-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added request validation for urls with and without ports #491
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -75,6 +75,61 @@ describe('Request validation', () => { | |
|
||
expect(isValid).toBeFalsy(); | ||
}); | ||
|
||
it('should validate https urls with ports by stripping them', () => { | ||
const requestUrlWithPort = requestUrl.replace('.com', '.com:1234'); | ||
const isValid = validateRequest(token, defaultSignature, requestUrlWithPort, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate http urls with ports', () => { | ||
let requestUrlWithPort = requestUrl.replace('.com', '.com:1234'); | ||
requestUrlWithPort = requestUrlWithPort.replace('https', 'http'); | ||
const signature = 'Zmvh+3yNM1Phv2jhDCwEM3q5ebU='; // hash of http url with port 1234 | ||
const isValid = validateRequest(token, signature, requestUrlWithPort, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate https urls without ports by adding standard port 443', () => { | ||
const signature = 'kvajT1Ptam85bY51eRf/AJRuM3w='; // hash of https url with port 443 | ||
const isValid = validateRequest(token, signature, requestUrl, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate http urls without ports by adding standard port 80', () => { | ||
const requestUrlHttp = requestUrl.replace('https', 'http'); | ||
const signature = '0ZXoZLH/DfblKGATFgpif+LLRf4='; // hash of http url with port 80 | ||
const isValid = validateRequest(token, signature, requestUrlHttp, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate urls with credentials', () => { | ||
const urlWithCreds = 'https://user:[email protected]/myapp.php?foo=1&bar=2'; | ||
const signature = 'CukzLTc1tT5dXEDIHm/tKBanW10='; // hash of this url | ||
const isValid = validateRequest(token, signature, urlWithCreds, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate urls with just username', () => { | ||
const urlWithCreds = 'https://[email protected]/myapp.php?foo=1&bar=2'; | ||
const signature = '2YRLlVAflCqxaNicjMpJcSTgzSs='; // hash of this url | ||
const isValid = validateRequest(token, signature, urlWithCreds, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
|
||
it('should validate urls with credentials by adding port', () => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This appears to be the same as the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This one ensures standard ports are added to the URL for validation. Note the expected signatures of these two tests are different, but they both pass. |
||
const urlWithCreds = 'https://user:[email protected]/myapp.php?foo=1&bar=2'; | ||
const signature = 'ZQFR1PTIZXF2MXB8ZnKCvnnA+rI='; // hash of this url with port 443 | ||
const isValid = validateRequest(token, signature, urlWithCreds, defaultParams); | ||
|
||
expect(isValid).toBeTruthy(); | ||
}); | ||
}); | ||
|
||
describe('Request validation middleware', () => { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should add a case for the gopher protocol (:
https://nodejs.org/api/url.html#url_url_port