Skip to content

Commit

Permalink
fix: remove HTTP method restrictions (#472)
Browse files Browse the repository at this point in the history
Closes #472 

Co-authored-by: hackerman <[email protected]>
  • Loading branch information
alekitto and aeneasr authored Jul 7, 2020
1 parent 6503aff commit bf8a888
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 24 deletions.
42 changes: 42 additions & 0 deletions rule/rule_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,45 @@ func TestRule1(t *testing.T) {
})
}
}

func TestRuleWithCustomMethod(t *testing.T) {
r := &Rule{
Match: &Match{
Methods: []string{"CUSTOM"},
URL: "https://localhost/users/<(?!admin).*>",
},
}

var tests = []struct {
method string
url string
expectedMatch bool
expectedErr error
}{
{
method: "CUSTOM",
url: "https://localhost/users/manager",
expectedMatch: true,
expectedErr: nil,
},
{
method: "CUSTOM",
url: "https://localhost/users/1234?key=value&key1=value1",
expectedMatch: true,
expectedErr: nil,
},
{
method: "DELETE",
url: "https://localhost/users/admin",
expectedMatch: false,
expectedErr: nil,
},
}
for ind, tcase := range tests {
t.Run(string(ind), func(t *testing.T) {
matched, err := r.IsMatching(configuration.Regexp, tcase.method, mustParse(t, tcase.url))
assert.Equal(t, tcase.expectedMatch, matched)
assert.Equal(t, tcase.expectedErr, err)
})
}
}
20 changes: 0 additions & 20 deletions rule/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,13 @@ import (
"github.com/asaskevich/govalidator"
"github.com/pkg/errors"

"github.com/ory/go-convenience/stringslice"
"github.com/ory/herodot"

"github.com/ory/oathkeeper/pipeline/authn"
"github.com/ory/oathkeeper/pipeline/authz"
pe "github.com/ory/oathkeeper/pipeline/errors"
"github.com/ory/oathkeeper/pipeline/mutate"
)

var methods = []string{
"GET",
"POST",
"PUT",
"HEAD",
"DELETE",
"PATCH",
"OPTIONS",
"TRACE",
"CONNECT",
}

type validatorRegistry interface {
authn.Registry
authz.Registry
Expand Down Expand Up @@ -143,12 +129,6 @@ func (v *ValidatorDefault) Validate(r *Rule) error {
return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "match.url" field is not a valid url.`, r.Match.URL))
}

for _, m := range r.Match.Methods {
if !stringslice.Has(methods, m) {
return errors.WithStack(herodot.ErrInternalServerError.WithReasonf(`Value "%s" of "match.methods" is not a valid HTTP method, valid methods are: %v`, m, methods))
}
}

if r.Upstream.URL == "" {
// Having no upstream URL is fine here because the judge does not need an upstream!
} else if !govalidator.IsURL(r.Upstream.URL) {
Expand Down
14 changes: 10 additions & 4 deletions rule/validator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,6 @@ func TestValidateRule(t *testing.T) {
r: &Rule{Match: &Match{}},
expectErr: `Value "" of "match.url" field is not a valid url.`,
},
{
r: &Rule{Match: &Match{URL: "https://www.ory.sh", Methods: []string{"FOO"}}},
expectErr: `Value "FOO" of "match.methods" is not a valid HTTP method, valid methods are:`,
},
{
r: &Rule{
Match: &Match{URL: "https://www.ory.sh", Methods: []string{"POST"}},
Expand Down Expand Up @@ -139,6 +135,16 @@ func TestValidateRule(t *testing.T) {
Mutators: []Handler{{Handler: "noop"}},
},
},
{
setup: prep(true, true, true),
r: &Rule{
Match: &Match{URL: "https://www.ory.sh", Methods: []string{"MKCOL"}},
Upstream: Upstream{URL: "https://www.ory.sh"},
Authenticators: []Handler{{Handler: "noop"}},
Authorizer: Handler{Handler: "allow"},
Mutators: []Handler{{Handler: "noop"}},
},
},
{
setup: prep(true, true, false),
r: &Rule{
Expand Down

0 comments on commit bf8a888

Please sign in to comment.