Finalize message integrity checks for both inbound and outbound proxies.

Cimpress-MCP · Apr 4, 2015 · d136839 · d136839
1 parent 29afb22
commit d136839
Showing 1 changed file with 54 additions and 38 deletions.
diff --git a/test/message_integrity_verb_test.js b/test/message_integrity_verb_test.js
@@ -7,54 +7,70 @@ var validation_tools = require('./utils/validation_tools.js');
 // and registers a beforeEach to keep the request_sender and job_server clean between test runs.
 require('./bootstrap_test.js');
 
-// Tests that verbs are handled correctly by oauth_reverse_proxy
-describe('oauth_reverse_proxy message integrity: verbs', function() {
+// Run these tests in two modes, one where the outbound request is signed by the proxy and the other
+// where a signed request is sent to a reverse proxy.
+['oauth_proxy', 'oauth_reverse_proxy'].forEach(function(mode) {
 
-  // GETs and DELETEs have the same URL format and do not expect input, so test them both in a loop.
-  ['GET', 'DELETE'].forEach(function(verb) {
+  // Tests that verbs are handled correctly by oauth_reverse_proxy
+  describe(mode + ' message integrity: verbs', function() {
 
-    // Validate that a basic GET or DELETE request works.
-    it ("should accept a properly signed basic " + verb + " request", function(done) {
-      request_sender.sendSimpleAuthenticatedRequest(verb, 200, done);
-    });
+    var sendFn = mode === 'oauth_reverse_proxy' ?
+      request_sender.sendAuthenticatedRequest :
+      request_sender.sendProxyAuthenticatedRequest;
 
-    // Validate that a basic GET or DELETE over IPv6 works.
-    it ("should accept a properly signed " + verb + " over IPv6", function(done) {
-      request_sender.sendAuthenticatedRequest(verb, 'http://[::1]:8008/job/12345', {hostname: '[::1]'}, 200, done);
-    });
+    var simpleSendFn = mode === 'oauth_reverse_proxy' ?
+      request_sender.sendSimpleAuthenticatedRequest :
+      request_sender.sendSimpleProxyAuthenticatedRequest;
 
-    // Validate that a GET or DELETE with query parameters works.
-    it ("should accept a properly signed " + verb + " with query", function(done) {
-      request_sender.params.push(['query', 'ok']);
-      request_sender.sendAuthenticatedRequest(verb, 'http://localhost:8008/job/12345?query=ok', null, 200, done);
-    });
+    // GETs and DELETEs have the same URL format and do not expect input, so test them both in a loop.
+    ['GET', 'DELETE'].forEach(function(verb) {
 
-    // Validate that a GET or DELETE over IPv6 with query parameters works.
-    it ("should accept a properly signed " + verb + " over IPv6 with query", function(done) {
-      request_sender.params.push(['query', 'ok']);
-      request_sender.sendAuthenticatedRequest(verb, 'http://[::1]:8008/job/12345?query=ok', {hostname: '[::1]'}, 200, done);
-    });
+      // Validate that a basic GET or DELETE request works.
+      it ("should accept a properly signed basic " + verb + " request", function(done) {
+        simpleSendFn(verb, 200, done);
+      });
 
-    // Validate that a GET or DELETE with unsigned query parameters fails due to signature mismatch.
-    it ("should reject an improperly signed " + verb + " where query params are not part of the signature", function(done) {
-      request_sender.sendAuthenticatedRequest(verb, 'http://localhost:8008/job/12345?query=should_fail', null, 401, done);
-    });
-  });
+      // Validate that a basic GET or DELETE over IPv6 works.
+      it ("should accept a properly signed " + verb + " over IPv6", function(done) {
+        sendFn(verb, 'http://[::1]:8008/job/12345', {hostname: '[::1]'}, 200, done);
+      });
+
+      // Validate that a GET or DELETE with query parameters works.
+      it ("should accept a properly signed " + verb + " with query", function(done) {
+        request_sender.params.push(['query', 'ok']);
+        sendFn(verb, 'http://localhost:8008/job/12345?query=ok', null, 200, done);
+      });
 
-  // We want to test that giant query strings aren't allowed for any verb, so loop over them all
-  ['GET', 'POST', 'PUT', 'DELETE'].forEach(function(verb) {
+      // Validate that a GET or DELETE over IPv6 with query parameters works.
+      it ("should accept a properly signed " + verb + " over IPv6 with query", function(done) {
+        request_sender.params.push(['query', 'ok']);
+        sendFn(verb, 'http://[::1]:8008/job/12345?query=ok', {hostname: '[::1]'}, 200, done);
+      });
 
-    // Validate that a GET or DELETE with query string longer than 16kb fails due to signature mismatch.
-    it ("should reject a " + verb + " with a query greater than 16kb", function(done) {
-      var crazy_large_buffer = new Buffer(1024*16);
-      for (var i=0; i<crazy_large_buffer.length; ++i) {
-        crazy_large_buffer[i] = 'A'.charCodeAt();
+      // This test is not relevant for the outbound proxy
+      if (mode === 'oauth_reverse_proxy') {
+        // Validate that a GET or DELETE with unsigned query parameters fails due to signature mismatch.
+        it ("should reject an improperly signed " + verb + " where query params are not part of the signature", function(done) {
+          sendFn(verb, 'http://localhost:8008/job/12345?query=should_fail', null, 401, done);
+        });
       }
-      var crazy_large_str = crazy_large_buffer.toString();
-      var crazy_large_url = 'http://localhost:8008/job/crazy_huge_job?query_huge_query=' + crazy_large_str;
-      request_sender.params.push(['query_huge_query', crazy_large_str]);
+    });
+
+    // We want to test that giant query strings aren't allowed for any verb, so loop over them all
+    ['GET', 'POST', 'PUT', 'DELETE'].forEach(function(verb) {
+
+      // Validate that a GET or DELETE with query string longer than 16kb fails due to signature mismatch.
+      it ("should reject a " + verb + " with a query greater than 16kb", function(done) {
+        var crazy_large_buffer = new Buffer(1024*16);
+        for (var i=0; i<crazy_large_buffer.length; ++i) {
+          crazy_large_buffer[i] = 'A'.charCodeAt();
+        }
+        var crazy_large_str = crazy_large_buffer.toString();
+        var crazy_large_url = 'http://localhost:8008/job/crazy_huge_job?query_huge_query=' + crazy_large_str;
+        request_sender.params.push(['query_huge_query', crazy_large_str]);
 
-      request_sender.sendAuthenticatedRequest(verb, crazy_large_url, null, 413, done);
+        sendFn(verb, crazy_large_url, null, 413, done);
+      });
     });
   });
 });