upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-02-03 20:40:00 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mattermost/server/public/shared/httpservice/client_test.go

373 lines
10 KiB
Go
Raw Permalink Normal View History

Consistent license message for all the go files (#13235) * Consistent license message for all the go files * Fixing the last set of unconsistencies with the license headers * Addressing PR review comments * Fixing busy.go and busy_test.go license header
2019-11-29 06:59:40 -05:00
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
Move HTTPService and ConfigService into services package (#9422) * Move HTTPService and ConfigService into utils package * Re-add StaticConfigService * Move config and http services into their own packages
2018-09-26 12:42:51 -04:00
package httpservice
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
import (
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
"context"
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
"fmt"
Replace deprecated ioutil with io and os (#20776) * Replace ioutil with io and os * Replace ioutil in utils/file.go * Minor fix to tests and excluded files Co-authored-by: Tim Scheuermann <tim.scheuermann@mattermost.com> Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2022-08-09 07:25:46 -04:00
"io"
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
"net"
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
"net/http"
"net/http/httptest"
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
"net/url"
MM-11931 Add support for AllowedUntrustedInternalConnections to be comma-separated (#11614) * Add support for AllowedUntrustedInternalConnections to be comma-separated * Add comprehensive test cases for fields splitting function
2019-07-17 10:04:09 -04:00
"strings"
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
"testing"
MM-11931 Add support for AllowedUntrustedInternalConnections to be comma-separated (#11614) * Add support for AllowedUntrustedInternalConnections to be comma-separated * Add comprehensive test cases for fields splitting function
2019-07-17 10:04:09 -04:00
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
"github.com/stretchr/testify/assert"
MM-11931 Add support for AllowedUntrustedInternalConnections to be comma-separated (#11614) * Add support for AllowedUntrustedInternalConnections to be comma-separated * Add comprehensive test cases for fields splitting function
2019-07-17 10:04:09 -04:00
"github.com/stretchr/testify/require"
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
)
HTTP client refactor (#7884) * http client refactor * simplification
2017-11-22 10:15:03 -05:00
func TestHTTPClient(t *testing.T) {
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
mockHTTP := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}))
defer mockHTTP.Close()
mockSelfSignedHTTPS := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}))
defer mockSelfSignedHTTPS.Close()
t.Run("insecure connections", func(t *testing.T) {
disableInsecureConnections := false
enableInsecureConnections := true
testCases := []struct {
description string
enableInsecureConnections bool
url string
expectedAllowed bool
}{
{"allow HTTP even when insecure disabled", disableInsecureConnections, mockHTTP.URL, true},
{"allow HTTP when insecure enabled", enableInsecureConnections, mockHTTP.URL, true},
{"reject self-signed HTTPS even when insecure disabled", disableInsecureConnections, mockSelfSignedHTTPS.URL, false},
{"allow self-signed HTTPS when insecure enabled", enableInsecureConnections, mockSelfSignedHTTPS.URL, true},
}
for _, testCase := range testCases {
t.Run(testCase.description, func(t *testing.T) {
c := NewHTTPClient(NewTransport(testCase.enableInsecureConnections, nil, nil))
if _, err := c.Get(testCase.url); testCase.expectedAllowed {
require.NoError(t, err)
} else {
require.Error(t, err)
}
})
}
})
t.Run("checks", func(t *testing.T) {
allowHost := func(_ string) bool { return true }
rejectHost := func(_ string) bool { return false }
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
allowIP := func(_ net.IP) error { return nil }
rejectIP := func(_ net.IP) error { return fmt.Errorf("IP not allowed") }
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
testCases := []struct {
description string
allowHost func(string) bool
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
allowIP func(net.IP) error
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
expectedAllowed bool
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
}{
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
{"allow with no checks", nil, nil, true},
{"reject without host check when ip rejected", nil, rejectIP, false},
{"allow without host check when ip allowed", nil, allowIP, true},
{"reject when host rejected since no ip check", rejectHost, nil, false},
{"reject when host and ip rejected", rejectHost, rejectIP, false},
{"allow when host rejected since ip allowed", rejectHost, allowIP, true},
{"allow when host allowed even without ip check", allowHost, nil, true},
{"allow when host allowed even if ip rejected", allowHost, rejectIP, true},
{"allow when host and ip allowed", allowHost, allowIP, true},
}
for _, testCase := range testCases {
t.Run(testCase.description, func(t *testing.T) {
Fix initialism errors (PR-2) (#17032) * Fix initialism errors * Fix check-mocks test * Revert mlog and filestore packages * Update plugin_hooks_test.go * Update opentracinglayer.go * Regenerate mocks and check store layers * Revert plugin's context changes * Update context.go * Update plugin_requests.go * Update plugin_hooks_test.go * Regenerate mocks * Regenerate mocks and store layers Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2021-04-03 03:13:22 -04:00
c := NewHTTPClient(NewTransport(false, testCase.allowHost, testCase.allowIP))
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
if _, err := c.Get(mockHTTP.URL); testCase.expectedAllowed {
require.NoError(t, err)
} else {
require.IsType(t, &url.Error{}, err)
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
require.Contains(t, err.(*url.Error).Err.Error(), "address forbidden")
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
}
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
})
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
}
MM-23666: rewrite TestHTTPClient (#14236) * MM-23666: rewrite TestHTTPClient The existing `TestHTTPClient` actually tries to reach google.com, making it brittle to network hiccups (as unlikely as that might be). Rewrite the test to rely on a local server instead. I found the existing implementation of `TestHTTPClient` extremely hard to understand, so I've rewritten it more explicitly, expanded coverage somewhat. In doing so, I found myself somewhat surprised by the current behaviour. If `allowHost` returns `true`, we ignore `allowIP` altogether. If `allowHost` returns `false`, we check with `allowIP`. There's a lack of symmetry here that the current filter names don't make clear. Perhaps `allowHost` should be renamed `skipIPCheckForHost`? Fixes: https://mattermost.atlassian.net/browse/MM-23666 * more compact assertions
2020-04-08 08:40:42 -04:00
})
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
}
HTTP client refactor (#7884) * http client refactor * simplification
2017-11-22 10:15:03 -05:00
func TestHTTPClientWithProxy(t *testing.T) {
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
proxy := createProxyServer()
defer proxy.Close()
MM-10417 Improve HTTPService for use in image proxy (#9966) * Replaced httpservice with proper http.Client * Added HTTPService.MakeTransport * Expose timeouts used by HTTPServiceImpl * Add additional documentation to HTTPService * Remove MockedHTTPService * Fix missing license
2018-12-12 11:39:14 -05:00
c := NewHTTPClient(NewTransport(true, nil, nil))
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
purl, _ := url.Parse(proxy.URL)
MM-10417 Improve HTTPService for use in image proxy (#9966) * Replaced httpservice with proper http.Client * Added HTTPService.MakeTransport * Expose timeouts used by HTTPServiceImpl * Add additional documentation to HTTPService * Remove MockedHTTPService * Fix missing license
2018-12-12 11:39:14 -05:00
c.Transport.(*MattermostTransport).Transport.(*http.Transport).Proxy = http.ProxyURL(purl)
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
resp, err := c.Get("http://acme.com")
Changed require.Nil to require.NoError when error type is used (#16900)
2021-02-10 03:30:36 -05:00
require.NoError(t, err)
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
defer resp.Body.Close()
Replace deprecated ioutil with io and os (#20776) * Replace ioutil with io and os * Replace ioutil in utils/file.go * Minor fix to tests and excluded files Co-authored-by: Tim Scheuermann <tim.scheuermann@mattermost.com> Co-authored-by: Mattermod <mattermod@users.noreply.github.com>
2022-08-09 07:25:46 -04:00
body, err := io.ReadAll(resp.Body)
Changed require.Nil to require.NoError when error type is used (#16900)
2021-02-10 03:30:36 -05:00
require.NoError(t, err)
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
require.Equal(t, "proxy", string(body))
httpservice: improve validation of proxied URLs (#29600)
2024-12-19 12:55:42 -05:00
t.Run("invalid IPv6 address in proxied URL", func(t *testing.T) {
c := NewHTTPClient(NewTransport(true, nil, nil))
t.Setenv("HTTP_PROXY", "http://proxy.example.org")
t.Setenv("HTTPS_PROXY", "https://proxy.example.org")
t.Setenv("NO_PROXY", ".example.com")
_, err := c.Get("http://[fe80::8e87:5021:6f6c:605e%25eth0]")
require.EqualError(t, err, `Get "http://[fe80::8e87:5021:6f6c:605e%25eth0]": invalid IPv6 address in URL: "fe80::8e87:5021:6f6c:605e%eth0"`)
})
PLT-5705 Created a single source of http.Client creation logic with internet proxy support, reasonable timeouts and optional insecure connections (#6503)
2017-05-31 10:34:05 -04:00
}
func createProxyServer() *httptest.Server {
return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(200)
w.Header().Set("Content-Type", "text/plain; charset=us-ascii")
fmt.Fprint(w, "proxy")
}))
}
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
func TestDialContextFilter(t *testing.T) {
for _, tc := range []struct {
Addr string
IsValid bool
}{
{
Addr: "google.com:80",
IsValid: true,
},
{
Addr: "8.8.8.8:53",
IsValid: true,
},
{
Addr: "127.0.0.1:80",
},
{
Addr: "10.0.0.1:80",
IsValid: true,
},
} {
didDial := false
filter := dialContextFilter(func(ctx context.Context, network, addr string) (net.Conn, error) {
didDial = true
return nil, nil
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
}, func(host string) bool { return host == "10.0.0.1" }, func(ip net.IP) error {
if IsReservedIP(ip) {
return fmt.Errorf("IP %s is reserved", ip)
}
return nil
})
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
_, err := filter(context.Background(), "", tc.Addr)
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
if tc.IsValid {
Changed require.Nil to require.NoError when error type is used (#16900)
2021-02-10 03:30:36 -05:00
require.NoError(t, err)
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
require.True(t, didDial)
} else {
Changed require.Nil to require.NoError when error type is used (#16900)
2021-02-10 03:30:36 -05:00
require.Error(t, err)
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
require.Contains(t, err.Error(), "address forbidden")
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
require.False(t, didDial)
PLT-6358: Server HTTP client improvements (#6980) * restrict untrusted, internal http connections by default * command test fix * more test fixes * change setting from toggle to whitelist * requested ui changes * add isdefault diagnostic * fix tests
2017-08-09 16:49:07 -04:00
}
}
}
Set a proper HTTP user-agent header (#9482) Previously, mattermost-server would always request with the default user-agent of Go's net/http package that is `Go-http-client/1.1` or something similar. This has several disadvantages, one is that the default user-agent made it pretty hard to distinguish mattermost requests from other service requests in a network log for example. Now a user-agent of the form `mattermost-<current-version>` is set in the client. - [x] Added or updated unit tests (required for all new features)
2018-10-03 13:28:44 -04:00
func TestUserAgentIsSet(t *testing.T) {
testUserAgent := "test-user-agent"
defaultUserAgent = testUserAgent
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
ua := req.UserAgent()
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
assert.NotEqual(t, "", ua, "expected user-agent to be non-empty")
assert.Equalf(t, testUserAgent, ua, "expected user-agent to be %q but was %q", testUserAgent, ua)
Set a proper HTTP user-agent header (#9482) Previously, mattermost-server would always request with the default user-agent of Go's net/http package that is `Go-http-client/1.1` or something similar. This has several disadvantages, one is that the default user-agent made it pretty hard to distinguish mattermost requests from other service requests in a network log for example. Now a user-agent of the form `mattermost-<current-version>` is set in the client. - [x] Added or updated unit tests (required for all new features)
2018-10-03 13:28:44 -04:00
}))
defer ts.Close()
MM-10417 Improve HTTPService for use in image proxy (#9966) * Replaced httpservice with proper http.Client * Added HTTPService.MakeTransport * Expose timeouts used by HTTPServiceImpl * Add additional documentation to HTTPService * Remove MockedHTTPService * Fix missing license
2018-12-12 11:39:14 -05:00
client := NewHTTPClient(NewTransport(true, nil, nil))
Set a proper HTTP user-agent header (#9482) Previously, mattermost-server would always request with the default user-agent of Go's net/http package that is `Go-http-client/1.1` or something similar. This has several disadvantages, one is that the default user-agent made it pretty hard to distinguish mattermost requests from other service requests in a network log for example. Now a user-agent of the form `mattermost-<current-version>` is set in the client. - [x] Added or updated unit tests (required for all new features)
2018-10-03 13:28:44 -04:00
req, err := http.NewRequest("GET", ts.URL, nil)
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
Changed require.Nil to require.NoError when error type is used (#16900)
2021-02-10 03:30:36 -05:00
require.NoError(t, err, "NewRequest failed", err)
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
Move HTTP service to public for plugin use (#27284) * Move httpservice for use in plugins * Adapt httpservice for plugin use * Fix lint
2024-06-05 12:58:04 -04:00
_, err = client.Do(req)
require.NoError(t, err, "Do failed", err)
Set a proper HTTP user-agent header (#9482) Previously, mattermost-server would always request with the default user-agent of Go's net/http package that is `Go-http-client/1.1` or something similar. This has several disadvantages, one is that the default user-agent made it pretty hard to distinguish mattermost requests from other service requests in a network log for example. Now a user-agent of the form `mattermost-<current-version>` is set in the client. - [x] Added or updated unit tests (required for all new features)
2018-10-03 13:28:44 -04:00
}
MM-13606 Remove consumeAndClose and clean up integration response handling (#10066) * MM-13606 Remove consumeAndClose * Allow overriding HTTPService's request timeout * MM-13606 Clean up integration response handling * Properly close httptest servers * Address feedback * Only call buf.Bytes when necessary * Properly check for errors in doOutgoingWebhookRequest * Add comment explaining ignored ioutil.ReadAll errors
2019-01-09 17:07:08 -05:00
func NewHTTPClient(transport http.RoundTripper) *http.Client {
return &http.Client{
Transport: transport,
}
}
[MM-14333] Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted (#10375) * Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted * gofmt * Documentation; Style fixes for IsOwnIP function
2019-03-01 10:22:24 -05:00
func TestIsReservedIP(t *testing.T) {
tests := []struct {
name string
MM-15276: Migrate Team.Update to sync by default (#10693) * MM-15276: Migrate Team.Update to sync by default * MM-15276: Addressing review comments and change Update func signature similar to other interface Update method * update store mocks for update fn * addressing review comments
2019-04-25 09:29:02 -04:00
ip net.IP
[MM-14333] Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted (#10375) * Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted * gofmt * Documentation; Style fixes for IsOwnIP function
2019-03-01 10:22:24 -05:00
want bool
}{
{"127.8.3.5", net.IPv4(127, 8, 3, 5), true},
{"192.168.0.1", net.IPv4(192, 168, 0, 1), true},
{"169.254.0.6", net.IPv4(169, 254, 0, 6), true},
{"127.120.6.3", net.IPv4(127, 120, 6, 3), true},
{"8.8.8.8", net.IPv4(8, 8, 8, 8), false},
{"9.9.9.9", net.IPv4(9, 9, 9, 8), false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Migrate tests from services/httpservice/client_test.go to testify (#12743)
2019-10-22 08:40:50 -04:00
got := IsReservedIP(tt.ip)
assert.Equalf(t, tt.want, got, "IsReservedIP() = %v, want %v", got, tt.want)
[MM-14333] Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted (#10375) * Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted * gofmt * Documentation; Style fixes for IsOwnIP function
2019-03-01 10:22:24 -05:00
})
}
}
func TestIsOwnIP(t *testing.T) {
tests := []struct {
name string
MM-15276: Migrate Team.Update to sync by default (#10693) * MM-15276: Migrate Team.Update to sync by default * MM-15276: Addressing review comments and change Update func signature similar to other interface Update method * update store mocks for update fn * addressing review comments
2019-04-25 09:29:02 -04:00
ip net.IP
[MM-14333] Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted (#10375) * Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted * gofmt * Documentation; Style fixes for IsOwnIP function
2019-03-01 10:22:24 -05:00
want bool
}{
{"127.0.0.1", net.IPv4(127, 0, 0, 1), true},
{"8.8.8.8", net.IPv4(8, 0, 0, 8), false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Improve HTTP service IP and host validation error messages (#33450) Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
2025-07-22 08:49:32 -04:00
got, err := IsOwnIP(tt.ip)
require.NoError(t, err)
assert.Equal(t, tt.want, got)
[MM-14333] Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted (#10375) * Stricten external HTTP Calls to require that own IPs need to be explicitly whitelisted * gofmt * Documentation; Style fixes for IsOwnIP function
2019-03-01 10:22:24 -05:00
})
}
}
MM-11931 Add support for AllowedUntrustedInternalConnections to be comma-separated (#11614) * Add support for AllowedUntrustedInternalConnections to be comma-separated * Add comprehensive test cases for fields splitting function
2019-07-17 10:04:09 -04:00
func TestSplitHostnames(t *testing.T) {
var config string
var hostnames []string
config = ""
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{}, hostnames)
config = "127.0.0.1 localhost"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1,localhost"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1,,localhost"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1 localhost"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1 , localhost"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1 localhost "
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = " 127.0.0.1 ,,localhost , , ,,"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost"}, hostnames)
config = "127.0.0.1 localhost, 192.168.1.0"
hostnames = strings.FieldsFunc(config, splitFields)
require.Equal(t, []string{"127.0.0.1", "localhost", "192.168.1.0"}, hostnames)
}
httpservice: improve validation of proxied URLs (#29600)
2024-12-19 12:55:42 -05:00
func TestGetProxyFn(t *testing.T) {
t.Setenv("HTTP_PROXY", "http://proxy.example.org")
t.Setenv("HTTPS_PROXY", "https://proxy.example.org")
t.Setenv("NO_PROXY", ".example.com")
for _, tc := range []struct {
name string
input string
output string
err string
}{
{
name: "empty",
},
{
name: "no proxy",
input: "http://test.example.com",
},
{
name: "localhost",
input: "http://localhost",
},
{
name: "hostname",
input: "http://example.org",
output: "http://proxy.example.org",
},
{
name: "hostname with port",
input: "http://example.org:4545",
output: "http://proxy.example.org",
},
{
name: "https",
input: "https://example.org",
output: "https://proxy.example.org",
},
{
name: "ipv4",
input: "http://10.0.0.45",
output: "http://proxy.example.org",
},
{
name: "ipv4 with port",
input: "http://10.0.0.45:4545",
output: "http://proxy.example.org",
},
{
name: "ipv6",
input: "http://[fe80::8e87:5021:6f6c:605e]",
output: "http://proxy.example.org",
},
{
name: "ipv6 with port",
input: "http://[fe80::8e87:5021:6f6c:605e]:4545",
output: "http://proxy.example.org",
},
{
name: "ipv6 with zone",
input: "http://[fe80::8e87:5021:6f6c:605e%25eth0]",
output: "http://proxy.example.org",
err: `invalid IPv6 address in URL: "fe80::8e87:5021:6f6c:605e%eth0"`,
},
{
name: "ipv6 with zone and port",
input: "http://[fe80::8e87:5021:6f6c:605e%25eth0]:4545",
output: "http://proxy.example.org",
err: `invalid IPv6 address in URL: "fe80::8e87:5021:6f6c:605e%eth0"`,
},
} {
t.Run(tc.name, func(t *testing.T) {
inURL, err := url.Parse(tc.input)
require.NoError(t, err)
outURL, err := getProxyFn()(&http.Request{
URL: inURL,
})
if tc.err != "" { // error case
require.EqualError(t, err, tc.err)
return
}
require.NoError(t, err)
if tc.output == "" { // not proxied case
require.Nil(t, outURL)
} else { // proxied case
require.NotNil(t, outURL)
require.Equal(t, tc.output, outURL.String())
}
})
}
}
Reference in a new issue Copy permalink