-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.test.ts
156 lines (140 loc) · 4.24 KB
/
login.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
import { HandlerResponse, HandlerEvent } from "@netlify/functions";
import { getLoginHandler } from "../login";
import { Options } from "../utils";
import {
emptyEvent,
emptyCallback,
emptyContext,
confirmError,
} from "./function-testing";
const fakeOktaUrl = "https://foo.okta.com/foo/bar";
describe("login", () => {
const loginEvent = {
...emptyEvent,
rawUrl: "http://localhost:8888/.netlify/functions/login",
};
test("no configured production url", async () => {
const handler = getLoginHandler();
const result = await handler(loginEvent, emptyContext, emptyCallback);
confirmError(result, 500, "Production URL not configured.");
});
test("no configured OKTA url", async () => {
const handler = getLoginHandler({ prodBaseUrl: "http://localhost:8888" });
const result = await handler(loginEvent, emptyContext, emptyCallback);
confirmError(result, 500, "OKTA URL not configured.");
});
const commonOptions = {
prodBaseUrl: "http://localhost:8888",
oktaUrl: fakeOktaUrl,
};
interface RedirectTestArgs {
expectedRedirectCookie?: string;
expectedTitle?: string;
expectedRedirectUrl?: string;
expectedTargetLabel?: string;
options?: Options;
event?: HandlerEvent;
}
async function redirectTest({
expectedRedirectCookie = `" + window.location.href + "`,
expectedTitle = "",
expectedRedirectUrl = fakeOktaUrl,
expectedTargetLabel = "Okta",
options = commonOptions,
event = loginEvent,
}: RedirectTestArgs): Promise<void> {
const handler = getLoginHandler(options);
const result = (await handler(
event,
emptyContext,
emptyCallback
)) as HandlerResponse;
const body = result.body ?? "";
expect(result.statusCode).toEqual(200);
expect(body).toContain(
"<title>Login" + (expectedTitle ? ": " + expectedTitle : "") + "</title>"
);
expect(body).toContain(`Redirecting to ${expectedTargetLabel} to login...`);
expect(body).toContain(
`document.cookie = "redirect_to=${expectedRedirectCookie}; path=/";`
);
if (options.unsafe?.debug) {
expect(body).toContain(
`a href="${expectedRedirectUrl}">Proceed to ${expectedTargetLabel}</a> (local dev mode)`
);
} else {
expect(body).toContain(
`window.location.href = "${expectedRedirectUrl}";`
);
}
}
test("redirect to Okta", async () => {
redirectTest({});
});
test("redirect to Okta in debug mode", async () => {
redirectTest({
options: {
...commonOptions,
unsafe: {
debug: true,
},
},
});
});
test("redirect to Okta with redirect_to", async () => {
redirectTest({
expectedRedirectCookie: "/docs/foo",
event: {
...loginEvent,
rawUrl: loginEvent.rawUrl + "?redirect_to=%2Fdocs%2Ffoo",
queryStringParameters: {
redirect_to: "/docs/foo",
},
},
});
});
test("redirect to Okta with JavaScript injection attack", async () => {
const javaScriptInjection = `"; window.alert("hi"); //`;
redirectTest({
expectedRedirectCookie: "/%22;%20window.alert(%22hi%22);%20//",
event: {
...loginEvent,
rawUrl:
loginEvent.rawUrl +
"?redirect_to=" +
encodeURIComponent(javaScriptInjection),
queryStringParameters: {
redirect_to: javaScriptInjection,
},
},
});
});
test("redirect to Okta with redirect_to using fallback raw url", async () => {
redirectTest({
expectedRedirectCookie: "/docs/foo",
event: {
...loginEvent,
rawUrl: "",
queryStringParameters: {
redirect_to: "/docs/foo",
},
},
});
});
test("redirect to Okta with custom title", async () => {
redirectTest({
expectedTitle: "My Cool Site",
options: { ...commonOptions, siteTitle: "My Cool Site" },
});
});
test("redirect to production site", async () => {
redirectTest({
expectedRedirectUrl:
"https://app.example.com/.netlify/functions/login?redirect_to=http%3A%2F%2Flocalhost%3A8888%2F.netlify%2Ffunctions%2Fauth",
expectedTargetLabel: "production site",
options: {
prodBaseUrl: "https://app.example.com",
},
});
});
});