Add referer to password login

client.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"strings"
 
 	krb5client "github.com/jcmturner/gokrb5/v8/client"
 	krb5config "github.com/jcmturner/gokrb5/v8/config"
@@ -81,9 +82,17 @@ func (c *Client) login() error {
 		"password": []string{c.password},
 	}
 	// Authenticate using standard credentials with the http client.
-	res, e := c.client.PostForm(c.uriBase+"/session/login_password", data)
+	req, err := http.NewRequest("POST", c.uriBase+"/session/login_password", strings.NewReader(data.Encode()))
-	if e != nil {
+	if err != nil {
-		return e
+		return fmt.Errorf("error building login request: %s", err)
+	}
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Referer", c.uriBase)
+
+	// Perform the login request.
+	res, err := c.client.Do(req)
+	if err != nil {
+		return err
 	}
 
 	// If an error occurs, provide details if possible on why.

client_test.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"net"
 	"net/http"
 	"os"
 	"testing"
@@ -53,9 +54,9 @@ func handleLogin(w http.ResponseWriter, req *http.Request) {
 	}
 }
 
-// General invalid json error response for testing error handling.
+// Send JSON file to HTTP request.
-func sendInvalidJSON(w http.ResponseWriter) {
+func sendJSONFile(w http.ResponseWriter, filePath string) {
-	f, err := os.Open("test/invalid_json.json")
+	f, err := os.Open(filePath)
 	if err != nil {
 		log.Fatalln(err)
 	}
@@ -63,6 +64,11 @@ func sendInvalidJSON(w http.ResponseWriter) {
 	io.Copy(w, f)
 }
 
+// General invalid json error response for testing error handling.
+func sendInvalidJSON(w http.ResponseWriter) {
+	sendJSONFile(w, "test/invalid_json.json")
+}
+
 // Handle the json session test request.
 func handleJSON(w http.ResponseWriter, req *http.Request) {
 	// If session cookie doesn't exist, something is wrong. Send unauthenticated response.
@@ -87,20 +93,10 @@ func handleJSON(w http.ResponseWriter, req *http.Request) {
 	// For testing, we'll consider user_add/user_find as an accepted method, all others will error.
 	if res.Method == "user_add" {
 		// Send user add response data.
-		f, err := os.Open("test/user_add_response.json")
+		sendJSONFile(w, "test/user_add_response.json")
-		if err != nil {
-			log.Fatalln(err)
-		}
-		defer f.Close()
-		io.Copy(w, f)
 	} else if res.Method == "user_find" {
 		// Send user add response data.
-		f, err := os.Open("test/user_find_response.json")
+		sendJSONFile(w, "test/user_find_response.json")
-		if err != nil {
-			log.Fatalln(err)
-		}
-		defer f.Close()
-		io.Copy(w, f)
 	} else {
 		// An unexpected method received for testing, send error message.
 		sendInvalidJSON(w)
@@ -108,19 +104,25 @@ func handleJSON(w http.ResponseWriter, req *http.Request) {
 }
 
 // General library tests with test server.
-func TestLogin(t *testing.T) {
+func TestClient(t *testing.T) {
 	// Spin up test server using port specified above.
 	srvAddr := fmt.Sprintf("127.0.0.1:%d", httpsPort)
 	http.HandleFunc("/ipa/session/login_password", handleLogin)
 	http.HandleFunc("/ipa/session/json", handleJSON)
+	isListening := make(chan bool)
 	go func() {
-		err := http.ListenAndServeTLS(srvAddr, "test/cert.pem", "test/key.pem", nil)
+		l, err := net.Listen("tcp", srvAddr)
 		if err != nil {
-			log.Fatal("ListenAndServe: ", err)
+			log.Fatal("Listen: ", err)
+		}
+		isListening <- true
+		err = http.ServeTLS(l, nil, "test/cert.pem", "test/key.pem")
+		if err != nil {
+			log.Fatal("Serve: ", err)
 		}
 	}()
 	// Allow the http server to initialize.
-	time.Sleep(100 * time.Millisecond)
+	<-isListening
 
 	// Test server has a self signed certificate, ignore invalid certs.
 	transportConfig := &http.Transport{