Commit bca5b24f authored by Miguel Rincon's avatar Miguel Rincon

Merge branch 'djadmin-hot-fix-redirect-url-check' into 'master'

Fix DAST Profile redirection on save

See merge request gitlab-org/gitlab!64071
parents b94a562a 746edbd6
...@@ -6,12 +6,18 @@ import { ...@@ -6,12 +6,18 @@ import {
getBaseURL, getBaseURL,
} from '~/lib/utils/url_utility'; } from '~/lib/utils/url_utility';
const getReferrerPath = (referrer) => {
if (!referrer) return '';
return new URL(referrer).pathname;
};
export const returnToPreviousPageFactory = ({ export const returnToPreviousPageFactory = ({
allowedPaths, allowedPaths,
profilesLibraryPath, profilesLibraryPath,
urlParamKey, urlParamKey,
}) => ({ id } = {}) => { }) => ({ id } = {}) => {
const redirectPath = allowedPaths.find((path) => document.referrer?.includes(path)); const referrerPath = getReferrerPath(document.referrer);
const redirectPath = allowedPaths.find((allowedPath) => referrerPath === allowedPath);
// when previous page is not an allowed path // when previous page is not an allowed path
if (!redirectPath) return redirectTo(profilesLibraryPath); if (!redirectPath) return redirectTo(profilesLibraryPath);
......
...@@ -2,24 +2,28 @@ import { returnToPreviousPageFactory } from 'ee/security_configuration/dast_prof ...@@ -2,24 +2,28 @@ import { returnToPreviousPageFactory } from 'ee/security_configuration/dast_prof
import { TEST_HOST } from 'helpers/test_constants'; import { TEST_HOST } from 'helpers/test_constants';
import * as urlUtility from '~/lib/utils/url_utility'; import * as urlUtility from '~/lib/utils/url_utility';
const fullPath = 'group/project'; const fullPath = '/group/project';
const profilesLibraryPath = `${TEST_HOST}/${fullPath}/-/security/configuration/dast_scans`; const profilesLibraryPath = `${fullPath}/-/security/configuration/dast_scans`;
const onDemandScansPath = `${TEST_HOST}/${fullPath}/-/on_demand_scans`; const onDemandScansPath = `${fullPath}/-/on_demand_scans`;
const dastConfigPath = `${TEST_HOST}/${fullPath}/-/security/configuration/dast`; const dastConfigPath = `${fullPath}/-/security/configuration/dast`;
const urlParamKey = 'site_profile_id'; const urlParamKey = 'site_profile_id';
const originalReferrer = document.referrer; const originalReferrer = document.referrer;
const allowedPaths = [onDemandScansPath, dastConfigPath];
const disallowedPaths = [profilesLibraryPath, fullPath];
const defaultRedirectionPath = profilesLibraryPath;
const params = { const params = {
allowedPaths: [onDemandScansPath, dastConfigPath], allowedPaths,
profilesLibraryPath, profilesLibraryPath: defaultRedirectionPath,
urlParamKey, urlParamKey,
}; };
const factory = (id) => returnToPreviousPageFactory(params)(id); const factory = (id) => returnToPreviousPageFactory(params)(id);
const setReferrer = (value = onDemandScansPath) => { const setReferrer = (value) => {
Object.defineProperty(document, 'referrer', { Object.defineProperty(document, 'referrer', {
value, value: new URL(value, TEST_HOST).href,
configurable: true, configurable: true,
}); });
}; };
...@@ -34,15 +38,24 @@ describe('DAST Profiles redirector', () => { ...@@ -34,15 +38,24 @@ describe('DAST Profiles redirector', () => {
jest.spyOn(urlUtility, 'redirectTo').mockImplementation(); jest.spyOn(urlUtility, 'redirectTo').mockImplementation();
}); });
it('default - redirects to profile library page', () => { describe('redirects to default page', () => {
it('when no referrer is present', () => {
factory();
expect(urlUtility.redirectTo).toHaveBeenCalledWith(defaultRedirectionPath);
});
it.each(disallowedPaths)('when previous path is %s', (path) => {
setReferrer(path);
factory(); factory();
expect(urlUtility.redirectTo).toHaveBeenCalledWith(profilesLibraryPath); expect(urlUtility.redirectTo).toHaveBeenCalledWith(defaultRedirectionPath);
resetReferrer();
});
}); });
describe.each([ describe('redirects to previous page', () => {
['On-demand scans', onDemandScansPath], describe.each(allowedPaths)('when previous path is %s', (path) => {
['DAST Configuration', dastConfigPath],
])('when previous page is %s', (_pathName, path) => {
beforeEach(() => { beforeEach(() => {
setReferrer(path); setReferrer(path);
}); });
...@@ -51,14 +64,17 @@ describe('DAST Profiles redirector', () => { ...@@ -51,14 +64,17 @@ describe('DAST Profiles redirector', () => {
resetReferrer(); resetReferrer();
}); });
it('redirects to previous page', () => { it('without params', () => {
factory(); factory();
expect(urlUtility.redirectTo).toHaveBeenCalledWith(path); expect(urlUtility.redirectTo).toHaveBeenCalledWith(path);
}); });
it('redirects to previous page with id', () => { it('with params', () => {
factory({ id: 2 }); factory({ id: 2 });
expect(urlUtility.redirectTo).toHaveBeenCalledWith(`${path}?site_profile_id=2`); expect(urlUtility.redirectTo).toHaveBeenCalledWith(
`${TEST_HOST}${path}?site_profile_id=2`,
);
});
}); });
}); });
}); });
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment