fix: incorrect https warning on credential flow (#972)

go-resty · Feb 8, 2025 · e158f04 · e158f04
1 parent 51c16e1
commit e158f04
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 3 deletions.
diff --git a/client_test.go b/client_test.go
@@ -933,7 +933,7 @@ func TestClientLogCallbacks(t *testing.T) {
 		Get(ts.URL + "/profile")
 	assertNil(t, err)
 	assertNotNil(t, resp)
-	assertEqual(t, int64(50), resp.Size())
+	assertEqual(t, int64(66), resp.Size())
 	assertEqual(t, true, strings.Contains(lb.String(), "Overwriting an existing on-debug-log callback from=resty.dev/v3.TestClientLogCallbacks.func1 to=resty.dev/v3.TestClientLogCallbacks.func2"))
 }
 

diff --git a/middleware.go b/middleware.go
@@ -286,7 +286,7 @@ func addCredentials(c *Client, r *Request) error {
 	}
 
 	if !c.IsDisableWarn() && credentialsAdded {
-		if strings.HasPrefix(r.URL, "http") {
+		if r.RawRequest.URL.Scheme == "http" {
 			r.log.Warnf("Using sensitive credentials in HTTP mode is not secure. Use HTTPS")
 		}
 	}

diff --git a/request_test.go b/request_test.go
@@ -2381,6 +2381,43 @@ func TestRequestFuncs(t *testing.T) {
 	assertEqual(t, "TestGet: text response", resp.String())
 }
 
+func TestHTTPWarnGH970(t *testing.T) {
+	lookupText := "Using sensitive credentials in HTTP mode is not secure. Use HTTPS"
+
+	t.Run("SSL used", func(t *testing.T) {
+		ts := createAuthServerTLSOptional(t, true)
+		defer ts.Close()
+
+		c, lb := dcldb()
+		c.SetBaseURL(ts.URL).
+			SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
+
+		res, err := c.R().
+			SetAuthToken("004DDB79-6801-4587-B976-F093E6AC44FF").
+			Get("/profile")
+
+		assertNil(t, err)
+		assertEqual(t, true, strings.Contains(res.String(), "profile fetch successful"))
+		assertEqual(t, false, strings.Contains(lb.String(), lookupText))
+	})
+
+	t.Run("non-SSL used", func(t *testing.T) {
+		ts := createAuthServerTLSOptional(t, false)
+		defer ts.Close()
+
+		c, lb := dcldb()
+		c.SetBaseURL(ts.URL)
+
+		res, err := c.R().
+			SetAuthToken("004DDB79-6801-4587-B976-F093E6AC44FF").
+			Get("/profile")
+
+		assertNil(t, err)
+		assertEqual(t, true, strings.Contains(res.String(), "profile fetch successful"))
+		assertEqual(t, true, strings.Contains(lb.String(), lookupText))
+	})
+}
+
 // This test methods exist for test coverage purpose
 // to validate the getter and setter
 func TestRequestSettingsCoverage(t *testing.T) {

diff --git a/resty_test.go b/resty_test.go
@@ -546,7 +546,7 @@ func createAuthServerTLSOptional(t *testing.T, useTLS bool) *httptest.Server {
 				}
 
 				if strings.Contains(auth, "004DDB79-6801-4587-B976-F093E6AC44FF") {
-					_, _ = w.Write([]byte(`{ "id": "success", "message": "login successful" }`))
+					_, _ = w.Write([]byte(`{ "username": "auth_test", "message": "profile fetch successful" }`))
 				}
 			}
-Original file line number
+Diff line change
@@ Expand Up @@
     				}
     				if strings.Contains(auth, "004DDB79-6801-4587-B976-F093E6AC44FF") {
-    					_, _ = w.Write([]byte(`{ "id": "success", "message": "login successful" }`))
+    					_, _ = w.Write([]byte(`{ "username": "auth_test", "message": "profile fetch successful" }`))
     				}
     			}
@@ Expand Down @@