Finishing unit tests
This commit is contained in:
parent
b08ec4416c
commit
4b9ae1e081
132
cors_test.go
132
cors_test.go
@ -14,8 +14,26 @@ func init() {
|
|||||||
gin.SetMode(gin.TestMode)
|
gin.SetMode(gin.TestMode)
|
||||||
}
|
}
|
||||||
|
|
||||||
func performRequest(r http.Handler, method, path string) *httptest.ResponseRecorder {
|
func newTestRouter(config Config) *gin.Engine {
|
||||||
req, _ := http.NewRequest(method, path, nil)
|
router := gin.New()
|
||||||
|
router.Use(New(config))
|
||||||
|
router.GET("/", func(c *gin.Context) {
|
||||||
|
c.String(200, "get")
|
||||||
|
})
|
||||||
|
router.POST("/", func(c *gin.Context) {
|
||||||
|
c.String(200, "post")
|
||||||
|
})
|
||||||
|
router.PATCH("/", func(c *gin.Context) {
|
||||||
|
c.String(200, "patch")
|
||||||
|
})
|
||||||
|
return router
|
||||||
|
}
|
||||||
|
|
||||||
|
func performRequest(r http.Handler, method, origin string) *httptest.ResponseRecorder {
|
||||||
|
req, _ := http.NewRequest(method, "/", nil)
|
||||||
|
if len(origin) > 0 {
|
||||||
|
req.Header.Set("Origin", origin)
|
||||||
|
}
|
||||||
w := httptest.NewRecorder()
|
w := httptest.NewRecorder()
|
||||||
r.ServeHTTP(w, req)
|
r.ServeHTTP(w, req)
|
||||||
return w
|
return w
|
||||||
@ -164,10 +182,8 @@ func TestValidateOrigin(t *testing.T) {
|
|||||||
assert.False(t, cors.validateOrigin("google.com"))
|
assert.False(t, cors.validateOrigin("google.com"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPasses0(t *testing.T) {
|
func TestPassesAllowedOrigins(t *testing.T) {
|
||||||
called := false
|
router := newTestRouter(Config{
|
||||||
router := gin.New()
|
|
||||||
router.Use(New(Config{
|
|
||||||
AllowedOrigins: []string{"http://google.com"},
|
AllowedOrigins: []string{"http://google.com"},
|
||||||
AllowedMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
|
AllowedMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
|
||||||
AllowedHeaders: []string{"Content-type", "timeStamp "},
|
AllowedHeaders: []string{"Content-type", "timeStamp "},
|
||||||
@ -177,68 +193,78 @@ func TestPasses0(t *testing.T) {
|
|||||||
AllowOriginFunc: func(origin string) bool {
|
AllowOriginFunc: func(origin string) bool {
|
||||||
return origin == "http://github.com"
|
return origin == "http://github.com"
|
||||||
},
|
},
|
||||||
}))
|
|
||||||
router.GET("/", func(c *gin.Context) {
|
|
||||||
called = true
|
|
||||||
})
|
})
|
||||||
|
|
||||||
w := httptest.NewRecorder()
|
// no CORS request, origin == ""
|
||||||
req, _ := http.NewRequest("GET", "/", nil)
|
w := performRequest(router, "GET", "")
|
||||||
router.ServeHTTP(w, req)
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
assert.True(t, called)
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin")
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials")
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Expose-Headers")
|
|
||||||
|
|
||||||
called = false
|
// allowed CORS request
|
||||||
w = httptest.NewRecorder()
|
w = performRequest(router, "GET", "http://google.com")
|
||||||
req, _ = http.NewRequest("GET", "/", nil)
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
req.Header.Set("Origin", "http://google.com")
|
|
||||||
router.ServeHTTP(w, req)
|
|
||||||
assert.True(t, called)
|
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data, x-user")
|
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data, x-user")
|
||||||
|
|
||||||
called = false
|
// deny CORS request
|
||||||
w = httptest.NewRecorder()
|
w = performRequest(router, "GET", "https://google.com")
|
||||||
req, _ = http.NewRequest("GET", "/", nil)
|
assert.Equal(t, w.Code, 403)
|
||||||
req.Header.Set("Origin", "https://google.com")
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
router.ServeHTTP(w, req)
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.False(t, called)
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin")
|
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials")
|
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Expose-Headers")
|
|
||||||
|
|
||||||
called = false
|
// allowed CORS prefligh request
|
||||||
w = httptest.NewRecorder()
|
w = performRequest(router, "OPTIONS", "http://github.com")
|
||||||
req, _ = http.NewRequest("OPTIONS", "/", nil)
|
assert.Equal(t, w.Code, 200)
|
||||||
req.Header.Set("Origin", "http://github.com")
|
|
||||||
router.ServeHTTP(w, req)
|
|
||||||
assert.False(t, called)
|
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "get, post, put, head")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "get, post, put, head")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, timestamp")
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, timestamp")
|
||||||
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")
|
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")
|
||||||
|
|
||||||
called = false
|
// deny CORS prefligh request
|
||||||
w = httptest.NewRecorder()
|
w = performRequest(router, "OPTIONS", "http://example.com")
|
||||||
req, _ = http.NewRequest("OPTIONS", "/", nil)
|
assert.Equal(t, w.Code, 403)
|
||||||
req.Header.Set("Origin", "http://example.com")
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
router.ServeHTTP(w, req)
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
assert.False(t, called)
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Methods"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin")
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Headers"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials")
|
assert.Empty(t, w.Header().Get("Access-Control-Max-Age"))
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Methods")
|
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Allow-Headers")
|
|
||||||
assert.NotContains(t, w.Header(), "Access-Control-Max-Age")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPasses1(t *testing.T) {
|
func TestPassesAllowedAllOrigins(t *testing.T) {
|
||||||
|
router := newTestRouter(Config{
|
||||||
}
|
AllowAllOrigins: true,
|
||||||
|
AllowedMethods: []string{" Patch ", "get", "post", "POST"},
|
||||||
func TestPasses2(t *testing.T) {
|
AllowedHeaders: []string{"Content-type", " testheader "},
|
||||||
|
ExposedHeaders: []string{"Data2", "x-User2"},
|
||||||
|
AllowCredentials: false,
|
||||||
|
MaxAge: 10 * time.Hour,
|
||||||
|
})
|
||||||
|
|
||||||
|
// no CORS request, origin == ""
|
||||||
|
w := performRequest(router, "GET", "")
|
||||||
|
assert.Equal(t, w.Body.String(), "get")
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
|
||||||
|
|
||||||
|
// allowed CORS request
|
||||||
|
w = performRequest(router, "POST", "example.com")
|
||||||
|
assert.Equal(t, w.Body.String(), "post")
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data2, x-user2")
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
|
|
||||||
|
// allowed CORS prefligh request
|
||||||
|
w = performRequest(router, "OPTIONS", "https://facebook.com")
|
||||||
|
assert.Equal(t, w.Code, 200)
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "patch, get, post")
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, testheader")
|
||||||
|
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "36000")
|
||||||
|
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user