diff options
author | George Goldberg <george@gberg.me> | 2018-02-13 13:35:52 +0000 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2018-02-13 13:46:01 +0000 |
commit | 5c101253c5987743cf1b3a8fe68814d748070622 (patch) | |
tree | e2632505d051e7d15d6daf974ed8ac92095f82fe /utils/api_test.go | |
parent | b7fc3d7d35ca4dd16097715a66463392a1dfaf0a (diff) | |
parent | d88d2bc2ed3aefa68b5ed2942f493ae42bb40bfa (diff) | |
download | chat-5c101253c5987743cf1b3a8fe68814d748070622.tar.gz chat-5c101253c5987743cf1b3a8fe68814d748070622.tar.bz2 chat-5c101253c5987743cf1b3a8fe68814d748070622.zip |
Merge branch 'master' into advanced-permissions-phase-1
Diffstat (limited to 'utils/api_test.go')
-rw-r--r-- | utils/api_test.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/utils/api_test.go b/utils/api_test.go new file mode 100644 index 000000000..5e41c7bfe --- /dev/null +++ b/utils/api_test.go @@ -0,0 +1,49 @@ +// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package utils + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "encoding/asn1" + "encoding/base64" + "math/big" + "net/http" + "net/http/httptest" + "net/url" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestRenderWebError(t *testing.T) { + r := httptest.NewRequest("GET", "http://foo", nil) + w := httptest.NewRecorder() + key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + require.NoError(t, err) + RenderWebError(w, r, http.StatusTemporaryRedirect, url.Values{ + "foo": []string{"bar"}, + }, key) + + resp := w.Result() + location, err := url.Parse(resp.Header.Get("Location")) + require.NoError(t, err) + require.NotEmpty(t, location.Query().Get("s")) + + type ecdsaSignature struct { + R, S *big.Int + } + var rs ecdsaSignature + s, err := base64.URLEncoding.DecodeString(location.Query().Get("s")) + require.NoError(t, err) + _, err = asn1.Unmarshal(s, &rs) + require.NoError(t, err) + + assert.Equal(t, "bar", location.Query().Get("foo")) + h := sha256.Sum256([]byte("/error?foo=bar")) + assert.True(t, ecdsa.Verify(&key.PublicKey, h[:], rs.R, rs.S)) +} |