mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
f5eab1271b
* Removing some other fake apps * More FakeApp removed * Removing entirely FakeApp * Fixing some tests * Fixing get Cluster id from get plugin status * Fixing failing tests * Fixing tests * Fixing test initialization for web * Fixing InitServer for server tests * Fixing InitServer for server tests * Reverting go.sum and go.mod * Removing unneded HTMLTemplates function in App layer * Moving back some functions to its old place to easy the review * Moving back some functions to its old place to easy the review * Using the last struct2interface version * Generating store layers * Fixing merge problems * Addressing PR comments * Small fix * Fixing app tests build * Fixing tests * fixing tests * Fix tests * Fixing tests * Fixing tests * Fixing tests * Moving license to server struct * Adding some fixes to the test compilation * Fixing cluster and some jobs initialization * Fixing some license tests compilation problems * Fixing recursive cache invalidation * Regenerating app layers * Fix test compilation Co-authored-by: mattermod <mattermod@users.noreply.github.com>
157 lines
4.0 KiB
Go
157 lines
4.0 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/mattermost/mattermost-server/v5/model"
|
|
"github.com/mattermost/mattermost-server/v5/store/storetest/mocks"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
acAllowOrigin = "Access-Control-Allow-Origin"
|
|
acExposeHeaders = "Access-Control-Expose-Headers"
|
|
acMaxAge = "Access-Control-Max-Age"
|
|
acAllowCredentials = "Access-Control-Allow-Credentials"
|
|
acAllowMethods = "Access-Control-Allow-Methods"
|
|
acAllowHeaders = "Access-Control-Allow-Headers"
|
|
)
|
|
|
|
func TestCORSRequestHandling(t *testing.T) {
|
|
for name, testcase := range map[string]struct {
|
|
AllowCorsFrom string
|
|
CorsExposedHeaders string
|
|
CorsAllowCredentials bool
|
|
ModifyRequest func(req *http.Request)
|
|
ExpectedAllowOrigin string
|
|
ExpectedExposeHeaders string
|
|
ExpectedAllowCredentials string
|
|
}{
|
|
"NoCORS": {
|
|
"",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
},
|
|
"",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabled": {
|
|
"http://somewhere.com",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
},
|
|
"",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabledStarOrigin": {
|
|
"*",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
req.Header.Set("Origin", "http://pre-release.mattermost.com")
|
|
},
|
|
"*",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabledStarNoOrigin": { // CORS spec requires this, not a bug.
|
|
"*",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
},
|
|
"",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabledMatching": {
|
|
"http://mattermost.com",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
req.Header.Set("Origin", "http://mattermost.com")
|
|
},
|
|
"http://mattermost.com",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabledMultiple": {
|
|
"http://spinmint.com http://mattermost.com",
|
|
"",
|
|
false,
|
|
func(req *http.Request) {
|
|
req.Header.Set("Origin", "http://mattermost.com")
|
|
},
|
|
"http://mattermost.com",
|
|
"",
|
|
"",
|
|
},
|
|
"CORSEnabledWithCredentials": {
|
|
"http://mattermost.com",
|
|
"",
|
|
true,
|
|
func(req *http.Request) {
|
|
req.Header.Set("Origin", "http://mattermost.com")
|
|
},
|
|
"http://mattermost.com",
|
|
"",
|
|
"true",
|
|
},
|
|
"CORSEnabledWithHeaders": {
|
|
"http://mattermost.com",
|
|
"x-my-special-header x-blueberry",
|
|
true,
|
|
func(req *http.Request) {
|
|
req.Header.Set("Origin", "http://mattermost.com")
|
|
},
|
|
"http://mattermost.com",
|
|
"X-My-Special-Header, X-Blueberry",
|
|
"true",
|
|
},
|
|
} {
|
|
t.Run(name, func(t *testing.T) {
|
|
th := SetupConfigWithStoreMock(t, func(cfg *model.Config) {
|
|
*cfg.ServiceSettings.AllowCorsFrom = testcase.AllowCorsFrom
|
|
*cfg.ServiceSettings.CorsExposedHeaders = testcase.CorsExposedHeaders
|
|
*cfg.ServiceSettings.CorsAllowCredentials = testcase.CorsAllowCredentials
|
|
})
|
|
defer th.TearDown()
|
|
systemStore := mocks.SystemStore{}
|
|
systemStore.On("Get").Return(make(model.StringMap), nil)
|
|
licenseStore := mocks.LicenseStore{}
|
|
licenseStore.On("Get", "").Return(&model.LicenseRecord{}, nil)
|
|
th.App.Srv().Store.(*mocks.Store).On("System").Return(&systemStore)
|
|
th.App.Srv().Store.(*mocks.Store).On("License").Return(&licenseStore)
|
|
|
|
port := th.App.Srv().ListenAddr.Port
|
|
host := fmt.Sprintf("http://localhost:%v", port)
|
|
url := fmt.Sprintf("%v/api/v4/system/ping", host)
|
|
|
|
req, err := http.NewRequest("GET", url, nil)
|
|
require.NoError(t, err)
|
|
testcase.ModifyRequest(req)
|
|
|
|
client := &http.Client{}
|
|
resp, err := client.Do(req)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
|
assert.Equal(t, testcase.ExpectedAllowOrigin, resp.Header.Get(acAllowOrigin))
|
|
assert.Equal(t, testcase.ExpectedExposeHeaders, resp.Header.Get(acExposeHeaders))
|
|
assert.Equal(t, "", resp.Header.Get(acMaxAge))
|
|
assert.Equal(t, testcase.ExpectedAllowCredentials, resp.Header.Get(acAllowCredentials))
|
|
assert.Equal(t, "", resp.Header.Get(acAllowMethods))
|
|
assert.Equal(t, "", resp.Header.Get(acAllowHeaders))
|
|
})
|
|
}
|
|
}
|