walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Redirecting http to https

Browse Source 
Signed-off-by: Walamana <joniogerg@gmail.com>
This commit is contained in:
Walamana
2017-11-27 18:27:05 +01:00
parent 96500de584
commit c056d02790
63 changed files with 4077 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
node_modules/express-force-ssl/test/http.js generated vendored Normal file
View File

@@ -0,0 +1,140 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ httpPort: 8080, httpsPort: 8443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test standard HTTP behavior.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should receive a 301 redirect on "SSL Only" endpoint.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should end up at secure endpoint on "SSL Only" endpoint.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
/*
I think these next two tests are completely redundant, but someone once opened an issue about this
because they incorrectly configured their express server, so I had to write tests against his use case
to prove this isn't actually a problem.
*/
it('Should receive a 301 redirect on a deeply nested "SSL Only" endpoint.', function(done){
var id = 12983498;
var originalDestination = baseurl + '/ssl/nested/route/' + id;
var expectedDestination = secureBaseurl + '/ssl/nested/route/' + id;
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should end up at secure endpoint on a deeply nested "SSL Only" endpoint.', function(done){
var id = 233223625745;
var originalDestination = baseurl + '/ssl/nested/route/' + id;
var expectedDestination = secureBaseurl + '/ssl/nested/route/' + id;
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should successfully POST data to non "SSL Only" endpoint.', function(done){
var destination = baseurl + '/echo';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

102
node_modules/express-force-ssl/test/https-disable-301s.js generated vendored Normal file
View File

@@ -0,0 +1,102 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ enable301Redirects: false, httpPort: 8090, httpsPort: 10443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test HTTPS behavior when 301 redirects are disabled.', function() {
it('Should be able to get to SSL pages with no issue', function (done) {
var sslEndpoint = secureBaseurl + '/ssl';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTPS only.');
done();
});
});
it('Non ssl pages should continue to work normally', function (done) {
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should receive a 403 error on "SSL Only" endpoint when accessed insecurely.', function (done) {
var originalEndpoint = baseurl + '/ssl';
request.get({
url: originalEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
it('Should successfully POST data to non "SSL Only" endpoint.', function (done) {
var destination = baseurl + '/echo';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint.', function (done) {
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

63
node_modules/express-force-ssl/test/https.js generated vendored Normal file
View File

@@ -0,0 +1,63 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, secureBaseurl
, SSLRequiredErrorText
;
before(function () {
server = require('./server')({ httpPort: 8086, httpsPort: 6443 });
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
});
describe('Test standard HTTPS behavior.', function() {
it('Should have no redirection from SSL on non "SSL Only" endpoint.', function (done) {
request.get({
url: secureBaseurl,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTP and HTTPS.');
done();
});
});
it('Should have no redirection from SSL on "SSL Only" endpoint.', function (done) {
request.get({
url: secureBaseurl + '/ssl',
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(body).to.equal('HTTPS only.');
done();
});
});
it('Should successfully POST to an "SSL Only" endpoint.', function(done){
var destination = secureBaseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: false,
strictSSL: false,
form: postData
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
});

21
node_modules/express-force-ssl/test/keys/localhost.crt generated vendored Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDeDCCAmACCQC+YKNm0V1QRTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJV
UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJSG9sbHl3b29kMSUwIwYD
VQQKExxleHByZXNzLWJhdHRsZW5ldC1vYXV0aC10ZXN0MQswCQYDVQQLEwJJVDES
MBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDgyODE3NDMyMFoXDTE3MDYxNzE3NDMy
MFowfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
CUhvbGx5d29vZDElMCMGA1UEChMcZXhwcmVzcy1iYXR0bGVuZXQtb2F1dGgtdGVz
dDELMAkGA1UECxMCSVQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALWbWCg0evxLwD5Z1lmV9GJQkcBJkCY3yZNU2fvx
LcK+1PVo0a0aHjXPaBlaU5y3xgazPtU7T6H+DKgW5tKVPPcZsiIje8vwH/mE5U3I
IzmaxPJZPvpErCHSx9Ite4J7mrt2WcIAy95wjiu1//KkpHxpI11noTh87+6QqxV5
YZH2L0plHp5IzNJHdb8crvOEsV01g3ymjthQY9OXQHZm9+vHG3EjVzHB41Bh3Mk9
nq5cCUef10yHbTW8jusyf58CBO4y+ofYs7dlQjPpzmddpFYoIkjWspZWy+w/6+nP
VTkyNZr8jnAhNbjSdbZezpuq8qoCHoCK6XHPecrtJH9ToyECAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAE9+sbbiwLCPRwG24B4KB3eJ+IblNNsBJfvCuYneuyi1pWwCU
6BBotEWENFlIoUXO/yTR/uDvMfcvs5YmarIu3Suj5+qf0rL0b42317uGFvYBsVIA
0uG8/rFP8HyUCfKLZL2NvLkG1EaywlCW2MnfD6U6haTCUaAkaIpy6hHOU1P+dMDI
OuNyG6wdeujlx2WWyag7uqr5YeKpVEpmEZUa2Dr2O0aEIU3OByuxYY8/1fwbWkbC
GuOP88J/t6Ahs1DcqYsX+aE8OvMnEL6hhd1UqOUC2jh6DkxIxsQqakSRYb8PcSdL
3+5RREr8os2Futi06PR5+r67Hva/k+oaysAN+g==
-----END CERTIFICATE-----

17
node_modules/express-force-ssl/test/keys/localhost.csr generated vendored Normal file
View File

@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICwzCCAasCAQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EjAQBgNVBAcTCUhvbGx5d29vZDElMCMGA1UEChMcZXhwcmVzcy1iYXR0bGVuZXQt
b2F1dGgtdGVzdDELMAkGA1UECxMCSVQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWbWCg0evxLwD5Z1lmV9GJQkcBJ
kCY3yZNU2fvxLcK+1PVo0a0aHjXPaBlaU5y3xgazPtU7T6H+DKgW5tKVPPcZsiIj
e8vwH/mE5U3IIzmaxPJZPvpErCHSx9Ite4J7mrt2WcIAy95wjiu1//KkpHxpI11n
oTh87+6QqxV5YZH2L0plHp5IzNJHdb8crvOEsV01g3ymjthQY9OXQHZm9+vHG3Ej
VzHB41Bh3Mk9nq5cCUef10yHbTW8jusyf58CBO4y+ofYs7dlQjPpzmddpFYoIkjW
spZWy+w/6+nPVTkyNZr8jnAhNbjSdbZezpuq8qoCHoCK6XHPecrtJH9ToyECAwEA
AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBmUj7lzaQpYuRHGRlwmRs52rLZzsNmqcBQ
7/E7QrMKeRYHOuhOJPTvbNbYdDuR9zHenTxJvp2C3Ufw7cl0XoH0swUSu1nix+E3
Wx8TnsDzSkE3dwEgdT4mXD77Ei9FvVOPGZdJkiPvUAeICprI+RhAwMEBpMKGEr57
6stYK+tyQ/FN7WKsRN+tUq7Kjs4+645x45lIwiGqkfDhjjA1GcYkRd9J+Eo+JtNo
NRcLFd+KRatCN0RL5HqBPHBSYd9/WtPJbKujNHU+a3KEoxKPATg8E9Lgs69s6TZP
io5ZcfppFGy/67JtN5LTwH8h0/kQsNV4pJV2NtzhrKx4NfnGUavK
-----END CERTIFICATE REQUEST-----

27
node_modules/express-force-ssl/test/keys/localhost.key generated vendored Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtZtYKDR6/EvAPlnWWZX0YlCRwEmQJjfJk1TZ+/Etwr7U9WjR
rRoeNc9oGVpTnLfGBrM+1TtPof4MqBbm0pU89xmyIiN7y/Af+YTlTcgjOZrE8lk+
+kSsIdLH0i17gnuau3ZZwgDL3nCOK7X/8qSkfGkjXWehOHzv7pCrFXlhkfYvSmUe
nkjM0kd1vxyu84SxXTWDfKaO2FBj05dAdmb368cbcSNXMcHjUGHcyT2erlwJR5/X
TIdtNbyO6zJ/nwIE7jL6h9izt2VCM+nOZ12kVigiSNayllbL7D/r6c9VOTI1mvyO
cCE1uNJ1tl7Om6ryqgIegIrpcc95yu0kf1OjIQIDAQABAoIBAAxqx7dQB0yy3T0m
JVrQvvnt6llMble+nsC9H35zeh6Dr8nr1dJRI9moCcUaAPeJNTgGD3jC6mn4FeN0
VWn2nEmE70IYTQGftH/6DzenRIlOxMKRSZYRFffmEpWTWIuOagEBUZfLOCVIauAg
PJTZnwmGos1jJYnYOQuFxrzcJMi2//5o4lzy9fCyGnVX1S1K2aVAsTKziZxj1mEI
6+QQJo+57tMGHrOZl6pJHWsfjd/DGeLtAA9PRstkzWUG3e+cVTlGH+Vr9f6foq44
TRWDKUcCzy8fKXhmguBiJkRmY6CjiWKbx0EZ5BV5js1jXvAwzcqrCBHxlZedZggI
EohelYUCgYEA2DUVjNBYoxBk/3C2ZLXi954ZzN0hEa/Pv8DLHn57448aoOVb/+H0
qzgfhibc/y6+pWearW7EERIfp3ZprcnRYkNGC9hc4aGP1ae4AOZfm0TkdpAYiTNc
3vV+PtI3iv6/qZPNktqk55jo6WMmw3MUfy66TwUYPUzZpXm6hdBUtOcCgYEA1wgB
qDV/G+T1w2gIy6IfPnQw/0UoHtcuRcJIrjlF0tc/KEf36tZwxHhr8i+ayBmU9HhH
Q46eZAq6KrVE9ysnyirDRllW8qxV5Go0A3ICnirL6jnWSzuOu9aIn4VcB8F+Xx2R
th7gCzRUBdgJWYJL9FcR86WhM+5my7kciRAq3rcCgYA1Zq8i75bk97iqavFx4Ibl
uBQRSJDRaIY8i2bf6ke5RfBCy0O06N9gpuUKYnD1SltmSTeoHJKq0Lomx5WEijOA
PLOBW3hddmUrVViaSExW8mYnbqHQyXHn0+TRqWR0nUVDojEFU6GlXlwwwP+jCLqI
S0dTGyQIiAG94FoUkQdLAwKBgQC6N4nP1PxN+NtIrSioyK6MFG12M7rJ8ol1CgqN
LrYkIBnm1WSCr9CapLq+0rEVRuozSJJWlAThGFUetTqTXoEn2B6iJq5gnBQKKlr+
/NX9iYxsPEgzgNFcJC7PDtujL9MzpdTRRi26Jkf5g5ydMnR6lojKWo6e/X9yP83R
ePnXQwKBgQCiHjWzMNRbeqjjWtaeb3Wv3QkKGZkwOgrOlqODZcZ4kNalDeh2Q4Ho
cWUsbG4ko8J6yWnnhzRxG2G5Q/W6rpzZWCNsazKaz5LI0svYjWFOyIUvNjO5giFx
udNcjnqrwql/F8xZK7YoiMuM6ltU03NY1lpUh/X4Gd3ThXnhr8DLRw==
-----END RSA PRIVATE KEY-----

82
node_modules/express-force-ssl/test/server/index.js generated vendored Normal file
View File

@@ -0,0 +1,82 @@
var bodyParser = require('body-parser')
, express = require('express')
, forceSSL = require('../../index')
, fs = require('fs')
, http = require('http')
, https = require('https')
;
module.exports = function (options) {
var ssl_options = {
key: fs.readFileSync('./test/keys/localhost.key'),
cert: fs.readFileSync('./test/keys/localhost.crt')
};
options = options || {};
var httpPort = options.httpPort || 8080;
var httpsPort = options.httpsPort || 8443;
delete options.httpPort;
var app = express();
/*
Allow for testing with POSTing of data
*/
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
var server = http.createServer(app);
var secureServer = https.createServer(ssl_options, app);
/*
Routes
*/
app.get('/', function (req, res) {
res.send('HTTP and HTTPS.');
});
app.get('/ssl', forceSSL, function (req, res) {
res.send('HTTPS only.');
});
app.get('/ssl/nested/route/:id', forceSSL, function (req, res) {
var host = req.headers.host.split(':');
var port = host.length > 1 ? host[1] : 'default port';
res.send('HTTPS Only. Port: ' + port + '. Got param of ' + req.params.id + '.');
});
app.post('/echo', function (req, res) {
res.json(req.body);
});
app.post('/sslEcho', forceSSL, function (req, res) {
res.json(req.body);
});
app.get('/override', function (req, res, next) {
res.locals.forceSSLOptions = {
enable301Redirects: false
};
next();
}, forceSSL, function (req, res) {
res.json(req.body);
});
//Old Usage
//app.set('httpsPort', httpsPort);
app.set('forceSSLOptions', options);
secureServer.listen(httpsPort);
server.listen(httpPort);
return {
secureServer: secureServer,
server: server,
app: app,
securePort: httpsPort,
port: httpPort,
options: options
};
};

91
node_modules/express-force-ssl/test/variable-overide.js generated vendored Normal file
View File

@@ -0,0 +1,91 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText = 'Custom SSL Required Message.'
;
before(function () {
server = require('./server')({
enable301Redirects: false,
httpPort: 8091,
httpsPort: 11443,
sslRequiredMessage: SSLRequiredErrorText
});
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
});
describe('Test HTTPS behavior when 301 redirects are disabled.', function () {
it('301 Redirect should be disabled by user setting', function (done) {
var endpoint = baseurl + '/ssl';
request.get({
url: endpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
done()
});
});
it('301 Redirect should be enabled by res.local setting', function (done) {
var sslEndpoint = secureBaseurl + '/override';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('301 Redirect should be enabled by res.local setting', function (done) {
var sslEndpoint = secureBaseurl + '/override';
request.get({
url: sslEndpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Custom error text test', function (done) {
var endpoint = baseurl + '/ssl';
request.get({
url: endpoint,
followRedirect: false,
strictSSL: false
}, function (error, response, body) {
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

133
node_modules/express-force-ssl/test/x-forwarded-proto-trusted.js generated vendored Normal file
View File

@@ -0,0 +1,133 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
, validHeader
, invalidHeader
;
before(function () {
server = require('./server')({ trustXFPHeader: true, httpPort: 8089, httpsPort: 9443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
validHeader = {
'X-Forwarded-Proto': 'https'
};
invalidHeader = {
'X-Forwarded-Proto': 'WrongProtocol'
};
});
describe('Test HTTPS behavior when X-Forwarded-Proto header exists and is trusted.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should not be redirected to SSL on "SSL Only" endpoint with valid X-Forwarded-Proto Header.', function(done){
var destination = baseurl + '/ssl';
request.get({
url: destination,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should get redirect to SSL on "SSL Only" endpoint with invalid X-Forwarded-Proto Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should get redirected to expected destination on "SSL Only" endpoint with invalid X-Forwarded-Proto ' +
'Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should successfully POST data to "SSL Only" endpoint with valid X-Forwarded-Proto Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: validHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(JSON.stringify(postData));
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with invalid X-Forwarded-Proto ' +
'Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: invalidHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});

136
node_modules/express-force-ssl/test/x-forwarded-proto.js generated vendored Normal file
View File

@@ -0,0 +1,136 @@
var chai = require('chai')
, expect = chai.expect
, request = require('request')
, server
, baseurl
, secureBaseurl
, SSLRequiredErrorText
, validHeader
, invalidHeader
;
before(function () {
server = require('./server')({ httpPort: 8087, httpsPort: 7443 });
baseurl = 'http://localhost:' + server.port;
secureBaseurl = 'https://localhost:' + server.securePort;
SSLRequiredErrorText = 'SSL Required.';
validHeader = {
'X-Forwarded-Proto': 'https'
};
invalidHeader = {
'X-Forwarded-Proto': 'WrongProtocol'
};
});
describe('Test HTTPS behavior when X-Forwarded-Proto header exists but is not trusted.', function(){
it('Should not be redirected to SSL on non "SSL Only" endpoint.', function(done){
request.get({
url: baseurl,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
done();
});
});
it('Should be redirected to SSL on "SSL Only" endpoint with valid but untrusted X-Forwarded-Proto Header.',
function(done){
var destination = baseurl + '/ssl';
request.get({
url: destination,
followRedirect: false,
strictSSL: false,
headers: validHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
done();
});
});
it('Should be redirect to SSL on "SSL Only" endpoint with invalid untrusted X-Forwarded-Proto Header.',
function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: false,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(301);
expect(response.headers.location).to.equal(expectedDestination);
done();
});
});
it('Should be redirected to expected destination on "SSL Only" endpoint with invalid untrusted X-Forwarded-Proto ' +
'Header.', function(done){
var originalDestination = baseurl + '/ssl';
var expectedDestination = secureBaseurl + '/ssl';
request.get({
url: originalDestination,
followRedirect: true,
strictSSL: false,
headers: invalidHeader
}, function (error, response){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(200);
expect(response.request.uri.href).to.equal(expectedDestination);
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with untrusted X-Forwarded-Proto Header.',
function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: validHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
it('Should receive 403 error when POSTing data to "SSL Only" endpoint with untrusted invalid X-Forwarded-Proto ' +
'Header.', function(done){
var destination = baseurl + '/sslEcho';
var postData = { key1: 'Keyboard.', key2: 'Cat.'};
request.post({
url: destination,
followRedirect: true,
strictSSL: false,
form: postData,
headers: invalidHeader
}, function(error, response, body){
//noinspection BadExpressionStatementJS
expect(error).to.not.exist;
expect(response.statusCode).to.equal(403);
expect(response.request.uri.href).to.equal(destination);
expect(body).to.equal(SSLRequiredErrorText);
done();
});
});
});