From 557fd9ea187b1279b43ff63b94fedf2320aa3351 Mon Sep 17 00:00:00 2001 From: Daniel Schalla Date: Tue, 16 Oct 2018 16:51:46 +0200 Subject: Set default ciphers, set tls 1.2 via config, set curve prefs (#9315) Config Checks at StartUp Part1 Config Checks; Tests for TLS Server HSTS header implementation + tests make gofmt happy with new go version... make gofmt happy with new go version #2... fix logic bug fix typo Fix unnecessary code block --- web/handlers_test.go | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) (limited to 'web/handlers_test.go') diff --git a/web/handlers_test.go b/web/handlers_test.go index 0b9073fff..6b68a9987 100644 --- a/web/handlers_test.go +++ b/web/handlers_test.go @@ -13,7 +13,7 @@ import ( "github.com/stretchr/testify/assert" ) -func handlerForTest(c *Context, w http.ResponseWriter, r *http.Request) { +func handlerForHTTPErrors(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = model.NewAppError("loginWithSaml", "api.user.saml.not_available.app_error", nil, "", http.StatusFound) } @@ -25,7 +25,7 @@ func TestHandlerServeHTTPErrors(t *testing.T) { if err != nil { panic(err) } - handler := web.NewHandler(handlerForTest) + handler := web.NewHandler(handlerForHTTPErrors) var flagtests = []struct { name string @@ -57,3 +57,50 @@ func TestHandlerServeHTTPErrors(t *testing.T) { }) } } + +func handlerForHTTPSecureTransport(c *Context, w http.ResponseWriter, r *http.Request) { +} + +func TestHandlerServeHTTPSecureTransport(t *testing.T) { + a, err := app.New(app.StoreOverride(testStore), app.DisableConfigWatch) + defer a.Shutdown() + + a.UpdateConfig(func(config *model.Config) { + *config.ServiceSettings.TLSStrictTransport = true + *config.ServiceSettings.TLSStrictTransportMaxAge = 6000 + }) + + web := NewWeb(a, a.Srv.Router) + if err != nil { + panic(err) + } + handler := web.NewHandler(handlerForHTTPSecureTransport) + + request := httptest.NewRequest("GET", "/api/v4/test", nil) + + response := httptest.NewRecorder() + handler.ServeHTTP(response, request) + header := response.Header().Get("Strict-Transport-Security") + + if header == "" { + t.Errorf("Strict-Transport-Security expected but not existent") + } + + if header != "max-age=6000" { + t.Errorf("Expected max-age=6000, got %s", header) + } + + a.UpdateConfig(func(config *model.Config) { + *config.ServiceSettings.TLSStrictTransport = false + }) + + request = httptest.NewRequest("GET", "/api/v4/test", nil) + + response = httptest.NewRecorder() + handler.ServeHTTP(response, request) + header = response.Header().Get("Strict-Transport-Security") + + if header != "" { + t.Errorf("Strict-Transport-Security header is not expected, but returned") + } +} -- cgit v1.2.3-1-g7c22