Merge pull request #6581 from jbudz/issues/6127

short url: ensure absolute path isn't persisted
2016-03-22 14:38:13 -04:00 · 2016-03-22 14:38:13 -04:00 · d66df55a5f
parent 8052a97cd2 a612a0ed95
commit d66df55a5f
3 changed files with 210 additions and 34 deletions
--- a/src/server/http/tests/index.js
+++ b/src/server/http/tests/index.js
@ -1,41 +1,87 @@
 import expect from 'expect.js';
 import * as kbnTestServer from '../../../../test/utils/kbn_server';
+import fromRoot from '../../../utils/from_root';
+
+describe('routes', function () {
+  this.slow(10000);
+  this.timeout(60000);

-describe('cookie validation', function () {
  let kbnServer;
  beforeEach(function () {
-    kbnServer = kbnTestServer.createServer();
+    kbnServer = kbnTestServer.createServer({
+      plugins: {
+        scanDirs: [
+          fromRoot('src/plugins')
+        ]
+      }
+    });
    return kbnServer.ready();
  });
  afterEach(function () {
    return kbnServer.close();
  });

-  it('allows non-strict cookies', function (done) {
-    const options = {
-      method: 'GET',
-      url: '/',
-      headers: {
-        cookie: 'test:80=value;test_80=value'
-      }
-    };
-    kbnTestServer.makeRequest(kbnServer, options, (res) => {
-      expect(res.payload).not.to.contain('Invalid cookie header');
-      done();
+  describe('cookie validation', function () {
+    it('allows non-strict cookies', function (done) {
+      const options = {
+        method: 'GET',
+        url: '/',
+        headers: {
+          cookie: 'test:80=value;test_80=value'
+        }
+      };
+      kbnTestServer.makeRequest(kbnServer, options, (res) => {
+        expect(res.payload).not.to.contain('Invalid cookie header');
+        done();
+      });
+    });
+
+    it('returns an error if the cookie can\'t be parsed', function (done) {
+      const options = {
+        method: 'GET',
+        url: '/',
+        headers: {
+          cookie: 'a'
+        }
+      };
+      kbnTestServer.makeRequest(kbnServer, options, (res) =>  {
+        expect(res.payload).to.contain('Invalid cookie header');
+        done();
+      });
    });
  });

-  it('returns an error if the cookie can\'t be parsed', function (done) {
-    const options = {
-      method: 'GET',
-      url: '/',
-      headers: {
-        cookie: 'a'
+  describe('url shortener', () => {
+    const shortenOptions = {
+      method: 'POST',
+      url: '/shorten',
+      payload: {
+        url: '/app/kibana#/visualize/create'
      }
    };
-    kbnTestServer.makeRequest(kbnServer, options, (res) =>  {
-      expect(res.payload).to.contain('Invalid cookie header');
-      done();
+
+    it('generates shortened urls', (done) => {
+      kbnTestServer.makeRequest(kbnServer, shortenOptions, (res) => {
+        expect(typeof res.payload).to.be('string');
+        expect(res.payload.length > 0).to.be(true);
+        done();
+      });
    });
+
+    it('redirects shortened urls', (done) => {
+      kbnTestServer.makeRequest(kbnServer, shortenOptions, (res) => {
+        const gotoOptions = {
+          method: 'GET',
+          url: '/goto/' + res.payload
+        };
+        kbnTestServer.makeRequest(kbnServer, gotoOptions, (res) => {
+          expect(res.statusCode).to.be(302);
+          expect(res.headers.location).to.be(shortenOptions.payload.url);
+          done();
+        });
+      });
+    });
+
  });
+
 });
--- a/src/ui/public/share/tests/url_shortener.js
+++ b/src/ui/public/share/tests/url_shortener.js
@ -0,0 +1,124 @@
+import _ from 'lodash';
+import sinon from 'sinon';
+import expect from 'expect.js';
+import ngMock from 'ng_mock';
+import chrome from 'ui/chrome';
+import LibUrlShortenerProvider from 'ui/share/lib/url_shortener';
+
+describe('Url shortener', () => {
+  let $rootScope;
+  let $location;
+  let $http;
+  let urlShortener;
+  let $httpBackend;
+  const shareId = 'id123';
+
+  beforeEach(ngMock.module('kibana'));
+  beforeEach(ngMock.inject(function (_$rootScope_, _$location_, _$httpBackend_, Private) {
+    $location = _$location_;
+    $rootScope = _$rootScope_;
+    $httpBackend = _$httpBackend_;
+    urlShortener = Private(LibUrlShortenerProvider);
+  }));
+
+  describe('Shorten without base path', () => {
+    it('should shorten urls with a port', function (done) {
+      $httpBackend.when('POST', '/shorten').respond(function (type, route, data) {
+        expect(JSON.parse(data).url).to.be('/app/kibana#123');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl('http://localhost:5601/app/kibana#123').then(function (url) {
+        expect(url).to.be(`http://localhost:5601/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    it('should shorten urls without a port', function (done) {
+      $httpBackend.when('POST', '/shorten').respond(function (type, route, data) {
+        expect(JSON.parse(data).url).to.be('/app/kibana#123');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl('http://localhost/app/kibana#123').then(function (url) {
+        expect(url).to.be(`http://localhost/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+  });
+
+  describe('Shorten with base path', () => {
+    const basePath = '/foo';
+
+    let getBasePath;
+    beforeEach(ngMock.inject((Private) => {
+      getBasePath = sinon.stub(chrome, 'getBasePath', () => basePath);
+      urlShortener = Private(LibUrlShortenerProvider);
+    }));
+
+    it('should shorten urls with a port', (done) => {
+      $httpBackend.when('POST', `${basePath}/shorten`).respond((type, route, data) => {
+        expect(JSON.parse(data).url).to.be('/app/kibana#123');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl(`http://localhost:5601${basePath}/app/kibana#123`).then((url) => {
+        expect(url).to.be(`http://localhost:5601${basePath}/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    it('should shorten urls without a port', (done) => {
+      $httpBackend.when('POST', `${basePath}/shorten`).respond((type, route, data) => {
+        expect(JSON.parse(data).url).to.be('/app/kibana#123');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl(`http://localhost${basePath}/app/kibana#123`).then((url) => {
+        expect(url).to.be(`http://localhost${basePath}/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    it('should shorten urls with a query string', (done) => {
+      $httpBackend.when('POST', `${basePath}/shorten`).respond((type, route, data) => {
+        expect(JSON.parse(data).url).to.be('/app/kibana?foo#123');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl(`http://localhost${basePath}/app/kibana?foo#123`).then((url) => {
+        expect(url).to.be(`http://localhost${basePath}/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    it('should shorten urls without a hash', (done) => {
+      $httpBackend.when('POST', `${basePath}/shorten`).respond((type, route, data) => {
+        expect(JSON.parse(data).url).to.be('/app/kibana');
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl(`http://localhost${basePath}/app/kibana`).then((url) => {
+        expect(url).to.be(`http://localhost${basePath}/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    it('should shorten urls with a query string in the hash', (done) => {
+      const relativeUrl = "/app/kibana#/discover?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-15m,mode:quick,to:now))&_a=(columns:!(_source),index:%27logstash-*%27,interval:auto,query:(query_string:(analyze_wildcard:!t,query:%27*%27)),sort:!(%27@timestamp%27,desc))"; //eslint-disable-line max-len, quotes
+      $httpBackend.when('POST', `${basePath}/shorten`).respond((type, route, data) => {
+        expect(JSON.parse(data).url).to.be(relativeUrl);
+        return [200, shareId];
+      });
+      urlShortener.shortenUrl(`http://localhost${basePath}${relativeUrl}`).then((url) => {
+        expect(url).to.be(`http://localhost${basePath}/goto/${shareId}`);
+        done();
+      });
+      $httpBackend.flush();
+    });
+
+    afterEach(() => {
+      getBasePath.restore();
+    });
+  });
+});
--- a/src/ui/public/share/lib/url_shortener.js
+++ b/src/ui/public/share/lib/url_shortener.js
@ -1,24 +1,30 @@
 import chrome from 'ui/chrome';
+import url from 'url';

 export default function createUrlShortener(Notifier, $http, $location) {
  const notify = new Notifier({
    location: 'Url Shortener'
  });
-  const basePath = chrome.getBasePath();
-  const baseUrl = `${$location.protocol()}://${$location.host()}:${$location.port()}${basePath}`;

-  async function shortenUrl(url) {
-    const relativeUrl = url.replace(baseUrl, '');
+  function shortenUrl(absoluteUrl) {
+    const basePath = chrome.getBasePath();
+
+    const parsedUrl = url.parse(absoluteUrl);
+    const path = parsedUrl.path.replace(basePath, '');
+    const hash = parsedUrl.hash ? parsedUrl.hash : '';
+    const relativeUrl = path + hash;
+
    const formData = { url: relativeUrl };

-    try {
-      const result = await $http.post(`${basePath}/shorten`, formData);
-
-      return `${baseUrl}/goto/${result.data}`;
-    } catch (err) {
-      notify.error(err);
-      throw err;
-    }
+    return $http.post(`${basePath}/shorten`, formData).then((result) => {
+      return url.format({
+        protocol: parsedUrl.protocol,
+        host: parsedUrl.host,
+        pathname: `${basePath}/goto/${result.data}`
+      });
+    }).catch((response) => {
+      notify.error(response);
+    });
  }

  return {