From 9a1a35fb784439c0d6fa71a25f1ad30eb21244e2 Mon Sep 17 00:00:00 2001
From: Bob Aman <bob@sporkmonger.com>
Date: Tue, 18 Sep 2018 15:26:10 -0700
Subject: [PATCH] Add tests for TLS verification checks

---
 internal/proxy/oauthproxy_test.go | 104 ++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)

diff --git a/internal/proxy/oauthproxy_test.go b/internal/proxy/oauthproxy_test.go
index 988fa1d8..3d949f2a 100644
--- a/internal/proxy/oauthproxy_test.go
+++ b/internal/proxy/oauthproxy_test.go
@@ -191,6 +191,110 @@ func TestNewReverseProxyHostname(t *testing.T) {
 
 }
 
+func TestNewReverseProxyTLSVerifyTrue(t *testing.T) {
+	type respStruct struct {
+		HandshakeComplete bool `json:"handshake-complete"`
+	}
+
+	to := httptest.NewTLSServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		body, err := json.Marshal(
+			// Doesn't really matter what's sent since we should 502
+			&respStruct{
+				HandshakeComplete: r.TLS.HandshakeComplete,
+			},
+		)
+		if err != nil {
+			t.Fatalf("expected to marshal json: %s", err)
+		}
+		rw.Write(body)
+	}))
+	defer to.Close()
+
+	toURL, err := url.Parse(to.URL)
+	if err != nil {
+		t.Fatalf("expected to parse to url: %s", err)
+	}
+
+	reverseProxy := NewReverseProxy(toURL, &UpstreamConfig{TLSVerify: true})
+	from := httptest.NewServer(reverseProxy)
+	defer from.Close()
+
+	res, err := http.Get(from.URL)
+	if err != nil {
+		t.Fatalf("expected to be able to make req: %s", err)
+	}
+
+	if res.StatusCode != 502 {
+		t.Logf(" got status code: %v", res.StatusCode)
+		t.Logf("want status code: %d", 502)
+
+		t.Errorf("got unexpected response code for tls failure")
+	}
+	if res.Header.Get("Cookie") != "" {
+		t.Errorf("expected Cookie header to be empty but was %s", res.Header.Get("Cookie"))
+	}
+
+}
+
+func TestNewReverseProxyTLSVerifyFalse(t *testing.T) {
+	type respStruct struct {
+		HandshakeComplete bool `json:"handshake-complete"`
+	}
+
+	to := httptest.NewTLSServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		body, err := json.Marshal(
+			&respStruct{
+				HandshakeComplete: r.TLS.HandshakeComplete,
+			},
+		)
+		if err != nil {
+			t.Fatalf("expected to marshal json: %s", err)
+		}
+		rw.Write(body)
+	}))
+	defer to.Close()
+
+	toURL, err := url.Parse(to.URL)
+	if err != nil {
+		t.Fatalf("expected to parse to url: %s", err)
+	}
+
+	reverseProxy := NewReverseProxy(toURL, &UpstreamConfig{TLSVerify: false})
+	from := httptest.NewServer(reverseProxy)
+	defer from.Close()
+
+	want := &respStruct{
+		HandshakeComplete: true,
+	}
+
+	res, err := http.Get(from.URL)
+	if err != nil {
+		t.Fatalf("expected to be able to make req: %s", err)
+	}
+
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		t.Fatalf("expected to read body: %s", err)
+	}
+
+	got := &respStruct{}
+	err = json.Unmarshal(body, got)
+	if err != nil {
+		t.Fatalf("expected to decode json: %s", err)
+	}
+
+	if !reflect.DeepEqual(want, got) {
+		t.Logf(" got handshake complete: %v", got.HandshakeComplete)
+		t.Logf("want handshake complete: %v", want.HandshakeComplete)
+
+		t.Errorf("got unexpected response for handshake complete")
+	}
+	if res.Header.Get("Cookie") != "" {
+		t.Errorf("expected Cookie header to be empty but was %s", res.Header.Get("Cookie"))
+	}
+
+}
+
 func TestDeleteSSOHeader(t *testing.T) {
 	testCases := []struct {
 		name                 string