directus

is-login-redirect-allowed.test.ts
78 строк · 2.8 Кб
Перенос по словам
1
import { vi, expect, test, afterEach } from 'vitest';
2
import { useEnv } from '@directus/env';
3
import { isLoginRedirectAllowed } from './is-login-redirect-allowed.js';
4

5
vi.mock('@directus/env');
6

7
afterEach(() => {
8
	vi.clearAllMocks();
9
});
10

11
test('isLoginRedirectAllowed returns true with no redirect', () => {
12
	const redirect = undefined;
13
	const provider = 'local';
14

15
	expect(isLoginRedirectAllowed(redirect, provider)).toBe(true);
16
});
17

18
test('isLoginRedirectAllowed returns false with invalid redirect', () => {
19
	const redirect = 123456;
20
	const provider = 'local';
21

22
	expect(isLoginRedirectAllowed(redirect, provider)).toBe(false);
23
});
24

25
test('isLoginRedirectAllowed returns true for allowed URL', () => {
26
	const provider = 'local';
27

28
	vi.mocked(useEnv).mockReturnValue({
29
		[`AUTH_${provider.toUpperCase()}_REDIRECT_ALLOW_LIST`]:
30
			'http://external.example.com,https://external.example.com,http://external.example.com:8055/test',
31
		PUBLIC_URL: 'http://public.example.com',
32
	});
33

34
	expect(isLoginRedirectAllowed('http://public.example.com', provider)).toBe(true);
35
	expect(isLoginRedirectAllowed('http://external.example.com', provider)).toBe(true);
36
	expect(isLoginRedirectAllowed('https://external.example.com', provider)).toBe(true);
37
	expect(isLoginRedirectAllowed('http://external.example.com:8055/test', provider)).toBe(true);
38
});
39

40
test('isLoginRedirectAllowed returns false for denied URL', () => {
41
	const provider = 'local';
42

43
	vi.mocked(useEnv).mockReturnValue({
44
		[`AUTH_${provider.toUpperCase()}_REDIRECT_ALLOW_LIST`]: 'http://external.example.com',
45
		PUBLIC_URL: 'http://public.example.com',
46
	});
47

48
	expect(isLoginRedirectAllowed('https://external.example.com', provider)).toBe(false);
49
	expect(isLoginRedirectAllowed('http://external.example.com:8055', provider)).toBe(false);
50
	expect(isLoginRedirectAllowed('http://external.example.com/test', provider)).toBe(false);
51
});
52

53
test('isLoginRedirectAllowed returns true for relative paths', () => {
54
	const provider = 'local';
55

56
	vi.mocked(useEnv).mockReturnValue({
57
		[`AUTH_${provider.toUpperCase()}_REDIRECT_ALLOW_LIST`]: 'http://external.example.com',
58
		PUBLIC_URL: 'http://public.example.com',
59
	});
60

61
	expect(isLoginRedirectAllowed('/admin/content', provider)).toBe(true);
62
	expect(isLoginRedirectAllowed('../admin/content', provider)).toBe(true);
63
	expect(isLoginRedirectAllowed('./admin/content', provider)).toBe(true);
64

65
	expect(isLoginRedirectAllowed('http://public.example.com/admin/content', provider)).toBe(true);
66
});
67

68
test('isLoginRedirectAllowed returns false if missing protocol', () => {
69
	const provider = 'local';
70

71
	vi.mocked(useEnv).mockReturnValue({
72
		[`AUTH_${provider.toUpperCase()}_REDIRECT_ALLOW_LIST`]: 'http://example.com',
73
		PUBLIC_URL: 'http://example.com',
74
	});
75

76
	expect(isLoginRedirectAllowed('//example.com/admin/content', provider)).toBe(false);
77
	expect(isLoginRedirectAllowed('//user@password:example.com/', provider)).toBe(false);
78
});
79
directus

Использование cookies
