projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into origin-8019-crunchrun-log-throttle
[arvados.git] / services / keep-web / handler_test.go
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index b3e17e8b61db0a4f3dd88b48ae82e3c6f6579673..57ac2190c4cfe9d3a75278cce1c38b3a282eff89 100644 (file)
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -18,6 +18,66 @@ var _ = check.Suite(&UnitSuite{})
 
 type UnitSuite struct{}
 
+func (s *UnitSuite) TestCORSPreflight(c *check.C) {
+       h := handler{Config: &Config{}}
+       u, _ := url.Parse("http://keep-web.example/c=" + arvadostest.FooCollection + "/foo")
+       req := &http.Request{
+               Method:     "OPTIONS",
+               Host:       u.Host,
+               URL:        u,
+               RequestURI: u.RequestURI(),
+               Header: http.Header{
+                       "Origin":                        {"https://workbench.example"},
+                       "Access-Control-Request-Method": {"POST"},
+               },
+       }
+
+       // Check preflight for an allowed request
+       resp := httptest.NewRecorder()
+       h.ServeHTTP(resp, req)
+       c.Check(resp.Code, check.Equals, http.StatusOK)
+       c.Check(resp.Body.String(), check.Equals, "")
+       c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, "*")
+       c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Equals, "GET, POST")
+       c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Equals, "Range")
+
+       // Check preflight for a disallowed request
+       resp = httptest.NewRecorder()
+       req.Header.Set("Access-Control-Request-Method", "DELETE")
+       h.ServeHTTP(resp, req)
+       c.Check(resp.Body.String(), check.Equals, "")
+       c.Check(resp.Code, check.Equals, http.StatusMethodNotAllowed)
+}
+
+func (s *UnitSuite) TestInvalidUUID(c *check.C) {
+       bogusID := strings.Replace(arvadostest.FooPdh, "+", "-", 1) + "-"
+       token := arvadostest.ActiveToken
+       for _, trial := range []string{
+               "http://keep-web/c=" + bogusID + "/foo",
+               "http://keep-web/c=" + bogusID + "/t=" + token + "/foo",
+               "http://keep-web/collections/download/" + bogusID + "/" + token + "/foo",
+               "http://keep-web/collections/" + bogusID + "/foo",
+               "http://" + bogusID + ".keep-web/" + bogusID + "/foo",
+               "http://" + bogusID + ".keep-web/t=" + token + "/" + bogusID + "/foo",
+       } {
+               c.Log(trial)
+               u, err := url.Parse(trial)
+               c.Assert(err, check.IsNil)
+               req := &http.Request{
+                       Method:     "GET",
+                       Host:       u.Host,
+                       URL:        u,
+                       RequestURI: u.RequestURI(),
+               }
+               resp := httptest.NewRecorder()
+               h := handler{Config: &Config{
+                       AnonymousTokens: []string{arvadostest.AnonymousToken},
+               }}
+               h.ServeHTTP(resp, req)
+               c.Check(resp.Code, check.Equals, http.StatusNotFound)
+       }
+}
+
 func mustParseURL(s string) *url.URL {
        r, err := url.Parse(s)
        if err != nil {
@@ -350,49 +410,6 @@ func (s *IntegrationSuite) TestAnonymousTokenError(c *check.C) {
        )
 }
 
-func (s *IntegrationSuite) TestRange(c *check.C) {
-       s.testServer.Config.AnonymousTokens = []string{arvadostest.AnonymousToken}
-       u, _ := url.Parse("http://example.com/c=" + arvadostest.HelloWorldCollection + "/Hello%20world.txt")
-       req := &http.Request{
-               Method:     "GET",
-               Host:       u.Host,
-               URL:        u,
-               RequestURI: u.RequestURI(),
-               Header:     http.Header{"Range": {"bytes=0-4"}},
-       }
-       resp := httptest.NewRecorder()
-       s.testServer.Handler.ServeHTTP(resp, req)
-       c.Check(resp.Code, check.Equals, http.StatusPartialContent)
-       c.Check(resp.Body.String(), check.Equals, "Hello")
-       c.Check(resp.Header().Get("Content-Length"), check.Equals, "5")
-       c.Check(resp.Header().Get("Content-Range"), check.Equals, "bytes 0-4/12")
-
-       req.Header.Set("Range", "bytes=0-")
-       resp = httptest.NewRecorder()
-       s.testServer.Handler.ServeHTTP(resp, req)
-       // 200 and 206 are both correct:
-       c.Check(resp.Code, check.Equals, http.StatusOK)
-       c.Check(resp.Body.String(), check.Equals, "Hello world\n")
-       c.Check(resp.Header().Get("Content-Length"), check.Equals, "12")
-
-       // Unsupported ranges are ignored
-       for _, hdr := range []string{
-               "bytes=5-5",  // non-zero start byte
-               "bytes=-5",   // last 5 bytes
-               "cubits=0-5", // unsupported unit
-               "bytes=0-340282366920938463463374607431768211456", // 2^128
-       } {
-               req.Header.Set("Range", hdr)
-               resp = httptest.NewRecorder()
-               s.testServer.Handler.ServeHTTP(resp, req)
-               c.Check(resp.Code, check.Equals, http.StatusOK)
-               c.Check(resp.Body.String(), check.Equals, "Hello world\n")
-               c.Check(resp.Header().Get("Content-Length"), check.Equals, "12")
-               c.Check(resp.Header().Get("Content-Range"), check.Equals, "")
-               c.Check(resp.Header().Get("Accept-Ranges"), check.Equals, "bytes")
-       }
-}
-
 // XHRs can't follow redirect-with-cookie so they rely on method=POST
 // and disposition=attachment (telling us it's acceptable to respond
 // with content instead of a redirect) and an Origin header that gets