mirror of
https://github.com/TwiN/gatus.git
synced 2026-03-24 07:40:06 +00:00
fix(security): Do not allow invalid security configs (#1531)
* fix: Do not allow invalid security configs * test: Fix empty security config test * test: Add missing security config test scenarios
This commit is contained in:
PythonGermany
@@ -28,7 +28,7 @@ type Config struct {
|
|||||||
|
|
||||||
// ValidateAndSetDefaults returns whether the security configuration is valid or not and sets default values.
|
// ValidateAndSetDefaults returns whether the security configuration is valid or not and sets default values.
|
||||||
func (c *Config) ValidateAndSetDefaults() bool {
|
func (c *Config) ValidateAndSetDefaults() bool {
|
||||||
return (c.Basic != nil && c.Basic.isValid()) || (c.OIDC != nil && c.OIDC.ValidateAndSetDefaults())
|
return (c.Basic == nil || c.Basic.isValid()) && (c.OIDC == nil || c.OIDC.ValidateAndSetDefaults())
|
||||||
}
|
}
|
||||||
|
|
||||||
// RegisterHandlers registers all handlers required based on the security configuration
|
// RegisterHandlers registers all handlers required based on the security configuration
|
||||||
|
|||||||
@@ -10,12 +10,82 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestConfig_ValidateAndSetDefaults(t *testing.T) {
|
func TestConfig_ValidateAndSetDefaults(t *testing.T) {
|
||||||
c := &Config{
|
validBasicConfig := &BasicConfig{
|
||||||
Basic: nil,
|
Username: "test",
|
||||||
OIDC: nil,
|
PasswordBcryptHashBase64Encoded: "somevalue",
|
||||||
}
|
}
|
||||||
if c.ValidateAndSetDefaults() {
|
validOIDCConfig := &OIDCConfig{
|
||||||
t.Error("expected empty config to be valid")
|
IssuerURL: "testurl",
|
||||||
|
RedirectURL: "testredirecturl/authorization-code/callback",
|
||||||
|
ClientID: "testid",
|
||||||
|
ClientSecret: "testsecret",
|
||||||
|
Scopes: []string{"testscope"},
|
||||||
|
}
|
||||||
|
|
||||||
|
type Scenario struct {
|
||||||
|
Name string
|
||||||
|
Config *Config
|
||||||
|
ExpectValid bool
|
||||||
|
}
|
||||||
|
scenarios := []Scenario{
|
||||||
|
{
|
||||||
|
Name: "empty",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: nil,
|
||||||
|
OIDC: nil,
|
||||||
|
},
|
||||||
|
ExpectValid: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "empty-basic",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: &BasicConfig{},
|
||||||
|
OIDC: nil,
|
||||||
|
},
|
||||||
|
ExpectValid: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "empty-oidc",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: nil,
|
||||||
|
OIDC: &OIDCConfig{},
|
||||||
|
},
|
||||||
|
ExpectValid: false,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "valid-basic-only",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: validBasicConfig,
|
||||||
|
OIDC: nil,
|
||||||
|
},
|
||||||
|
ExpectValid: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "valid-oidc-only",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: nil,
|
||||||
|
OIDC: validOIDCConfig,
|
||||||
|
},
|
||||||
|
ExpectValid: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Name: "valid-basic-and-oidc",
|
||||||
|
Config: &Config{
|
||||||
|
Basic: validBasicConfig,
|
||||||
|
OIDC: validOIDCConfig,
|
||||||
|
},
|
||||||
|
ExpectValid: true,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, scenario := range scenarios {
|
||||||
|
t.Run(scenario.Name, func(t *testing.T) {
|
||||||
|
isValid := scenario.Config.ValidateAndSetDefaults()
|
||||||
|
if isValid && !scenario.ExpectValid {
|
||||||
|
t.Errorf("scenario %s: expected config to be invalid", scenario.Name)
|
||||||
|
} else if !isValid && scenario.ExpectValid {
|
||||||
|
t.Errorf("scenario %s: expected config to be valid", scenario.Name)
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user