+htp #20535 add checkSameOrigin directive to HeaderDirectives (#20560)

* #20535 add checkSameOrigin directive to WebSocketDirectives * refactoring + add docs * refactoring + cleanup in docs * fix types and conversions in the InvalidOriginHeaderRejection * simplify InvalidOriginHeaderRejection to InvalidOriginRejection
2016-06-02 13:58:20 +04:00 · 2016-06-02 13:58:20 +04:00 · 0eda4075ef
commit 0eda4075ef
parent 8ba36be6c4
16 changed files with 237 additions and 27 deletions
--- a/akka-docs/rst/scala/code/docs/http/scaladsl/server/directives/HeaderDirectivesExamplesSpec.scala
+++ b/akka-docs/rst/scala/code/docs/http/scaladsl/server/directives/HeaderDirectivesExamplesSpec.scala
@ -4,13 +4,11 @@

 package docs.http.scaladsl.server.directives

+import akka.http.scaladsl.model.StatusCodes._
 import akka.http.scaladsl.model._
-import akka.http.scaladsl.server.MissingHeaderRejection
-import akka.http.scaladsl.server.Route
-import akka.http.scaladsl.server.util.ClassMagnet
+import akka.http.scaladsl.model.headers._
+import akka.http.scaladsl.server.{ InvalidOriginRejection, MissingHeaderRejection, Route }
 import docs.http.scaladsl.server.RoutingSpec
-import headers._
-import StatusCodes._
 import org.scalatest.Inside

 class HeaderDirectivesExamplesSpec extends RoutingSpec with Inside {
@ -186,4 +184,38 @@ class HeaderDirectivesExamplesSpec extends RoutingSpec with Inside {
      responseAs[String] shouldEqual "No Origin header found."
    }
  }
+  "checkSameOrigin-0" in {
+    val correctOrigin = HttpOrigin("http://localhost:8080")
+    val route = checkSameOrigin(HttpOriginRange(correctOrigin)) {
+      complete("Result")
+    }
+
+    // tests:
+    // handle request with correct origin headers
+    Get("abc") ~> Origin(correctOrigin) ~> route ~> check {
+      status shouldEqual StatusCodes.OK
+      responseAs[String] shouldEqual "Result"
+    }
+
+    // reject request with missed origin header
+    Get("abc") ~> route ~> check {
+      inside(rejection) {
+        case MissingHeaderRejection(headerName) ⇒ headerName shouldEqual Origin.name
+      }
+    }
+
+    // rejects request with invalid origin headers
+    val invalidHttpOrigin = HttpOrigin("http://invalid.com")
+    val invalidOriginHeader = Origin(invalidHttpOrigin)
+    Get("abc") ~> invalidOriginHeader ~> route ~> check {
+      inside(rejection) {
+        case InvalidOriginRejection(invalidOrigins) ⇒
+          invalidOrigins shouldEqual Seq(invalidHttpOrigin)
+      }
+    }
+    Get("abc") ~> invalidOriginHeader ~> Route.seal(route) ~> check {
+      status shouldEqual StatusCodes.Forbidden
+      responseAs[String] should include(s"${invalidHttpOrigin.value}")
+    }
+  }
 }