-
Notifications
You must be signed in to change notification settings - Fork 2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: pre-request script variable hostname certificate resolution
- Loading branch information
1 parent
eca35d8
commit 67e40d0
Showing
9 changed files
with
221 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
_type: export | ||
__export_format: 4 | ||
__export_date: 2024-12-11T21:49:50.826Z | ||
__export_source: insomnia.desktop.app:v10.2.1-beta.1 | ||
resources: | ||
- _id: req_23f466953bff448faaf482e59624b17d | ||
parentId: wrk_78f64a950d1248599ddbfcb2dbe4a4e0 | ||
modified: 1733953779068 | ||
created: 1733930967254 | ||
url: https://localhost:4011/protected/pets/2 | ||
name: pet 2 | ||
description: "" | ||
method: GET | ||
body: {} | ||
parameters: [] | ||
headers: | ||
- name: User-Agent | ||
value: insomnia/10.2.1-beta.1 | ||
authentication: {} | ||
preRequestScript: console.log('yippee') | ||
metaSortKey: -1733930967254 | ||
isPrivate: false | ||
pathParameters: [] | ||
settingStoreCookies: true | ||
settingSendCookies: true | ||
settingDisableRenderRequestBody: false | ||
settingEncodeUrl: true | ||
settingRebuildPath: true | ||
settingFollowRedirects: global | ||
_type: request | ||
- _id: wrk_78f64a950d1248599ddbfcb2dbe4a4e0 | ||
parentId: null | ||
modified: 1733930502550 | ||
created: 1733930502550 | ||
name: client-certs | ||
description: "" | ||
scope: collection | ||
_type: workspace | ||
- _id: req_01d6681fd6434cc7a75c8c4e3deee713 | ||
parentId: wrk_78f64a950d1248599ddbfcb2dbe4a4e0 | ||
modified: 1733953775398 | ||
created: 1733953597632 | ||
url: "{{_.srvr}}/protected/pets/2" | ||
name: pet 2 with url var | ||
description: "" | ||
method: GET | ||
body: {} | ||
parameters: [] | ||
headers: | ||
- name: User-Agent | ||
value: insomnia/10.2.1-beta.1 | ||
authentication: {} | ||
preRequestScript: console.log("yeehaw") | ||
metaSortKey: -1732678181446 | ||
isPrivate: false | ||
pathParameters: [] | ||
settingStoreCookies: true | ||
settingSendCookies: true | ||
settingDisableRenderRequestBody: false | ||
settingEncodeUrl: true | ||
settingRebuildPath: true | ||
settingFollowRedirects: global | ||
_type: request | ||
- _id: env_1140e4f10f8a7e3ae858474a594d0bc440e35c99 | ||
parentId: wrk_78f64a950d1248599ddbfcb2dbe4a4e0 | ||
modified: 1733953690814 | ||
created: 1733930502551 | ||
name: Base Environment | ||
data: | ||
srvr: https://localhost:4011 | ||
dataPropertyOrder: | ||
"&": | ||
- srvr | ||
color: null | ||
isPrivate: false | ||
metaSortKey: 1733930502551 | ||
environmentType: kv | ||
kvPairData: | ||
- id: envPair_6117101ea3704c85bc3deab101603717 | ||
name: srvr | ||
value: https://localhost:4011 | ||
type: str | ||
enabled: true | ||
_type: environment | ||
- _id: jar_1140e4f10f8a7e3ae858474a594d0bc440e35c99 | ||
parentId: wrk_78f64a950d1248599ddbfcb2dbe4a4e0 | ||
modified: 1733953690813 | ||
created: 1733930502552 | ||
name: Default Jar | ||
cookies: [] | ||
_type: cookie_jar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
import express, { NextFunction, Response } from 'express'; | ||
|
||
export const mtlsRouter = express.Router(); | ||
|
||
mtlsRouter.use(clientCertificateAuth); | ||
|
||
async function clientCertificateAuth(req: any, res: Response, next: NextFunction) { | ||
if (!req.client.authorized) { | ||
return res.status(401).send({ error: 'Client certificate required' }); | ||
} | ||
|
||
next(); | ||
} | ||
|
||
mtlsRouter.get('/pets/:id', (req, res) => { | ||
res.status(200).send({ id: req.params.id }); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
|
||
import path from 'node:path'; | ||
|
||
import { expect } from '@playwright/test'; | ||
|
||
import { getFixturePath, loadFixture } from '../../playwright/paths'; | ||
import { test } from '../../playwright/test'; | ||
|
||
test('can use client certificate for mTLS', async ({ app, page }) => { | ||
const statusTag = page.locator('[data-testid="response-status-tag"]:visible'); | ||
const responseBody = page.locator('[data-testid="response-pane"] >> [data-testid="CodeEditor"]:visible', { | ||
has: page.locator('.CodeMirror-activeline'), | ||
}); | ||
|
||
const clientCertsCollectionText = await loadFixture('client-certs.yaml'); | ||
await app.evaluate(async ({ clipboard }, text) => clipboard.writeText(text), clientCertsCollectionText); | ||
|
||
await page.getByLabel('Import').click(); | ||
await page.locator('[data-test-id="import-from-clipboard"]').click(); | ||
await page.getByRole('button', { name: 'Scan' }).click(); | ||
await page.getByRole('dialog').getByRole('button', { name: 'Import' }).click(); | ||
await page.getByLabel('client-certs').click(); | ||
|
||
await page.getByLabel('Request Collection').getByTestId('pet 2 with url var').press('Enter'); | ||
|
||
await page.getByRole('button', { name: 'Send', exact: true }).click(); | ||
await page.getByText('Error: SSL peer certificate or SSH remote key was not OK').click(); | ||
|
||
const fixturePath = getFixturePath('certificates'); | ||
|
||
await page.getByRole('button', { name: 'Add Certificates' }).click(); | ||
|
||
let fileChooser = page.waitForEvent('filechooser'); | ||
await page.getByRole('button', { name: 'Add CA Certificate' }).click(); | ||
await (await fileChooser).setFiles(path.join(fixturePath, 'rootCA.pem')); | ||
|
||
await page.getByRole('button', { name: 'Done' }).click(); | ||
await page.getByRole('button', { name: 'Send', exact: true }).click(); | ||
|
||
await expect(statusTag).toContainText('401 Unauthorized'); | ||
await expect(responseBody).toContainText('Client certificate required'); | ||
|
||
await page.getByRole('button', { name: 'Add Certificates' }).click(); | ||
await page.getByRole('button', { name: 'Add client certificate' }).click(); | ||
await page.locator('[name="host"]').fill('localhost'); | ||
|
||
fileChooser = page.waitForEvent('filechooser'); | ||
await page.locator('[data-test-id="add-client-certificate-file-chooser"]').click(); | ||
await (await fileChooser).setFiles(path.join(fixturePath, 'client.crt')); | ||
|
||
fileChooser = page.waitForEvent('filechooser'); | ||
await page.locator('[data-test-id="add-client-certificate-key-file-chooser"]').click(); | ||
await (await fileChooser).setFiles(path.join(fixturePath, 'client.key')); | ||
|
||
await page.getByRole('button', { name: 'Add certificate' }).click(); | ||
await page.getByRole('button', { name: 'Done' }).click(); | ||
|
||
await page.getByRole('button', { name: 'Send', exact: true }).click(); | ||
|
||
await expect(statusTag).toContainText('200 OK'); | ||
await expect(responseBody).toContainText('"id": "2"'); | ||
|
||
// ensure disabling the cert actually disables it | ||
await page.getByRole('button', { name: 'Add Certificates' }).click(); | ||
await page.locator('[data-test-id="client-certificate-toggle"]').click(); | ||
await page.getByRole('button', { name: 'Done' }).click(); | ||
await page.getByLabel('Request Collection').getByTestId('pet 2').press('Enter'); | ||
|
||
await page.getByRole('button', { name: 'Send', exact: true }).click(); | ||
await expect(statusTag).toContainText('401 Unauthorized'); | ||
await expect(responseBody).toContainText('Client certificate required'); | ||
|
||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters