Fix hidden root navigation and browser fill matching
This commit is contained in:
+21
-5
@@ -1027,12 +1027,28 @@ func normalizedBrowserHost(raw string) (string, error) {
|
||||
return host, nil
|
||||
}
|
||||
|
||||
func classifyBrowserEntryMatch(pageHost, rawEntryURL string) (string, int) {
|
||||
parsed, err := url.Parse(strings.TrimSpace(rawEntryURL))
|
||||
if err != nil {
|
||||
return "", 0
|
||||
func normalizedBrowserEntryHost(raw string) string {
|
||||
raw = strings.TrimSpace(raw)
|
||||
if raw == "" {
|
||||
return ""
|
||||
}
|
||||
entryHost := strings.ToLower(parsed.Hostname())
|
||||
parsed, err := url.Parse(raw)
|
||||
if err == nil {
|
||||
if host := strings.ToLower(parsed.Hostname()); host != "" {
|
||||
return host
|
||||
}
|
||||
}
|
||||
if !strings.Contains(raw, "://") {
|
||||
parsed, err = url.Parse("https://" + raw)
|
||||
if err == nil {
|
||||
return strings.ToLower(parsed.Hostname())
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func classifyBrowserEntryMatch(pageHost, rawEntryURL string) (string, int) {
|
||||
entryHost := normalizedBrowserEntryHost(rawEntryURL)
|
||||
if entryHost == "" {
|
||||
return "", 0
|
||||
}
|
||||
|
||||
@@ -184,6 +184,40 @@ func TestVaultServiceFindsBrowserLoginsForAuthorizedClients(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestVaultServiceFindsBrowserLoginsForSchemeLessEntryURLs(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
client, _, cleanup := newTestClientForModel(t, vault.Model{
|
||||
Entries: []vault.Entry{
|
||||
{
|
||||
ID: "gitlab",
|
||||
Title: "GitLab",
|
||||
Username: "jjulian",
|
||||
Password: "secret",
|
||||
URL: "gitlab.com",
|
||||
Path: []string{"Root", "Internet"},
|
||||
},
|
||||
testAPITokenEntry(t,
|
||||
apitokens.PolicyRule{Effect: apitokens.EffectAllow, Operation: apitokens.OperationListEntries, Resource: apitokens.Resource{Kind: apitokens.ResourceGroup, Path: []string{"Root"}}},
|
||||
),
|
||||
},
|
||||
})
|
||||
defer cleanup()
|
||||
|
||||
resp, err := client.FindBrowserLogins(tokenContext(defaultTestTokenSecret), &keepassgov1.FindBrowserLoginsRequest{
|
||||
PageUrl: "https://gitlab.com/users/sign_in",
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatalf("FindBrowserLogins() error = %v", err)
|
||||
}
|
||||
if len(resp.Matches) != 1 {
|
||||
t.Fatalf("len(FindBrowserLogins().Matches) = %d, want 1", len(resp.Matches))
|
||||
}
|
||||
if resp.Matches[0].Id != "gitlab" {
|
||||
t.Fatalf("FindBrowserLogins().Matches[0].Id = %q, want gitlab", resp.Matches[0].Id)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVaultServiceFindsBrowserLoginsWithinAuthorizedGroupScope(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user