WebClient: validate PDF files before rendering

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-08 23:28:39 +03:00 · 2022-09-22 20:41:28 +02:00
parent 7ae9303c99
commit 4ad2a9c1fa
5 changed files with 183 additions and 6 deletions
--- a/internal/httpd/internal_test.go
+++ b/internal/httpd/internal_test.go
@@ -2231,6 +2231,13 @@ func TestWebUserInvalidClaims(t *testing.T) {
 	server.handleClientGetShares(rr, req)
 	assert.Equal(t, http.StatusForbidden, rr.Code)
 	assert.Contains(t, rr.Body.String(), "Invalid token claims")
+
+	rr = httptest.NewRecorder()
+	req, _ = http.NewRequest(http.MethodGet, webClientViewPDFPath, nil)
+	req.Header.Set("Cookie", fmt.Sprintf("jwt=%v", token["access_token"]))
+	server.handleClientGetPDF(rr, req)
+	assert.Equal(t, http.StatusForbidden, rr.Code)
+	assert.Contains(t, rr.Body.String(), "Invalid token claims")
 }

 func TestInvalidClaims(t *testing.T) {