feat: add more test cases

supabase · Feb 15, 2024 · e3b4810 · e3b4810
1 parent 9918548
commit e3b4810
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -20,6 +20,11 @@ const defaultMinPasswordLength int = 6
 const defaultChallengeExpiryDuration float64 = 300
 const defaultFlowStateExpiryDuration time.Duration = 300 * time.Second
 
+const (
+	minimumSymmetricSecretLength  = 27
+	minimumAsymmetricSecretLength = 42
+)
+
 var postgresNamesRegexp = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_]{0,62}$`)
 var symmetricSecretFormat = regexp.MustCompile(`^v1,[\w\-]+$`)
 var asymmetricSecretFormat = regexp.MustCompile(`^v1a,[a-fA-F0-9]+;[a-fA-F0-9]+$`)
@@ -479,7 +484,7 @@ func (e *ExtensibilityPointConfiguration) ValidateExtensibilityPoint() error {
 	if err != nil {
 		return err
 	}
-	switch u.Scheme {
+	switch strings.ToLower(u.Scheme) {
 	case "pg-functions":
 		return validatePostgresPath(u)
 	case "https":
@@ -508,7 +513,8 @@ func validatePostgresPath(u *url.URL) error {
 }
 
 func isValidSecretFormat(secret string) bool {
-	return symmetricSecretFormat.MatchString(secret) || asymmetricSecretFormat.MatchString(secret)
+	return (symmetricSecretFormat.MatchString(secret) && len(secret) >= minimumSymmetricSecretLength) ||
+		(asymmetricSecretFormat.MatchString(secret) && len(secret) >= minimumAsymmetricSecretLength)
 }
 
 func validateHTTPSHookSecrets(secrets []string) error {

diff --git a/internal/conf/configuration_test.go b/internal/conf/configuration_test.go
@@ -106,12 +106,13 @@ func TestValidateExtensibilityPointURI(t *testing.T) {
 	}{
 		// Positive test cases
 		{desc: "Valid HTTPS URI", uri: "https://asdfgggqqwwerty.website.co/functions/v1/custom-sms-sender", expectError: false},
+		{desc: "Valid HTTPS URI", uri: "HTTPS://www.asdfgggqqwwerty.website.co/functions/v1/custom-sms-sender", expectError: false},
 		{desc: "Valid Postgres URI", uri: "pg-functions://postgres/auth/verification_hook_reject", expectError: false},
 		{desc: "Another Valid URI", uri: "pg-functions://postgres/user_management/add_user", expectError: false},
 		{desc: "Another Valid URI", uri: "pg-functions://postgres/MySpeCial/FUNCTION_THAT_YELLS_AT_YOU", expectError: false},
 
 		// Negative test cases
-		{desc: "Invalid HTTPS URI (HTTP)", uri: "http://asdfgggqqwwerty.supabase.co/functions/v1/custom-sms-sender", expectError: false},
+		{desc: "Invalid HTTPS URI (HTTP)", uri: "http://asdfgggqqwwerty.supabase.co/functions/v1/custom-sms-sender", expectError: true},
 		{desc: "Invalid Schema Name", uri: "pg-functions://postgres/123auth/verification_hook_reject", expectError: true},
 		{desc: "Invalid Function Name", uri: "pg-functions://postgres/auth/123verification_hook_reject", expectError: true},
 		{desc: "Insufficient Path Parts", uri: "pg-functions://postgres/auth", expectError: true},
@@ -136,12 +137,14 @@ func TestValidateExtensibilityPointSecrets(t *testing.T) {
 		expectError bool
 	}{
 		// Positive test cases
-		{desc: "Valid Symmetric Secret", secret: []string{""}, expectError: false},
-		{desc: "Valid Asymmetric Secret", secret: []string{""}, expectError: false},
+		// TODO: Transform this into whsec_ and whpk_ prefixed keys, need to base64 encode
+		{desc: "Valid Symmetric Secret", secret: []string{"v1,2b49264c90fd15db3bb0e05f4e1547b9c183eb06d585be8a"}, expectError: false},
+		{desc: "Valid Asymmetric Secret", secret: []string{"v1a,46388e564db59fca566307aac37c0d1d475c5dd52fd540caa0325c643317296f;abc889a6b1160015025064f108a48d6aba1c7c95fa8e304b4d225e8ae0121511"}, expectError: false},
+		{desc: "Valid Mix of Symmetric and asymmetric Secret", secret: []string{"v1,2b49264c90fd15db3bb0e05f4e1547b9c183eb06d585be8a", "v1a,46388e564db59fca566307aac37c0d1d475c5dd52fd540caa0325c643317296f;abc889a6b1160015025064f108a48d6aba1c7c95fa8e304b4d225e8ae0121511"}, expectError: false},
 
 		// Negative test cases
-		{desc: "Invalid Asymmetric Secret", secret: []string{"john", "jill"}, expectError: true},
-		{desc: "Invalid Symmetric Secret", secret: []string{""}, expectError: true},
+		{desc: "Invalid Asymmetric Secret", secret: []string{"v1a,john;jill", "jill"}, expectError: true},
+		{desc: "Invalid Symmetric Secret", secret: []string{"tommy"}, expectError: true},
 	}
 	for _, tc := range cases {
 		ep := ExtensibilityPointConfiguration{URI: validHTTPSURI, HTTPHookSecrets: tc.secret}