nsfwapp/backend/auth_passkey_test.go
2026-06-23 20:41:04 +02:00

33 lines
1.0 KiB
Go

package main
import (
"net/http"
"net/http/httptest"
"testing"
)
func TestRequestHostOriginAllowedAcceptsHTTPSFQDN(t *testing.T) {
r := httptest.NewRequest(http.MethodPost, "https://l14pbbk95100006.tegdssd.de:9999/api/auth/passkey/login/options", nil)
if !requestHostOriginAllowed("https://l14pbbk95100006.tegdssd.de:9999", r) {
t.Fatal("expected matching HTTPS request host origin to be allowed")
}
}
func TestRequestHostOriginAllowedRejectsDifferentHost(t *testing.T) {
r := httptest.NewRequest(http.MethodPost, "https://l14pbbk95100006.tegdssd.de:9999/api/auth/passkey/login/options", nil)
if requestHostOriginAllowed("https://evil.example:9999", r) {
t.Fatal("expected different origin host to be rejected")
}
}
func TestAuthAllowedRPOriginsIncludesConfiguredPublicURL(t *testing.T) {
t.Setenv("APP_PUBLIC_URL", "https://l14pbbk95100006.tegdssd.de:9999")
origins := authAllowedRPOrigins()
if !originIsAllowed("https://l14pbbk95100006.tegdssd.de:9999", origins) {
t.Fatalf("expected configured public URL in allowed origins: %#v", origins)
}
}