test: Add deterministic relative redirect tests

ory · Oct 21, 2021 · d2e69dc · d2e69dc
1 parent ffbe0ad
commit d2e69dc
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 0 deletions.
diff --git a/internal/testhelpers/selfservice.go b/internal/testhelpers/selfservice.go
@@ -197,3 +197,17 @@ func SelfServiceMakeHookRequest(t *testing.T, ts *httptest.Server, suffix string
 	require.NoError(t, err)
 	return res, string(body)
 }
+
+func GetSelfServiceRedirectLocation(t *testing.T, url string) string {
+	c := &http.Client{
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
+	}
+	req, err := http.NewRequest("GET", url, nil)
+	require.NoError(t, err)
+	res, err := c.Do(req)
+	require.NoError(t, err)
+	defer res.Body.Close()
+	return res.Header.Get("Location")
+}
diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
@@ -463,6 +463,14 @@ func TestFlowLifecycle(t *testing.T) {
 				assert.Contains(t, res.Request.URL.String(), loginTS.URL)
 			})
 		})
+		t.Run("case=relative redirect when self-service login ui is a relative URL", func(t *testing.T) {
+			reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceLoginUI, "/login-ts")
+			assert.Regexp(
+				t,
+				"^/login-ts.*$",
+				testhelpers.GetSelfServiceRedirectLocation(t, ts.URL+login.RouteInitBrowserFlow),
+			)
+		})
 	})
 }
 

diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go
@@ -158,6 +158,15 @@ func TestInitFlow(t *testing.T) {
 			res, _ := initAuthenticatedFlow(t, false, false)
 			assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh")
 		})
+		t.Run("case=relative redirect when self-service recovery ui is a relative URL", func(t *testing.T) {
+			reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRecoveryUI, "/recovery-ts")
+			assert.Regexp(
+				t,
+				"^/recovery-ts.*$",
+				testhelpers.GetSelfServiceRedirectLocation(t, publicTS.URL+recovery.RouteInitBrowserFlow),
+			)
+		})
+
 	})
 }
 

diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go
@@ -156,6 +156,14 @@ func TestInitFlow(t *testing.T) {
 			assert.Equal(t, http.StatusBadRequest, res.StatusCode)
 			assertx.EqualAsJSON(t, registration.ErrAlreadyLoggedIn, json.RawMessage(gjson.GetBytes(body, "error").Raw), "%s", body)
 		})
+		t.Run("case=relative redirect when self-service registration ui is a relative URL", func(t *testing.T) {
+			reg.Config(context.Background()).MustSet(config.ViperKeySelfServiceRegistrationUI, "/registration-ts")
+			assert.Regexp(
+				t,
+				"^/registration-ts.*$",
+				testhelpers.GetSelfServiceRedirectLocation(t, publicTS.URL+registration.RouteInitBrowserFlow),
+			)
+		})
 	})
 }