NotContains(t, req.Header, "Cookie")`
			`})`

			`t.Run("Clear cookie header with cookie should match all cookies when keepCookies is ", func(t testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.AddCookie(&http.Cookie{Name: "cookie1"})`
			`req.AddCookie(&http.Cookie{Name: "special23"})`

			`ClearCookieHeader(req, []string{"[]"}, nil)`
			`require.Equal(t, "cookie1=; special23=", req.Header.Get("Cookie"))`
			`})`
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512 2020-03-03 11:45:16 +01:00			`}`
Plugins: Forward user header (X-Grafana-User) in backend plugin requests (#58646) Grafana would forward the X-Grafana-User header to backend plugin request when dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically forwarded in outgoing HTTP requests for core/builtin HTTP datasources. Use grafana-plugin-sdk-go v0.147.0. Fixes #47734 Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-12-15 15:28:25 +01:00
			`func TestApplyUserHeader(t *testing.T) {`
			`t.Run("Should not apply user header when not enabled, should remove the existing", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("X-Grafana-User", "admin")`

			`ApplyUserHeader(false, req, &user.SignedInUser{Login: "admin"})`
			`require.NotContains(t, req.Header, "X-Grafana-User")`
			`})`

			`t.Run("Should not apply user header when user is nil, should remove the existing", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("X-Grafana-User", "admin")`

			`ApplyUserHeader(false, req, nil)`
			`require.NotContains(t, req.Header, "X-Grafana-User")`
			`})`

			`t.Run("Should not apply user header for anonomous user", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`

			`ApplyUserHeader(true, req, &user.SignedInUser{IsAnonymous: true})`
			`require.NotContains(t, req.Header, "X-Grafana-User")`
			`})`

			`t.Run("Should apply user header for non-anonomous user", func(t *testing.T) {`
			`req, err := http.NewRequest(http.MethodGet, "/", nil)`
			`require.NoError(t, err)`

			`ApplyUserHeader(true, req, &user.SignedInUser{Login: "admin"})`
			`require.Equal(t, "admin", req.Header.Get("X-Grafana-User"))`
			`})`
			`}`