diff options
| -rw-r--r-- | app/controllers/dashboard/controller_test.go | 46 | ||||
| -rw-r--r-- | app/middleware/require_user.go | 2 | ||||
| -rw-r--r-- | app/middleware/require_user_test.go | 6 | ||||
| -rw-r--r-- | pkg/web/cookie/new.go | 2 | ||||
| -rw-r--r-- | pkg/web/cookie/new_test.go | 2 |
5 files changed, 42 insertions, 16 deletions
diff --git a/app/controllers/dashboard/controller_test.go b/app/controllers/dashboard/controller_test.go index f6b2f43..30a9acc 100644 --- a/app/controllers/dashboard/controller_test.go +++ b/app/controllers/dashboard/controller_test.go @@ -18,26 +18,54 @@ func TestController(t *testing.T) { t.Run("GET /dashboard", func(t *testing.T) { t.Run("when unauthenticated", func(t *testing.T) { - t.Run("redirects to the home page", func(t *testing.T) { - r, w := test.RequestResponse("GET", "/dashboard") + r, w := test.RequestResponse("GET", "/dashboard") - mux.ServeHTTP(w, r) + mux.ServeHTTP(w, r) - require.Equal(t, http.StatusFound, w.Code) - assert.Equal(t, "/", w.Header().Get("Location")) + t.Run("redirects to the home page", func(t *testing.T) { + require.Equal(t, http.StatusNotFound, w.Code) }) }) t.Run("when authenticated", func(t *testing.T) { - t.Run("renders a dashboard page", func(t *testing.T) { - ctx := cfg.CurrentUser.With(t.Context(), &domain.User{}) - r, w := test.RequestResponse("GET", "/dashboard", test.WithContext(ctx)) + ctx := cfg.CurrentUser.With(t.Context(), &domain.User{}) + r, w := test.RequestResponse("GET", "/dashboard", test.WithContext(ctx)) + mux.ServeHTTP(w, r) - mux.ServeHTTP(w, r) + t.Run("renders a dashboard page", func(t *testing.T) { assert.Equal(t, http.StatusOK, w.Code) assert.Equal(t, "text/html", w.Header().Get("Content-Type")) assert.Contains(t, w.Body.String(), "<html") }) }) }) + + t.Run("GET /dashboard/nav", func(t *testing.T) { + t.Run("when unauthenticated", func(t *testing.T) { + r, w := test.RequestResponse("GET", "/dashboard/nav") + + mux.ServeHTTP(w, r) + + t.Run("renders the site header", func(t *testing.T) { + assert.Equal(t, http.StatusOK, w.Code) + assert.Equal(t, "text/html", w.Header().Get("Content-Type")) + assert.Contains(t, w.Body.String(), "Login") + }) + }) + + t.Run("when authenticated", func(t *testing.T) { + ctx := cfg.CurrentUser.With(t.Context(), &domain.User{ + Username: "root", + }) + r, w := test.RequestResponse("GET", "/dashboard/nav", test.WithContext(ctx)) + mux.ServeHTTP(w, r) + + t.Run("renders the site header", func(t *testing.T) { + assert.Equal(t, http.StatusOK, w.Code) + assert.Equal(t, "text/html", w.Header().Get("Content-Type")) + assert.Contains(t, w.Body.String(), "root") + }) + }) + }) + } diff --git a/app/middleware/require_user.go b/app/middleware/require_user.go index 8f54a04..d0d5355 100644 --- a/app/middleware/require_user.go +++ b/app/middleware/require_user.go @@ -10,7 +10,7 @@ func RequireUser() func(http.Handler) http.Handler { if IsLoggedIn(r) { next.ServeHTTP(w, r) } else { - http.Redirect(w, r, "/", http.StatusFound) + w.WriteHeader(http.StatusNotFound) } }) } diff --git a/app/middleware/require_user_test.go b/app/middleware/require_user_test.go index 794f347..92734b2 100644 --- a/app/middleware/require_user_test.go +++ b/app/middleware/require_user_test.go @@ -4,7 +4,6 @@ import ( "net/http" "testing" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" @@ -15,7 +14,7 @@ func TestRequireUser(t *testing.T) { middleware := RequireUser() t.Run("when a user is not logged in", func(t *testing.T) { - t.Run("redirects to the homepage", func(t *testing.T) { + t.Run("returns a 404 status", func(t *testing.T) { r, w := test.RequestResponse("GET", "/example") server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -23,8 +22,7 @@ func TestRequireUser(t *testing.T) { })) server.ServeHTTP(w, r) - require.Equal(t, http.StatusFound, w.Code) - assert.Equal(t, "/", w.Header().Get("Location")) + require.Equal(t, http.StatusNotFound, w.Code) }) }) diff --git a/pkg/web/cookie/new.go b/pkg/web/cookie/new.go index d762f4f..8c04dd6 100644 --- a/pkg/web/cookie/new.go +++ b/pkg/web/cookie/new.go @@ -17,7 +17,7 @@ func New(name, value string, options ...x.Option[*http.Cookie]) *http.Cookie { WithPath("/"), WithHttpOnly(true), WithSecure(true), - WithSameSite(http.SameSiteStrictMode), + WithSameSite(http.SameSiteDefaultMode), WithDomain(env.Fetch("HOST", "localhost")), ) return x.New[*http.Cookie](options...) diff --git a/pkg/web/cookie/new_test.go b/pkg/web/cookie/new_test.go index 84fac25..5c9e92c 100644 --- a/pkg/web/cookie/new_test.go +++ b/pkg/web/cookie/new_test.go @@ -14,6 +14,6 @@ func TestNew(t *testing.T) { assert.Equal(t, "sparkle.example.com", cookie.Domain) assert.True(t, cookie.HttpOnly) assert.True(t, cookie.Secure) - assert.Equal(t, http.SameSiteStrictMode, cookie.SameSite) + assert.Equal(t, http.SameSiteDefaultMode, cookie.SameSite) }) } |