hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3746 from manics/more-cors-tests

Browse Source 
Extra test_cors_check tests
This commit is contained in:
Min RK
2022-01-07 12:37:37 +01:00
committed by GitHub
parent 6815f30d36 2088a57ffe
commit a2ba55756d
1 changed files with 26 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
jupyterhub/tests/test_api.py
View File

@@ -98,27 +98,39 @@ async def test_post_content_type(app, content_type, status):
@mark.parametrize( @mark.parametrize(
"host, referer, status", "host, referer, extraheaders, status",
[ [
('$host', '$url', 200), ('$host', '$url', {}, 200),
(None, None, 200), (None, None, {}, 200),
(None, 'null', 403), (None, 'null', {}, 403),
(None, 'http://attack.com/csrf/vulnerability', 403), (None, 'http://attack.com/csrf/vulnerability', {}, 403),
('$host', {"path": "/user/someuser"}, 403), ('$host', {"path": "/user/someuser"}, {}, 403),
('$host', {"path": "{path}/foo/bar/subpath"}, 200), ('$host', {"path": "{path}/foo/bar/subpath"}, {}, 200),
# mismatch host # mismatch host
("mismatch.com", "$url", 403), ("mismatch.com", "$url", {}, 403),
# explicit host, matches # explicit host, matches
("fake.example", {"netloc": "fake.example"}, 200), ("fake.example", {"netloc": "fake.example"}, {}, 200),
# explicit port, matches implicit port # explicit port, matches implicit port
("fake.example:80", {"netloc": "fake.example"}, 200), ("fake.example:80", {"netloc": "fake.example"}, {}, 200),
# explicit port, mismatch # explicit port, mismatch
("fake.example:81", {"netloc": "fake.example"}, 403), ("fake.example:81", {"netloc": "fake.example"}, {}, 403),
# implicit ports, mismatch proto # implicit ports, mismatch proto
("fake.example", {"netloc": "fake.example", "scheme": "https"}, 403), ("fake.example", {"netloc": "fake.example", "scheme": "https"}, {}, 403),
# explicit ports, match
("fake.example:81", {"netloc": "fake.example:81"}, {}, 200),
# Test proxy defined headers taken into account by xheaders=True in
# https://github.com/jupyterhub/jupyterhub/blob/2.0.1/jupyterhub/app.py#L3065
(
"fake.example",
{"netloc": "fake.example", "scheme": "https"},
# note {"X-Forwarded-Proto": "https"} does not work
{'X-Scheme': 'https'},
200,
),
("fake.example", {"netloc": "fake.example"}, {'X-Scheme': 'https'}, 403),
], ],
) )
async def test_cors_check(request, app, host, referer, status): async def test_cors_check(request, app, host, referer, extraheaders, status):
url = ujoin(public_host(app), app.hub.base_url) url = ujoin(public_host(app), app.hub.base_url)
real_host = urlparse(url).netloc real_host = urlparse(url).netloc
if host == "$host": if host == "$host":
@@ -140,6 +152,7 @@ async def test_cors_check(request, app, host, referer, status):
headers['X-Forwarded-Host'] = host headers['X-Forwarded-Host'] = host
if referer is not None: if referer is not None:
headers['Referer'] = referer headers['Referer'] = referer
headers.update(extraheaders)
# add admin user # add admin user
user = find_user(app.db, 'admin') user = find_user(app.db, 'admin')