github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[server/csrf] update test to match new strategy

Browse source
This commit is contained in:
spalger 2015-11-09 22:28:41 -06:00
parent f19598a9a2
commit 2fb5a77fb3
3 changed files with 31 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/fixtures/localhost.cert
View file

@ -1,18 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIJAMP7l9ufr9h4MA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0xNTExMDkxNzE3MzNaFw0yNTExMDYxNzE3MzNaMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKaSVv2h6uEsPrUeJDvEsvZJg1oKDBX1eUoFJXNBC0uNGxwO/K3uNEJFtWNq
c0PJfZEY5Sg6Kpy3LdcVS0PZswSSyo1R71Jq1QN4qOHI9CYQD5o4qXz4ChEjy9MC
C8IgK+ntDifVAXgYTtz3O0NOPQlEHzHV+Iwg2VRpl4deqrWozjvvwYpA9a3hgGez
yJLiZDi07MPK93b5t7Ybwliuslu17wYIMUN1SzCfgLuwjAXOo1XX+jeUHw7gtQzi
VB907kan9PZ53ol64znYl7nvbhiSdpLIHC/28SKbbM4t4hcmOigJ0szNKT9c2GdF
Y+74qq0ckrwx08GWdp7lUggjkdMCAwEAAaNQME4wHQYDVR0OBBYEFDo5cgFdxOfQ
UK3yIw+wYi37DfNCMB8GA1UdIwQYMBaAFDo5cgFdxOfQUK3yIw+wYi37DfNCMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGWeY5GdesdRP5yfbMb+h/Dj
oaEwv4k+r6DSiufh6pnxbXrXmwXZHjwjroDTyrI1Fp5+OJmM67SJi5OtuGBkHoyt
8NE6G5D/hdouSUYL2lPPjRG6la3eYMUU+dGAbxIyVE/lsbWSzNC0soszLNXBZ3Yn
epsef/65H5Ot7uhe0WvrWOg1RmMhmH4zftEizwcNQCEi6LCgkGf2ltel4i1CAhsH
x7aI9KTm/m3RZYy4fm6k+vsI65kWX7vDx1odMdY4Kzf/lJlXC6tKhR9+blDjXdft
ull9PA9iBsI/YWZH6eYo1AlAxsAzylLgyIaoS0BdZ09ET56nX6pwLgSECezdeT8=
-----END CERTIFICATE-----

27
src/fixtures/localhost.key
View file

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAppJW/aHq4Sw+tR4kO8Sy9kmDWgoMFfV5SgUlc0ELS40bHA78
re40QkW1Y2pzQ8l9kRjlKDoqnLct1xVLQ9mzBJLKjVHvUmrVA3io4cj0JhAPmjip
fPgKESPL0wILwiAr6e0OJ9UBeBhO3Pc7Q049CUQfMdX4jCDZVGmXh16qtajOO+/B
ikD1reGAZ7PIkuJkOLTsw8r3dvm3thvCWK6yW7XvBggxQ3VLMJ+Au7CMBc6jVdf6
N5QfDuC1DOJUH3TuRqf09nneiXrjOdiXue9uGJJ2ksgcL/bxIptszi3iFyY6KAnS
zM0pP1zYZ0Vj7viqrRySvDHTwZZ2nuVSCCOR0wIDAQABAoIBACN3UTJbwWkERK3H
pytarEgoSuFm9j/Orm6GPf0WQlNpzfXhcweNim757K8oQTaTtjqotFImYGBR2F7N
V+MwfR9iKeKBKZXAzW4ZyMuaP/HCxa+ulNfY8DvKBWH+M4a31uHN6Y+tmMx7UH9X
3LRt+iz45jN0PaGIdP22Jd9a1roqyR7VihxH7OD0gph9CN4z8f0GifrHchyKFbV5
6pxNH87DpPSh+irBMoOFzi0ib4qUUBOm44g7Hcqq6ZgyHPARzTf6ly6IL2ESt5LA
8cbRqpRhmLpJE39+yUU5cfoCImpYoJdMhVfNyzFjdzjokLyoRd1QuFNfYre3cQHl
+g94APECgYEAzpCUprKpMUtagH7OT55NwD/y+qIvY/5s6UyQd+sQJ+IGhPPUxkcd
tZnuaEWuqzjHxN8GWlJbYeiUioy9d0smsYSz+WVe0cpE7dd9iqAiktYnOhplPRAs
FEjTxewRuBTgE3VGwrYgDAtvNY/nh9E+vtJ69bbyhy0cZwIG4kXRyJUCgYEAzm+J
LDNlQfckH3u1MpgaFfS2OP77JHDzgKuF7p7wLbhUF9baUKoEV/g2liaFcXVyG46T
2aosHczdwUjH+XIasrn1LBb4OxDZQ0EabUZawWQGiHYmz45p3yl/mn3KxgOvljTj
VwuAQhfiLU9adDf6rE+hnrTlqLF/S27NaYgWjscCgYEAzf6I/6Rz7eDDpBjRDb1E
tFARs7hBomp7mjzsZWpZdiyFa9jte7439n5HrlyvT7kUH1R6NWCkGQOj/ndUCr87
GxTHlhJteLFKBBY98By53c0K2XqxMzAJhUELT/mXwgevXjg6FLsjQl+0y6lyr5MQ
C6RDUv7a5csq4961lrkh9/ECgYAaeZl5DrpcxGpgk0gAzhsCV9kK5ECnQskn5leN
69pXsr0uNYLYN4XJFm9BwHz6uRpCSH3Tu4xe4ghKop/q8ORVqZ204tlBEf8bLf1K
qGw5Qy/HTofZtKUFVtgjoyBfVtetBullH3d6gn+iWfv6zbcbZDcRGJgfk2wE65fy
gd6KvwKBgQCR3CJErQ0RwEuvkPoq9pMYtFEVgacl7rs1u4fY0ZivcrdOHbDPUQOb
qKVnL65IOEkaMat+e3KT+977NpAOpIWR7p3f/ubFWTBXKhOjygYjSS+w1uNAFpgT
ClztVlXn0j+S/8Rwy3HeNSl1WHb4CAsaqaPLO1HiDUR5cisNI/avww==
-----END RSA PRIVATE KEY-----

86
src/server/http/__tests__/xsrf.js
View file

@ -6,12 +6,13 @@ import KbnServer from '../../KbnServer';
const nonDestructiveMethods = ['GET'];
const destructiveMethods = ['POST', 'PUT', 'DELETE'];
const fromFixture = resolve.bind(null, __dirname, '../../../fixtures/');
const src = resolve.bind(null, __dirname, '../../../../src');
describe('xsrf request filter', function () {
async function makeServer(token, ssl) {
async function makeServer(token) {
const kbnServer = new KbnServer({
server: { autoListen: false, ssl: ssl, xsrf: { token } },
server: { autoListen: false, xsrf: { token } },
plugins: { scanDirs: [src('plugins')] },
logging: { quiet: true },
optimize: { enabled: false },
});
@ -37,23 +38,19 @@ describe('xsrf request filter', function () {
return kbnServer;
}
context('with ssl', function () {
describe('issuing tokens', function () {
const token = 'secur3';
let kbnServer;
beforeEach(async () => {
kbnServer = await makeServer(undefined, {
cert: fromFixture('localhost.cert'),
key: fromFixture('localhost.key')
});
});
beforeEach(async () => kbnServer = await makeServer(token));
afterEach(async () => await kbnServer.close());
it('sets the secure cookie flag', async function () {
it('sends a token when rendering an app', async function () {
var resp = await kbnServer.inject({
method: 'GET',
url: '/xsrf/test/route',
url: '/app/kibana',
});
expect(resp.headers['set-cookie'][0]).to.match(/^XSRF-TOKEN=[^;]{512}; Secure; Path=\/$/);
expect(resp.payload).to.contain(`"xsrfToken":"${token}"`);
});
});
@ -65,10 +62,10 @@ describe('xsrf request filter', function () {
it('responds with a random token', async function () {
var resp = await kbnServer.inject({
method: 'GET',
url: '/xsrf/test/route',
url: '/app/kibana',
});
expect(resp.headers['set-cookie'][0]).to.match(/^XSRF-TOKEN=[^;]{512}; Path=\/$/);
expect(resp.payload).to.match(/"xsrfToken":".{512}"/);
});
});
@ -80,7 +77,7 @@ describe('xsrf request filter', function () {
for (const method of nonDestructiveMethods) {
context(`nonDestructiveMethod: ${method}`, function () { // eslint-disable-line no-loop-func
it('accepts requests without a token and sends it', async function () {
it('accepts requests without a token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method
@ -90,44 +87,36 @@ describe('xsrf request filter', function () {
expect(resp.payload).to.be('ok');
});
it('responds with the token to requests without a token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method
});
expect(resp.headers['set-cookie']).to.eql([`XSRF-TOKEN=${token}; Path=/`]);
});
it('does not respond with the token to requests with a token', async function () {
it('ignores invalid tokens', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method,
headers: {
'X-XSRF-TOKEN': token,
'kbn-xsrf-token': `invalid:${token}`,
},
});
expect(resp.headers).to.not.have.property('set-cookie');
});
it('does not respond with the token to requests that already have token in cookie', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method,
headers: {
'X-XSRF-TOKEN': token,
'cookie': `XSRF-TOKEN=${token}`
},
});
expect(resp.headers).to.not.have.property('set-cookie');
expect(resp.statusCode).to.be(200);
expect(resp.headers).to.not.have.property('kbn-xsrf-token');
});
});
}
for (const method of destructiveMethods) {
context(`destructiveMethod: ${method}`, function () { // eslint-disable-line no-loop-func
it('accepts requests with the correct token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method,
headers: {
'kbn-xsrf-token': token,
},
});
expect(resp.statusCode).to.be(200);
expect(resp.payload).to.be('ok');
});
it('rejects requests without a token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
@ -138,25 +127,12 @@ describe('xsrf request filter', function () {
expect(resp.payload).to.match(/"Missing XSRF token"/);
});
it('accepts requests with the correct token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method,
headers: {
'X-XSRF-TOKEN': token,
},
});
expect(resp.statusCode).to.be(200);
expect(resp.payload).to.be('ok');
});
it('rejects requests with an invalid token', async function () {
const resp = await kbnServer.inject({
url: '/xsrf/test/route',
method: method,
headers: {
'X-XSRF-TOKEN': `invalid:${token}`,
'kbn-xsrf-token': `invalid:${token}`,
},
});