dalu/cors
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Finishing unit tests

Browse Source
This commit is contained in:
Manu Mtz.-Almeida 2015-11-12 14:47:51 +01:00
parent b08ec4416c
commit 4b9ae1e081
1 changed files with 79 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
cors_test.go
View File

@ -14,8 +14,26 @@ func init() {
gin.SetMode(gin.TestMode) gin.SetMode(gin.TestMode)
} }
func performRequest(r http.Handler, method, path string) *httptest.ResponseRecorder { func newTestRouter(config Config) *gin.Engine {
req, _ := http.NewRequest(method, path, nil) router := gin.New()
router.Use(New(config))
router.GET("/", func(c *gin.Context) {
c.String(200, "get")
})
router.POST("/", func(c *gin.Context) {
c.String(200, "post")
})
router.PATCH("/", func(c *gin.Context) {
c.String(200, "patch")
})
return router
}
func performRequest(r http.Handler, method, origin string) *httptest.ResponseRecorder {
req, _ := http.NewRequest(method, "/", nil)
if len(origin) > 0 {
req.Header.Set("Origin", origin)
}
w := httptest.NewRecorder() w := httptest.NewRecorder()
r.ServeHTTP(w, req) r.ServeHTTP(w, req)
return w return w
@ -164,10 +182,8 @@ func TestValidateOrigin(t *testing.T) {
assert.False(t, cors.validateOrigin("google.com")) assert.False(t, cors.validateOrigin("google.com"))
} }
func TestPasses0(t *testing.T) { func TestPassesAllowedOrigins(t *testing.T) {
called := false router := newTestRouter(Config{
router := gin.New()
router.Use(New(Config{
AllowedOrigins: []string{"http://google.com"}, AllowedOrigins: []string{"http://google.com"},
AllowedMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"}, AllowedMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
AllowedHeaders: []string{"Content-type", "timeStamp "}, AllowedHeaders: []string{"Content-type", "timeStamp "},
@ -177,68 +193,78 @@ func TestPasses0(t *testing.T) {
AllowOriginFunc: func(origin string) bool { AllowOriginFunc: func(origin string) bool {
return origin == "http://github.com" return origin == "http://github.com"
}, },
}))
router.GET("/", func(c *gin.Context) {
called = true
}) })
w := httptest.NewRecorder() // no CORS request, origin == ""
req, _ := http.NewRequest("GET", "/", nil) w := performRequest(router, "GET", "")
router.ServeHTTP(w, req) assert.Equal(t, w.Body.String(), "get")
assert.True(t, called) assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin") assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials") assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
assert.NotContains(t, w.Header(), "Access-Control-Expose-Headers")
called = false // allowed CORS request
w = httptest.NewRecorder() w = performRequest(router, "GET", "http://google.com")
req, _ = http.NewRequest("GET", "/", nil) assert.Equal(t, w.Body.String(), "get")
req.Header.Set("Origin", "http://google.com")
router.ServeHTTP(w, req)
assert.True(t, called)
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com") assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true") assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data, x-user") assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data, x-user")
called = false // deny CORS request
w = httptest.NewRecorder() w = performRequest(router, "GET", "https://google.com")
req, _ = http.NewRequest("GET", "/", nil) assert.Equal(t, w.Code, 403)
req.Header.Set("Origin", "https://google.com") assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
router.ServeHTTP(w, req) assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
assert.False(t, called) assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin")
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials")
assert.NotContains(t, w.Header(), "Access-Control-Expose-Headers")
called = false // allowed CORS prefligh request
w = httptest.NewRecorder() w = performRequest(router, "OPTIONS", "http://github.com")
req, _ = http.NewRequest("OPTIONS", "/", nil) assert.Equal(t, w.Code, 200)
req.Header.Set("Origin", "http://github.com")
router.ServeHTTP(w, req)
assert.False(t, called)
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com") assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true") assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "get, post, put, head") assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "get, post, put, head")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, timestamp") assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, timestamp")
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200") assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")
called = false // deny CORS prefligh request
w = httptest.NewRecorder() w = performRequest(router, "OPTIONS", "http://example.com")
req, _ = http.NewRequest("OPTIONS", "/", nil) assert.Equal(t, w.Code, 403)
req.Header.Set("Origin", "http://example.com") assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
router.ServeHTTP(w, req) assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
assert.False(t, called) assert.Empty(t, w.Header().Get("Access-Control-Allow-Methods"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Origin") assert.Empty(t, w.Header().Get("Access-Control-Allow-Headers"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Credentials") assert.Empty(t, w.Header().Get("Access-Control-Max-Age"))
assert.NotContains(t, w.Header(), "Access-Control-Allow-Methods")
assert.NotContains(t, w.Header(), "Access-Control-Allow-Headers")
assert.NotContains(t, w.Header(), "Access-Control-Max-Age")
} }
func TestPasses1(t *testing.T) { func TestPassesAllowedAllOrigins(t *testing.T) {
router := newTestRouter(Config{
} AllowAllOrigins: true,
AllowedMethods: []string{" Patch ", "get", "post", "POST"},
func TestPasses2(t *testing.T) { AllowedHeaders: []string{"Content-type", " testheader "},
ExposedHeaders: []string{"Data2", "x-User2"},
AllowCredentials: false,
MaxAge: 10 * time.Hour,
})
// no CORS request, origin == ""
w := performRequest(router, "GET", "")
assert.Equal(t, w.Body.String(), "get")
assert.Empty(t, w.Header().Get("Access-Control-Allow-Origin"))
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
assert.Empty(t, w.Header().Get("Access-Control-Expose-Headers"))
// allowed CORS request
w = performRequest(router, "POST", "example.com")
assert.Equal(t, w.Body.String(), "post")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "data2, x-user2")
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
// allowed CORS prefligh request
w = performRequest(router, "OPTIONS", "https://facebook.com")
assert.Equal(t, w.Code, 200)
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "*")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "patch, get, post")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "content-type, testheader")
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "36000")
assert.Empty(t, w.Header().Get("Access-Control-Allow-Credentials"))
} }