infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-14 04:14:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

webmail: rename query string param "token" to "singleUseToken" to be less scary in access logs

Browse Source 
these singleusetokens can be redeemed once. so when you see it in the logs, it
can't be used again. they are short-lived anyway.

this change should help prevent me periodically investigating token handling...
This commit is contained in:
Mechiel Lukkien
2024-08-23 15:08:27 +02:00
parent a977082b89
commit 594182aae5
10 changed files with 35 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
webmail/view_test.go
View File

@ -131,13 +131,13 @@ func TestView(t *testing.T) {
}
}
testFail("POST", eventsURL+"?token="+tokens[0]+"&request="+string(requestJSON), http.StatusMethodNotAllowed) // Must be GET.
testFail("GET", eventsURL, http.StatusBadRequest) // Missing token.
testFail("GET", eventsURL+"?token="+tokens[0]+"&request="+string(requestJSON), http.StatusBadRequest) // Bad (old) token.
testFail("GET", eventsURL+"?token="+tokens[len(tokens)-5]+"&request=bad", http.StatusBadRequest) // Bad request.
testFail("POST", eventsURL+"?singleUseToken="+tokens[0]+"&request="+string(requestJSON), http.StatusMethodNotAllowed) // Must be GET.
testFail("GET", eventsURL, http.StatusBadRequest) // Missing token.
testFail("GET", eventsURL+"?singleUseToken="+tokens[0]+"&request="+string(requestJSON), http.StatusBadRequest) // Bad (old) token.
testFail("GET", eventsURL+"?singleUseToken="+tokens[len(tokens)-5]+"&request=bad", http.StatusBadRequest) // Bad request.
// Start connection for testing and filters below.
req, err := http.NewRequest("GET", eventsURL+"?token="+tokens[len(tokens)-1]+"&request="+string(requestJSON), nil)
req, err := http.NewRequest("GET", eventsURL+"?singleUseToken="+tokens[len(tokens)-1]+"&request="+string(requestJSON), nil)
tcheck(t, err, "making request")
resp, err := http.DefaultClient.Do(req)
tcheck(t, err, "http transaction")
@ -168,7 +168,7 @@ func TestView(t *testing.T) {
}
// Can only use a token once.
testFail("GET", eventsURL+"?token="+tokens[len(tokens)-1]+"&request=bad", http.StatusBadRequest)
testFail("GET", eventsURL+"?singleUseToken="+tokens[len(tokens)-1]+"&request=bad", http.StatusBadRequest)
// Check a few initial query/page combinations.
testConn := func(token, more string, request Request, check func(EventStart, eventReader)) {
@ -176,7 +176,7 @@ func TestView(t *testing.T) {
reqJSON, err := json.Marshal(request)
tcheck(t, err, "marshal request json")
req, err := http.NewRequest("GET", eventsURL+"?token="+token+more+"&request="+string(reqJSON), nil)
req, err := http.NewRequest("GET", eventsURL+"?singleUseToken="+token+more+"&request="+string(reqJSON), nil)
tcheck(t, err, "making request")
resp, err := http.DefaultClient.Do(req)
tcheck(t, err, "http transaction")