NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit4deef6c

committed

Extract auth code helper

1 parent19c3288 commit4deef6cCopy full SHA for 4deef6c

File tree

2 files changed

+59

-27

lines changed

coderd/coderdtest/oidctest
- helper.go
- idp.go

2 files changed

+59

-27

lines changed

`‎coderd/coderdtest/oidctest/helper.go`

Lines changed: 51 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,17 @@`
`1`	`1`	`package oidctest`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+"context"`
`4`	`5`	`"database/sql"`
`5`	`6`	`"encoding/json"`
`6`	`7`	`"net/http"`
	`8`	`+"net/url"`
`7`	`9`	`"testing"`
`8`	`10`	`"time"`
`9`	`11`
`10`	`12`	`"github.com/golang-jwt/jwt/v4"`
`11`	`13`	`"github.com/stretchr/testify/require"`
	`14`	`+"golang.org/x/xerrors"`
`12`	`15`
`13`	`16`	`"github.com/coder/coder/v2/coderd/database"`
`14`	`17`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`@@ -114,3 +117,51 @@ func (h LoginHelper) ForceRefresh(t testing.T, db database.Store, user *coders`
`114`	`117`	`_,err:=user.User(testutil.Context(t,testutil.WaitShort),"me")`
`115`	`118`	`require.NoError(t,err,"user must be able to be fetched")`
`116`	`119`	`}`
	`120`	`+`
	`121`	`+// OAuth2GetCode emulates a user clicking "allow" on the IDP page. When doing`
	`122`	`+// unit tests, it's easier to skip this step sometimes. It does make an actual`
	`123`	`+// request to the IDP, so it should be equivalent to doing this "manually" with`
	`124`	`+// actual requests.`
	`125`	`+//`
	`126`	`+// TODO: Is state param optional? Can we grab it from the authURL?`
	`127`	`+funcOAuth2GetCode(authURLstring,statestring,doRequestfunc(reqhttp.Request) (http.Response,error)) (string,error) {`
	`128`	`+// We need to store some claims, because this is also an OIDC provider, and`
	`129`	`+// it expects some claims to be present.`
	`130`	`+// TODO: POST or GET method?`
	`131`	`+r,err:=http.NewRequestWithContext(context.Background(),http.MethodGet,authURL,nil)`
	`132`	`+iferr!=nil {`
	`133`	`+return"",xerrors.Errorf("failed to create auth request: %w",err)`
	`134`	`+}`
	`135`	`+`
	`136`	`+expCode:=http.StatusTemporaryRedirect`
	`137`	`+resp,err:=doRequest(r)`
	`138`	`+iferr!=nil {`
	`139`	`+return"",xerrors.Errorf("request: %w",err)`
	`140`	`+}`
	`141`	`+deferresp.Body.Close()`
	`142`	`+`
	`143`	`+ifresp.StatusCode!=expCode {`
	`144`	`+return"",codersdk.ReadBodyAsError(resp)`
	`145`	`+}`
	`146`	`+`
	`147`	`+to:=resp.Header.Get("Location")`
	`148`	`+ifto=="" {`
	`149`	`+return"",xerrors.Errorf("expected redirect location")`
	`150`	`+}`
	`151`	`+`
	`152`	`+toURL,err:=url.Parse(to)`
	`153`	`+iferr!=nil {`
	`154`	`+return"",xerrors.Errorf("failed to parse redirect location: %w",err)`
	`155`	`+}`
	`156`	`+`
	`157`	`+code:=toURL.Query().Get("code")`
	`158`	`+ifcode=="" {`
	`159`	`+return"",xerrors.Errorf("expected code in redirect location")`
	`160`	`+}`
	`161`	`+`
	`162`	`+newState:=toURL.Query().Get("state")`
	`163`	`+ifnewState!=state {`
	`164`	`+return"",xerrors.Errorf("expected state %q, got %q",state,newState)`
	`165`	`+}`
	`166`	`+returncode,nil`
	`167`	`+}`

`‎coderd/coderdtest/oidctest/idp.go`

Lines changed: 8 additions & 27 deletions

Original file line number	Diff line number	Diff line change
`@@ -471,37 +471,18 @@ func (f FakeIDP) ExternalLogin(t testing.TB, client codersdk.Client, opts ...f`
`471`	`471`	`// unit tests, it's easier to skip this step sometimes. It does make an actual`
`472`	`472`	`// request to the IDP, so it should be equivalent to doing this "manually" with`
`473`	`473`	`// actual requests.`
`474`		`-func (fFakeIDP)CreateAuthCode(t testing.TB,statestring,opts...func(rhttp.Request))string {`
	`474`	`+func (f*FakeIDP)CreateAuthCode(t testing.TB,statestring)string {`
`475`	`475`	`// We need to store some claims, because this is also an OIDC provider, and`
`476`	`476`	`// it expects some claims to be present.`
`477`	`477`	`f.stateToIDTokenClaims.Store(state, jwt.MapClaims{})`
`478`	`478`
`479`		`-u:=f.cfg.AuthCodeURL(state)`
`480`		`-r,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,u,nil)`
`481`		`-require.NoError(t,err,"failed to create auth request")`
`482`		`-`
`483`		`-for_,opt:=rangeopts {`
`484`		`-opt(r)`
`485`		`-}`
`486`		`-`
`487`		`-rw:=httptest.NewRecorder()`
`488`		`-f.handler.ServeHTTP(rw,r)`
`489`		`-resp:=rw.Result()`
`490`		`-deferresp.Body.Close()`
`491`		`-`
`492`		`-require.Equal(t,http.StatusTemporaryRedirect,resp.StatusCode,"expected redirect")`
`493`		`-to:=resp.Header.Get("Location")`
`494`		`-require.NotEmpty(t,to,"expected redirect location")`
`495`		`-`
`496`		`-toURL,err:=url.Parse(to)`
`497`		`-require.NoError(t,err,"failed to parse redirect location")`
`498`		`-`
`499`		`-code:=toURL.Query().Get("code")`
`500`		`-require.NotEmpty(t,code,"expected code in redirect location")`
`501`		`-`
`502`		`-newState:=toURL.Query().Get("state")`
`503`		`-require.Equal(t,state,newState,"expected state to match")`
`504`		`-`
	`479`	`+code,err:=OAuth2GetCode(f.cfg.AuthCodeURL(state),state,func(reqhttp.Request) (http.Response,error) {`
	`480`	`+rw:=httptest.NewRecorder()`
	`481`	`+f.handler.ServeHTTP(rw,req)`
	`482`	`+resp:=rw.Result()`
	`483`	`+returnresp,nil`
	`484`	`+})`
	`485`	`+require.NoError(t,err,"failed to get auth code")`
`505`	`486`	`returncode`
`506`	`487`	`}`
`507`	`488`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4deef6c

File tree

2 files changed

2 files changed

`‎coderd/coderdtest/oidctest/helper.go`

`‎coderd/coderdtest/oidctest/idp.go`

0 commit comments