|
| 1 | +/* |
| 2 | + * Copyright 2017-2026 original authors |
| 3 | + * |
| 4 | + * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | + * you may not use this file except in compliance with the License. |
| 6 | + * You may obtain a copy of the License at |
| 7 | + * |
| 8 | + * https://www.apache.org/licenses/LICENSE-2.0 |
| 9 | + * |
| 10 | + * Unless required by applicable law or agreed to in writing, software |
| 11 | + * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | + * See the License for the specific language governing permissions and |
| 14 | + * limitations under the License. |
| 15 | + */ |
| 16 | +package io.micronaut.http.client.tck.tests; |
| 17 | + |
| 18 | +import io.micronaut.context.annotation.Requires; |
| 19 | +import io.micronaut.http.HttpHeaders; |
| 20 | +import io.micronaut.http.HttpRequest; |
| 21 | +import io.micronaut.http.HttpResponse; |
| 22 | +import io.micronaut.http.HttpStatus; |
| 23 | +import io.micronaut.http.MediaType; |
| 24 | +import io.micronaut.http.annotation.Consumes; |
| 25 | +import io.micronaut.http.annotation.Controller; |
| 26 | +import io.micronaut.http.annotation.Get; |
| 27 | +import io.micronaut.http.annotation.Post; |
| 28 | +import io.micronaut.http.annotation.QueryValue; |
| 29 | +import io.micronaut.http.tck.ServerUnderTest; |
| 30 | +import io.micronaut.http.tck.ServerUnderTestProviderUtils; |
| 31 | +import org.junit.jupiter.params.ParameterizedTest; |
| 32 | +import org.junit.jupiter.params.provider.ValueSource; |
| 33 | + |
| 34 | +import java.io.IOException; |
| 35 | +import java.net.URI; |
| 36 | +import java.util.Collections; |
| 37 | +import java.util.LinkedHashMap; |
| 38 | +import java.util.Map; |
| 39 | +import java.util.TreeMap; |
| 40 | + |
| 41 | +import static io.micronaut.http.tck.TestScenario.asserts; |
| 42 | +import static org.junit.jupiter.api.Assertions.assertEquals; |
| 43 | + |
| 44 | +class RedirectHeaderCopyTest { |
| 45 | + private static final String SPEC_NAME = "RedirectHeaderCopyTest"; |
| 46 | + private static final String BLOCKING_CLIENT_PROPERTY = "use.blocking.client"; |
| 47 | + |
| 48 | + @ParameterizedTest(name = "blocking={0}") |
| 49 | + @ValueSource(booleans = {true, false}) |
| 50 | + void copiedHeadersForDirectRequest(boolean blocking) throws IOException { |
| 51 | + assertHeaders(blocking, |
| 52 | + "/redirect/echo-headers", |
| 53 | + Map.of( |
| 54 | + HttpHeaders.AUTHORIZATION, "Bearer direct", |
| 55 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-direct", |
| 56 | + HttpHeaders.COOKIE, "one=direct", |
| 57 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 58 | + "X-UnknownHeader", "direct" |
| 59 | + ), |
| 60 | + Map.of( |
| 61 | + HttpHeaders.AUTHORIZATION, "Bearer direct", |
| 62 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-direct", |
| 63 | + HttpHeaders.COOKIE, "one=direct", |
| 64 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 65 | + "X-UnknownHeader", "direct" |
| 66 | + )); |
| 67 | + } |
| 68 | + |
| 69 | + @ParameterizedTest(name = "blocking={0}") |
| 70 | + @ValueSource(booleans = {true, false}) |
| 71 | + void copiedHeadersForSameOriginRedirect(boolean blocking) throws IOException { |
| 72 | + assertHeaders(blocking, |
| 73 | + "/same-origin-redirect/redirect-to-echo", |
| 74 | + Map.of( |
| 75 | + HttpHeaders.AUTHORIZATION, "Bearer same-origin", |
| 76 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-same-origin", |
| 77 | + HttpHeaders.COOKIE, "one=same-origin", |
| 78 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 79 | + "X-UnknownHeader", "same-origin" |
| 80 | + ), |
| 81 | + Map.of( |
| 82 | + HttpHeaders.AUTHORIZATION, "Bearer same-origin", |
| 83 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-same-origin", |
| 84 | + HttpHeaders.COOKIE, "one=same-origin", |
| 85 | + "X-UnknownHeader", "same-origin" |
| 86 | + )); |
| 87 | + } |
| 88 | + |
| 89 | + @ParameterizedTest(name = "blocking={0}") |
| 90 | + @ValueSource(booleans = {true, false}) |
| 91 | + @SuppressWarnings("java:S3655") |
| 92 | + void copiedHeadersForCrossOriginRedirect(boolean blocking) throws IOException { |
| 93 | + try (ServerUnderTest otherServer = ServerUnderTestProviderUtils.getServerUnderTestProvider().getServer(SPEC_NAME, Collections.singletonMap("redirect.server", "true"))) { |
| 94 | + assertHeaders(blocking, |
| 95 | + "/cross-origin-redirect/redirect-to-echo?redirect-server-port=" + otherServer.getPort().orElseThrow(), |
| 96 | + Map.of( |
| 97 | + HttpHeaders.AUTHORIZATION, "Bearer cross-origin", |
| 98 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-cross-origin", |
| 99 | + HttpHeaders.COOKIE, "one=cross-origin", |
| 100 | + "X-UnknownHeader", "cross-origin" |
| 101 | + ), |
| 102 | + Map.of( |
| 103 | + "X-UnknownHeader", "cross-origin" |
| 104 | + )); |
| 105 | + } |
| 106 | + } |
| 107 | + |
| 108 | + @ParameterizedTest(name = "blocking={0}") |
| 109 | + @ValueSource(booleans = {true, false}) |
| 110 | + @SuppressWarnings("java:S3655") |
| 111 | + void headersAreRetainedForSameOrigin307Redirect(boolean blocking) throws IOException { |
| 112 | + assertPostHeaders(blocking, |
| 113 | + "/same-origin-redirect/redirect307-to-echo", |
| 114 | + Map.of( |
| 115 | + HttpHeaders.AUTHORIZATION, "Bearer same-origin-307", |
| 116 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-same-origin-307", |
| 117 | + HttpHeaders.COOKIE, "one=same-origin-307", |
| 118 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 119 | + "X-UnknownHeader", "same-origin-307" |
| 120 | + ), |
| 121 | + Map.of( |
| 122 | + HttpHeaders.AUTHORIZATION, "Bearer same-origin-307", |
| 123 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-same-origin-307", |
| 124 | + HttpHeaders.COOKIE, "one=same-origin-307", |
| 125 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 126 | + "content-length", "4", |
| 127 | + "X-UnknownHeader", "same-origin-307", |
| 128 | + "X-Method", "POST" |
| 129 | + )); |
| 130 | + } |
| 131 | + |
| 132 | + @ParameterizedTest(name = "blocking={0}") |
| 133 | + @ValueSource(booleans = {true, false}) |
| 134 | + @SuppressWarnings("java:S3655") |
| 135 | + void headersAreRetainedForCrossOrigin307Redirect(boolean blocking) throws IOException { |
| 136 | + try (ServerUnderTest otherServer = ServerUnderTestProviderUtils.getServerUnderTestProvider().getServer(SPEC_NAME, Collections.singletonMap("redirect.server", "true"))) { |
| 137 | + assertPostHeaders(blocking, |
| 138 | + "/cross-origin-redirect/redirect307-to-echo?redirect-server-port=" + otherServer.getPort().orElseThrow(), |
| 139 | + Map.of( |
| 140 | + HttpHeaders.AUTHORIZATION, "Bearer cross-origin-307", |
| 141 | + HttpHeaders.PROXY_AUTHORIZATION, "Basic proxy-cross-origin-307", |
| 142 | + HttpHeaders.COOKIE, "one=cross-origin-307", |
| 143 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 144 | + "X-UnknownHeader", "cross-origin-307" |
| 145 | + ), |
| 146 | + Map.of( |
| 147 | + HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_TYPE.toString(), |
| 148 | + "content-length", "4", |
| 149 | + "X-UnknownHeader", "cross-origin-307", |
| 150 | + "X-Method", "POST" |
| 151 | + )); |
| 152 | + } |
| 153 | + } |
| 154 | + |
| 155 | + private void assertHeaders(boolean blocking, String uri, Map<String, String> requestHeaders, Map<String, String> expectedHeaders) throws IOException { |
| 156 | + assertHeaders(blocking, uri, requestHeaders, expectedHeaders, null); |
| 157 | + } |
| 158 | + |
| 159 | + private void assertHeaders(boolean blocking, String uri, Map<String, String> requestHeaders, Map<String, String> expectedHeaders, Integer redirectPort) throws IOException { |
| 160 | + var request = HttpRequest.GET(uri); |
| 161 | + requestHeaders.forEach(request::header); |
| 162 | + Map<String, Object> properties = redirectPort == null ? Map.of(BLOCKING_CLIENT_PROPERTY, blocking) : Map.of( |
| 163 | + BLOCKING_CLIENT_PROPERTY, blocking, |
| 164 | + "redirect.server.port", Integer.toString(redirectPort) |
| 165 | + ); |
| 166 | + asserts(SPEC_NAME, |
| 167 | + properties, |
| 168 | + request, |
| 169 | + (server, requestUnderTest) -> { |
| 170 | + HttpResponse<Map> response = server.exchange(requestUnderTest, Map.class); |
| 171 | + assertEquals(HttpStatus.OK, response.getStatus()); |
| 172 | + assertEquals(normalizeHeaders(expectedHeaders), normalizeHeaders(response.body())); |
| 173 | + } |
| 174 | + ); |
| 175 | + } |
| 176 | + |
| 177 | + private void assertPostHeaders(boolean blocking, String uri, Map<String, String> requestHeaders, Map<String, String> expectedHeaders) throws IOException { |
| 178 | + var request = HttpRequest.POST(uri, "body"); |
| 179 | + requestHeaders.forEach(request::header); |
| 180 | + asserts(SPEC_NAME, |
| 181 | + Map.of(BLOCKING_CLIENT_PROPERTY, blocking), |
| 182 | + request, |
| 183 | + (server, requestUnderTest) -> { |
| 184 | + HttpResponse<Map> response = server.exchange(requestUnderTest, Map.class); |
| 185 | + assertEquals(HttpStatus.OK, response.getStatus()); |
| 186 | + assertEquals(normalizeHeaders(expectedHeaders), normalizeHeaders(response.body())); |
| 187 | + } |
| 188 | + ); |
| 189 | + } |
| 190 | + |
| 191 | + private Map<String, String> normalizeHeaders(Map<?, ?> actualHeaders) { |
| 192 | + TreeMap<String, String> normalized = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); |
| 193 | + actualHeaders.forEach((key, value) -> normalized.put(String.valueOf(key), String.valueOf(value))); |
| 194 | + return normalized; |
| 195 | + } |
| 196 | + |
| 197 | + @Requires(property = "spec.name", value = SPEC_NAME) |
| 198 | + @Controller("/redirect") |
| 199 | + @SuppressWarnings("checkstyle:MissingJavadocType") |
| 200 | + static class HeaderEchoController { |
| 201 | + |
| 202 | + @Get("/echo-headers") |
| 203 | + Map<String, String> echoHeaders(HttpRequest<?> request) { |
| 204 | + Map<String, String> headers = new LinkedHashMap<>(); |
| 205 | + request.getHeaders().forEach((name, values) -> { |
| 206 | + if (!HttpHeaders.CONNECTION.equalsIgnoreCase(name) |
| 207 | + && !HttpHeaders.HOST.equalsIgnoreCase(name) |
| 208 | + && !"Upgrade".equalsIgnoreCase(name) |
| 209 | + && !"HTTP2-Settings".equalsIgnoreCase(name) |
| 210 | + && !HttpHeaders.USER_AGENT.equalsIgnoreCase(name)) { |
| 211 | + headers.put(name, values.get(0)); |
| 212 | + } |
| 213 | + }); |
| 214 | + return headers; |
| 215 | + } |
| 216 | + |
| 217 | + @Post("/echo-post-headers") |
| 218 | + @Consumes(MediaType.ALL) |
| 219 | + Map<String, String> echoPostHeaders(HttpRequest<?> request) { |
| 220 | + Map<String, String> headers = echoHeaders(request); |
| 221 | + headers.put("X-Method", request.getMethodName()); |
| 222 | + return headers; |
| 223 | + } |
| 224 | + } |
| 225 | + |
| 226 | + @Requires(property = "spec.name", value = SPEC_NAME) |
| 227 | + @Controller("/same-origin-redirect") |
| 228 | + @SuppressWarnings("checkstyle:MissingJavadocType") |
| 229 | + static class SameOriginRedirectController { |
| 230 | + |
| 231 | + @Get("/redirect-to-echo") |
| 232 | + HttpResponse<?> redirectToEcho() { |
| 233 | + return HttpResponse.redirect(URI.create("/redirect/echo-headers")); |
| 234 | + } |
| 235 | + |
| 236 | + @Post("/redirect307-to-echo") |
| 237 | + @Consumes(MediaType.ALL) |
| 238 | + HttpResponse<?> redirect307ToEcho() { |
| 239 | + return HttpResponse.status(HttpStatus.TEMPORARY_REDIRECT).headers(headers -> headers.location(URI.create("/redirect/echo-post-headers"))); |
| 240 | + } |
| 241 | + } |
| 242 | + |
| 243 | + @Requires(property = "spec.name", value = SPEC_NAME) |
| 244 | + @Controller("/cross-origin-redirect") |
| 245 | + @SuppressWarnings("checkstyle:MissingJavadocType") |
| 246 | + static class CrossOriginRedirectController { |
| 247 | + |
| 248 | + @Get("/redirect-to-echo") |
| 249 | + HttpResponse<?> redirectToEcho(@QueryValue("redirect-server-port") String redirectServerPort) { |
| 250 | + return HttpResponse.redirect(URI.create("http://localhost:" + redirectServerPort + "/redirect/echo-headers")); |
| 251 | + } |
| 252 | + |
| 253 | + @Post("/redirect307-to-echo") |
| 254 | + @Consumes(MediaType.ALL) |
| 255 | + HttpResponse<?> redirect307ToEcho(@QueryValue("redirect-server-port") String redirectServerPort) { |
| 256 | + return HttpResponse.status(HttpStatus.TEMPORARY_REDIRECT) |
| 257 | + .headers(headers -> headers.location(URI.create("http://localhost:" + redirectServerPort + "/redirect/echo-post-headers"))); |
| 258 | + } |
| 259 | + } |
| 260 | +} |
0 commit comments