Unit test for #2535
This commit is contained in:
parent
3b8222ae8a
commit
d287efb343
|
@ -24,7 +24,10 @@ my $client = LLNG::Manager::Test->new( {
|
||||||
ok(
|
ok(
|
||||||
$res = $client->_get(
|
$res = $client->_get(
|
||||||
'/',
|
'/',
|
||||||
query => 'url=aHR0cDovL3Rlc3QuZXhhbXBsZS5vcmcv',
|
query => buildForm( {
|
||||||
|
url => encodeUrl('http://test.example.org/'),
|
||||||
|
}
|
||||||
|
),
|
||||||
accept => 'text/html',
|
accept => 'text/html',
|
||||||
),
|
),
|
||||||
'Unauth CDA request'
|
'Unauth CDA request'
|
||||||
|
@ -44,10 +47,30 @@ ok(
|
||||||
'Post credentials'
|
'Post credentials'
|
||||||
);
|
);
|
||||||
count(1);
|
count(1);
|
||||||
|
my $id = expectCookie($res);
|
||||||
|
|
||||||
($query) =
|
($query) =
|
||||||
expectRedirection( $res, qr#^http://test.example.org/\?(lemonldapcda=.*)$# );
|
expectRedirection( $res, qr#^http://test.example.org/\?(lemonldapcda=.*)$# );
|
||||||
|
|
||||||
|
# Check URLs are correctly filtered
|
||||||
|
ok(
|
||||||
|
$res = $client->_get(
|
||||||
|
'/',
|
||||||
|
query => buildForm( {
|
||||||
|
url => encodeUrl(
|
||||||
|
'http://your-untrusted-domain.com/?attack=http://test.example.org/'
|
||||||
|
),
|
||||||
|
}
|
||||||
|
),
|
||||||
|
cookie => "lemonldap=$id",
|
||||||
|
accept => 'text/html',
|
||||||
|
),
|
||||||
|
'Dangerous request'
|
||||||
|
);
|
||||||
|
count(1);
|
||||||
|
|
||||||
|
expectPortalError( $res, 37, "Untrusted URL denied by portal" );
|
||||||
|
|
||||||
# Handler part
|
# Handler part
|
||||||
use_ok('Lemonldap::NG::Handler::Server');
|
use_ok('Lemonldap::NG::Handler::Server');
|
||||||
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
|
use_ok('Lemonldap::NG::Common::PSGI::Cli::Lib');
|
||||||
|
|
Loading…
Reference in New Issue
Block a user