Merge branch 'master' into kamal/whitelist-redirects-with-ports

oauthproxy_test.go

@@ -474,6 +474,7 @@ type PassAccessTokenTest struct {
 
 type PassAccessTokenTestOptions struct {
 	PassAccessToken bool
+	ProxyUpstream   string
 }
 
 func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTest {
@@ -481,7 +482,6 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes
 
 	t.providerServer = httptest.NewServer(
 		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			logger.Printf("%#v", r)
 			var payload string
 			switch r.URL.Path {
 			case "/oauth/token":
@@ -498,6 +498,9 @@ func NewPassAccessTokenTest(opts PassAccessTokenTestOptions) *PassAccessTokenTes
 
 	t.opts = NewOptions()
 	t.opts.Upstreams = append(t.opts.Upstreams, t.providerServer.URL)
+	if opts.ProxyUpstream != "" {
+		t.opts.Upstreams = append(t.opts.Upstreams, opts.ProxyUpstream)
+	}
 	// The CookieSecret must be 32 bytes in order to create the AES
 	// cipher.
 	t.opts.CookieSecret = "xyzzyplughxyzzyplughxyzzyplughxp"
@@ -534,7 +537,9 @@ func (patTest *PassAccessTokenTest) getCallbackEndpoint() (httpCode int,
 	return rw.Code, rw.HeaderMap["Set-Cookie"][1]
 }
 
-func (patTest *PassAccessTokenTest) getRootEndpoint(cookie string) (httpCode int, accessToken string) {
+// getEndpointWithCookie makes a requests againt the oauthproxy with passed requestPath
+// and cookie and returns body and status code.
+func (patTest *PassAccessTokenTest) getEndpointWithCookie(cookie string, endpoint string) (httpCode int, accessToken string) {
 	cookieName := patTest.proxy.CookieName
 	var value string
 	keyPrefix := cookieName + "="
@@ -551,7 +556,7 @@ func (patTest *PassAccessTokenTest) getRootEndpoint(cookie string) (httpCode int
 		return 0, ""
 	}
 
-	req, err := http.NewRequest("GET", "/", strings.NewReader(""))
+	req, err := http.NewRequest("GET", endpoint, strings.NewReader(""))
 	if err != nil {
 		return 0, ""
 	}
@@ -584,13 +589,37 @@ func TestForwardAccessTokenUpstream(t *testing.T) {
 	// Now we make a regular request; the access_token from the cookie is
 	// forwarded as the "X-Forwarded-Access-Token" header. The token is
 	// read by the test provider server and written in the response body.
-	code, payload := patTest.getRootEndpoint(cookie)
+	code, payload := patTest.getEndpointWithCookie(cookie, "/")
 	if code != 200 {
 		t.Fatalf("expected 200; got %d", code)
 	}
 	assert.Equal(t, "my_auth_token", payload)
 }
 
+func TestStaticProxyUpstream(t *testing.T) {
+	patTest := NewPassAccessTokenTest(PassAccessTokenTestOptions{
+		PassAccessToken: true,
+		ProxyUpstream:   "static://200/static-proxy",
+	})
+
+	defer patTest.Close()
+
+	// A successful validation will redirect and set the auth cookie.
+	code, cookie := patTest.getCallbackEndpoint()
+	if code != 302 {
+		t.Fatalf("expected 302; got %d", code)
+	}
+	assert.NotEqual(t, nil, cookie)
+
+	// Now we make a regular request againts the upstream proxy; And validate
+	// the returned status code through the static proxy.
+	code, payload := patTest.getEndpointWithCookie(cookie, "/static-proxy")
+	if code != 200 {
+		t.Fatalf("expected 200; got %d", code)
+	}
+	assert.Equal(t, "Authenticated", payload)
+}
+
 func TestDoNotForwardAccessTokenUpstream(t *testing.T) {
 	patTest := NewPassAccessTokenTest(PassAccessTokenTestOptions{
 		PassAccessToken: false,
@@ -606,7 +635,7 @@ func TestDoNotForwardAccessTokenUpstream(t *testing.T) {
 
 	// Now we make a regular request, but the access token header should
 	// not be present.
-	code, payload := patTest.getRootEndpoint(cookie)
+	code, payload := patTest.getEndpointWithCookie(cookie, "/")
 	if code != 200 {
 		t.Fatalf("expected 200; got %d", code)
 	}