empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1158ad2559
fleet/server/service/endpoint_utils_test.go

483 lines
15 KiB
Go
Raw Normal View History

Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
package service
import (
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
"bytes"
Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
"context"
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
"io"
"net/http"
Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
"net/http/httptest"
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
"net/url"
Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
"strings"
"testing"
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
"time"
Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
"github.com/fleetdm/fleet/v4/server/mock"
"github.com/fleetdm/fleet/v4/server/ptr"
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
"github.com/go-kit/kit/endpoint"
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
kitlog "github.com/go-kit/kit/log"
kithttp "github.com/go-kit/kit/transport/http"
Make decoder completely generic and simplify things (#1542) * Make decoder completely generic and simplify things * Add commends and unexport func
2021-08-03 19:56:54 +00:00
"github.com/gorilla/mux"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestUniversalDecoderIDs(t *testing.T) {
type universalStruct struct {
ID1 uint `url:"some-id"`
OptionalID uint `url:"some-other-id,optional"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target", nil)
req = mux.SetURLVars(req, map[string]string{"some-id": "999"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, uint(999), casted.ID1)
assert.Equal(t, uint(0), casted.OptionalID)
// fails if non optional IDs are not provided
req = httptest.NewRequest("POST", "/target", nil)
_, err = decoder(context.Background(), req)
require.Error(t, err)
}
func TestUniversalDecoderIDsAndJSON(t *testing.T) {
type universalStruct struct {
ID1 uint `url:"some-id"`
SomeString string `json:"some_string"`
}
decoder := makeDecoder(universalStruct{})
body := `{"some_string": "hello"}`
req := httptest.NewRequest("POST", "/target", strings.NewReader(body))
req = mux.SetURLVars(req, map[string]string{"some-id": "999"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, uint(999), casted.ID1)
assert.Equal(t, "hello", casted.SomeString)
}
func TestUniversalDecoderIDsAndJSONEmbedded(t *testing.T) {
type EmbeddedJSON struct {
SomeString string `json:"some_string"`
}
type UniversalStruct struct {
ID1 uint `url:"some-id"`
EmbeddedJSON
}
decoder := makeDecoder(UniversalStruct{})
body := `{"some_string": "hello"}`
req := httptest.NewRequest("POST", "/target", strings.NewReader(body))
req = mux.SetURLVars(req, map[string]string{"some-id": "999"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*UniversalStruct)
require.True(t, ok)
assert.Equal(t, uint(999), casted.ID1)
assert.Equal(t, "hello", casted.SomeString)
}
func TestUniversalDecoderIDsAndListOptions(t *testing.T) {
type universalStruct struct {
ID1 uint `url:"some-id"`
Opts fleet.ListOptions `url:"list_options"`
SomeString string `json:"some_string"`
}
decoder := makeDecoder(universalStruct{})
body := `{"some_string": "bye"}`
req := httptest.NewRequest("POST", "/target?per_page=77&page=4", strings.NewReader(body))
req = mux.SetURLVars(req, map[string]string{"some-id": "123"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, uint(123), casted.ID1)
assert.Equal(t, "bye", casted.SomeString)
assert.Equal(t, uint(77), casted.Opts.PerPage)
assert.Equal(t, uint(4), casted.Opts.Page)
}
func TestUniversalDecoderHandlersEmbeddedAndNot(t *testing.T) {
type EmbeddedJSON struct {
SomeString string `json:"some_string"`
}
type universalStruct struct {
ID1 uint `url:"some-id"`
Opts fleet.ListOptions `url:"list_options"`
EmbeddedJSON
}
decoder := makeDecoder(universalStruct{})
body := `{"some_string": "o/"}`
req := httptest.NewRequest("POST", "/target?per_page=77&page=4", strings.NewReader(body))
req = mux.SetURLVars(req, map[string]string{"some-id": "123"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, uint(123), casted.ID1)
assert.Equal(t, "o/", casted.SomeString)
assert.Equal(t, uint(77), casted.Opts.PerPage)
assert.Equal(t, uint(4), casted.Opts.Page)
}
func TestUniversalDecoderListOptions(t *testing.T) {
type universalStruct struct {
ID1 uint `url:"some-id"`
Opts fleet.ListOptions `url:"list_options"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target", nil)
req = mux.SetURLVars(req, map[string]string{"some-id": "123"})
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
_, ok := decoded.(*universalStruct)
require.True(t, ok)
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
func TestUniversalDecoderOptionalQueryParams(t *testing.T) {
type universalStruct struct {
ID1 *uint `query:"some_id,optional"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target", nil)
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Nil(t, casted.ID1)
req = httptest.NewRequest("POST", "/target?some_id=321", nil)
decoded, err = decoder(context.Background(), req)
require.NoError(t, err)
casted, ok = decoded.(*universalStruct)
require.True(t, ok)
require.NotNil(t, casted.ID1)
assert.Equal(t, uint(321), *casted.ID1)
}
func TestUniversalDecoderOptionalQueryParamString(t *testing.T) {
type universalStruct struct {
ID1 *string `query:"some_val,optional"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target", nil)
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Nil(t, casted.ID1)
req = httptest.NewRequest("POST", "/target?some_val=321", nil)
decoded, err = decoder(context.Background(), req)
require.NoError(t, err)
casted, ok = decoded.(*universalStruct)
require.True(t, ok)
require.NotNil(t, casted.ID1)
assert.Equal(t, "321", *casted.ID1)
}
func TestUniversalDecoderOptionalQueryParamNotPtr(t *testing.T) {
type universalStruct struct {
ID1 string `query:"some_val,optional"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target", nil)
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, "", casted.ID1)
req = httptest.NewRequest("POST", "/target?some_val=321", nil)
decoded, err = decoder(context.Background(), req)
require.NoError(t, err)
casted, ok = decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, "321", casted.ID1)
}
func TestUniversalDecoderQueryAndListPlayNice(t *testing.T) {
type universalStruct struct {
ID1 *uint `query:"some_id"`
Opts fleet.ListOptions `url:"list_options"`
}
decoder := makeDecoder(universalStruct{})
req := httptest.NewRequest("POST", "/target?per_page=77&page=4&some_id=444", nil)
decoded, err := decoder(context.Background(), req)
require.NoError(t, err)
casted, ok := decoded.(*universalStruct)
require.True(t, ok)
assert.Equal(t, uint(77), casted.Opts.PerPage)
assert.Equal(t, uint(4), casted.Opts.Page)
require.NotNil(t, casted.ID1)
assert.Equal(t, uint(444), *casted.ID1)
}
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
type stringErrorer string
func (s stringErrorer) error() error { return nil }
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
func TestEndpointer(t *testing.T) {
r := mux.NewRouter()
ds := new(mock.Store)
ds.SessionByKeyFunc = func(ctx context.Context, key string) (*fleet.Session, error) {
return &fleet.Session{
ID: 3,
UserID: 42,
Key: key,
AccessedAt: time.Now(),
}, nil
}
ds.DestroySessionFunc = func(ctx context.Context, session *fleet.Session) error {
return nil
}
ds.MarkSessionAccessedFunc = func(ctx context.Context, session *fleet.Session) error {
return nil
}
ds.UserByIDFunc = func(ctx context.Context, id uint) (*fleet.User, error) {
return &fleet.User{GlobalRole: ptr.String(fleet.RoleAdmin)}, nil
}
ds.ListUsersFunc = func(ctx context.Context, opt fleet.UserListOptions) ([]*fleet.User, error) {
return []*fleet.User{{GlobalRole: ptr.String(fleet.RoleAdmin)}}, nil
}
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
svc, _ := newTestService(t, ds, nil, nil)
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
fleetAPIOptions := []kithttp.ServerOption{
kithttp.ServerBefore(
kithttp.PopulateRequestContext, // populate the request context with common fields
setRequestsContexts(svc),
),
kithttp.ServerErrorHandler(&errorHandler{kitlog.NewNopLogger()}),
kithttp.ServerErrorEncoder(encodeError),
kithttp.ServerAfter(
kithttp.SetContentType("application/json; charset=utf-8"),
logRequestEnd(kitlog.NewNopLogger()),
checkLicenseExpiration(svc),
),
}
Migrate host-authenticated endpoints to new pattern (#4403)
2022-03-07 18:10:55 +00:00
e := newUserAuthenticatedEndpointer(svc, fleetAPIOptions, r, "v1", "2021-11")
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
nopHandler := func(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
setAuthCheckedOnPreAuthErr(ctx)
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
return stringErrorer("nop"), nil
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
}
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
overrideHandler := func(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
Merge pull request from GHSA-pr2g-j78h-84cr * Fix access control issues with users * Fix access control issues with packs * Fix access control issues with software * Changes suggested by Martin * All users can access the global schedule * Restrict access to activities * Add explicit test for team admin escalation vuln * All global users should be able to read all software * Handbook editor pass - Security - GitHub Security (#5108) * Update security.md All edits are recorded by line: 395 replaced “open-source” with “open source” 411 replaced “open-source” with “open source” 439 added “the” before “comment”; replaced “repositories,” with “repositories” 445 deleted “being” before “located” 458 added “and” after “PR” 489 replaced “on” with “in” 493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges” * Update security.md line 479 * Update security.md added (static analysis tools used to identify problems in code) to line 479 * Fix UI * Fix UI * revert api v1 to latest in documentation (#5149) * revert api v1 to latest in documentation * Update fleetctl doc page Co-authored-by: Noah Talerman <noahtal@umich.edu> * Add team admin team policy automation; fix e2e * Update to company page of the handbook (#5164) Updated "Why do we use a wireframe-first approach?" section of company.md * removed extra data on smaller screens (#5154) * Update for team automations; e2e * Jira Integration: Cypress e2e tests only (#5055) * Update company.md (#5170) This is to update the formatting under "empathy" and to fix the spelling of "help text." This was done as per @mikermcneil . This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902 * fix update updated_at for aggregated_stats (#5112) Update the updated_at column when using ON DUPLICATE UPDATE so that the counts_updated_at is up to date * basic sql formatting in code ie whitespace around operators * Fix e2e test * Fix tests in server/authz Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com> Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com> Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com> Co-authored-by: Noah Talerman <noahtal@umich.edu> Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com> Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 17:27:30 +00:00
setAuthCheckedOnPreAuthErr(ctx)
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
return stringErrorer("override"), nil
Finish first draft of API versions (#3216) * Finish first draft of API versions * wip * Finalize tests * Revert change in handler * Remove made up version * Update versioning with aliases * Add changes file * Address review comments * Revert overupdated routes * Expand life time of deprecated APIs * Fix test * Comment out problematic part of test * Revert bad path changes
2021-12-21 15:23:12 +00:00
}
// Regular path, no plan to deprecate
e.GET("/api/_version_/fleet/path1", nopHandler, struct{}{})
// New path, we want it only available starting from the specified version
e.StartingAtVersion("2021-11").GET("/api/_version_/fleet/newpath", nopHandler, struct{}{})
// Path that was in v1, but was changed in 2021-11
e.EndingAtVersion("v1").GET("/api/_version_/fleet/overriddenpath", nopHandler, struct{}{})
e.StartingAtVersion("2021-11").GET("/api/_version_/fleet/overriddenpath", overrideHandler, struct{}{})
// Path that got deprecated
e.EndingAtVersion("v1").GET("/api/_version_/fleet/deprecated", nopHandler, struct{}{})
// Path that got deprecated but in the latest version
e.EndingAtVersion("2021-11").GET("/api/_version_/fleet/deprecated-soon", nopHandler, struct{}{})
// Aliasing works with versioning too
e.WithAltPaths("/api/_version_/fleet/something/{fff}").GET("/api/_version_/fleet/somethings/{fff}", nopHandler, struct{}{})
mustMatch := []struct {
method string
path string
overridden bool
}{
{method: "GET", path: "/api/v1/fleet/path1"},
{method: "GET", path: "/api/2021-11/fleet/path1"},
{method: "GET", path: "/api/latest/fleet/path1"},
{method: "GET", path: "/api/2021-11/fleet/newpath"},
{method: "GET", path: "/api/latest/fleet/newpath"},
{method: "GET", path: "/api/v1/fleet/deprecated"},
{method: "GET", path: "/api/v1/fleet/deprecated-soon"},
{method: "GET", path: "/api/2021-11/fleet/deprecated-soon"},
{method: "GET", path: "/api/latest/fleet/deprecated-soon"},
{method: "GET", path: "/api/v1/fleet/overriddenpath"},
{method: "GET", path: "/api/2021-11/fleet/overriddenpath", overridden: true},
{method: "GET", path: "/api/latest/fleet/overriddenpath", overridden: true},
{method: "GET", path: "/api/v1/fleet/something/aaa"},
{method: "GET", path: "/api/2021-11/fleet/something/aaa"},
{method: "GET", path: "/api/latest/fleet/something/aaa"},
{method: "GET", path: "/api/v1/fleet/somethings/aaa"},
{method: "GET", path: "/api/2021-11/fleet/somethings/aaa"},
{method: "GET", path: "/api/latest/fleet/somethings/aaa"},
}
mustNotMatch := []struct {
method string
path string
handler http.Handler
}{
{method: "POST", path: "/api/v1/fleet/path1"},
{method: "GET", path: "/api/v1/fleet/qwejoqiwejqiowehioqwe"},
{method: "GET", path: "/api/v1/qwejoqiwejqiowehioqwe"},
{method: "GET", path: "/api/v1/fleet/newpath"},
{method: "GET", path: "/api/2021-11/fleet/deprecated"},
{method: "GET", path: "/api/latest/fleet/deprecated"},
}
doesItMatch := func(method, path string, override bool) bool {
testURL := url.URL{Path: path}
request := http.Request{Method: method, URL: &testURL, Header: map[string][]string{"Authorization": {"Bearer asd"}}, Body: io.NopCloser(strings.NewReader(""))}
routeMatch := mux.RouteMatch{}
res := r.Match(&request, &routeMatch)
if routeMatch.Route != nil {
rec := httptest.NewRecorder()
routeMatch.Handler.ServeHTTP(rec, &request)
got := rec.Body.String()
if override {
require.Equal(t, "\"override\"\n", got)
} else {
require.Equal(t, "\"nop\"\n", got)
}
}
return res && routeMatch.MatchErr == nil && routeMatch.Route != nil
}
for _, route := range mustMatch {
require.True(t, doesItMatch(route.method, route.path, route.overridden), route)
}
for _, route := range mustNotMatch {
require.False(t, doesItMatch(route.method, route.path, false), route)
}
}
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
func TestEndpointerCustomMiddleware(t *testing.T) {
r := mux.NewRouter()
ds := new(mock.Store)
Refactor license so it is stored in the context (#8544)
2022-11-15 14:08:05 +00:00
svc, _ := newTestService(t, ds, nil, nil)
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
fleetAPIOptions := []kithttp.ServerOption{
kithttp.ServerBefore(
kithttp.PopulateRequestContext,
setRequestsContexts(svc),
),
kithttp.ServerErrorHandler(&errorHandler{kitlog.NewNopLogger()}),
kithttp.ServerErrorEncoder(encodeError),
kithttp.ServerAfter(
kithttp.SetContentType("application/json; charset=utf-8"),
logRequestEnd(kitlog.NewNopLogger()),
checkLicenseExpiration(svc),
),
}
var buf bytes.Buffer
e := newNoAuthEndpointer(svc, fleetAPIOptions, r, "v1")
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
e.GET("/none/", func(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
buf.WriteString("H1")
return nil, nil
}, nil)
e.WithCustomMiddleware(
func(e endpoint.Endpoint) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (response interface{}, err error) {
buf.WriteString("A")
return e(ctx, request)
}
},
func(e endpoint.Endpoint) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (response interface{}, err error) {
buf.WriteString("B")
return e(ctx, request)
}
},
func(e endpoint.Endpoint) endpoint.Endpoint {
return func(ctx context.Context, request interface{}) (response interface{}, err error) {
buf.WriteString("C")
return e(ctx, request)
}
},
).
Set interface for response types (#9121) * Set interface for response types * Fix TestEndpointer test
2022-12-27 14:26:59 +00:00
GET("/mw/", func(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
Migrate special-case endpoints to new pattern (#4511)
2022-03-08 16:27:38 +00:00
buf.WriteString("H2")
return nil, nil
}, nil)
req := httptest.NewRequest("GET", "/none/", nil)
var m1 mux.RouteMatch
require.True(t, r.Match(req, &m1))
rec := httptest.NewRecorder()
m1.Handler.ServeHTTP(rec, req)
require.Equal(t, "H1", buf.String())
buf.Reset()
req = httptest.NewRequest("GET", "/mw/", nil)
var m2 mux.RouteMatch
require.True(t, r.Match(req, &m2))
rec = httptest.NewRecorder()
m2.Handler.ServeHTTP(rec, req)
require.Equal(t, "ABCH2", buf.String())
}
add browser-related security headers to HTML responses (#8180) related to #8031, this adds the following headers to HTML responses: - Strict-Transport-Security: informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. - X-Frames-Options: disallows embedding the UI in other sites via <frame>, <iframe>, <embed> or <object>, which can prevent attacks like clickjacking. - X-Content-Type-Options: prevents browsers from trying to guess the MIME type which can cause browsers to transform non-executable content into executable content. - Referrer-Policy: prevents leaking the origin of the referrer in the Referer. additionally, this ensures we set `X-Content-Type-Options` for CSV and installer responses.
2022-10-12 13:19:21 +00:00
func TestWriteBrowserSecurityHeaders(t *testing.T) {
w := httptest.NewRecorder()
writeBrowserSecurityHeaders(w)
headers := w.Header()
require.Equal(
t,
http.Header{
"X-Content-Type-Options": {"nosniff"},
"X-Frame-Options": {"SAMEORIGIN"},
"Strict-Transport-Security": {"max-age=31536000; includeSubDomains;"},
"Referrer-Policy": {"strict-origin-when-cross-origin"},
},
headers,
)
}
Reference in New Issue Copy Permalink