49 lines
1.4 KiB
Go
49 lines
1.4 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package common
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/test"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestFetchRedirectDelegate(t *testing.T) {
|
|
defer test.MockVariableValue(&setting.AppURL, "https://gitea/")()
|
|
|
|
cases := []struct {
|
|
method string
|
|
input string
|
|
status int
|
|
}{
|
|
{method: "POST", input: "/foo?k=v", status: http.StatusSeeOther},
|
|
{method: "GET", input: "/foo?k=v", status: http.StatusBadRequest},
|
|
{method: "POST", input: `\/foo?k=v`, status: http.StatusBadRequest},
|
|
{method: "POST", input: `\\/foo?k=v`, status: http.StatusBadRequest},
|
|
{method: "POST", input: "https://gitea/xxx", status: http.StatusSeeOther},
|
|
{method: "POST", input: "https://other/xxx", status: http.StatusBadRequest},
|
|
}
|
|
for _, c := range cases {
|
|
t.Run(c.method+" "+c.input, func(t *testing.T) {
|
|
resp := httptest.NewRecorder()
|
|
req := httptest.NewRequest(c.method, "/?redirect="+url.QueryEscape(c.input), nil)
|
|
FetchRedirectDelegate(resp, req)
|
|
assert.Equal(t, c.status, resp.Code)
|
|
if c.status == http.StatusSeeOther {
|
|
assert.Equal(t, c.input, resp.Header().Get("Location"))
|
|
} else {
|
|
assert.Empty(t, resp.Header().Get("Location"))
|
|
assert.Equal(t, "Bad Request", strings.TrimSpace(resp.Body.String()))
|
|
}
|
|
})
|
|
}
|
|
}
|