NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit524aced

committed

add unit test

1 parentdb5a8aa commit524acedCopy full SHA for 524aced

File tree

3 files changed

+194

-188

lines changed

coderd
- userauth.go
- userauth_test.go
site/src/api
- typesGenerated.ts

3 files changed

+194

-188

lines changed

`‎coderd/userauth.go`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1061,11 +1061,15 @@ func (api *API) oidcGroups(ctx context.Context, mergedClaims map[string]interfac`
`1061`	`1061`	`}`
`1062`	`1062`
`1063`	`1063`	`if!inAllowList {`
	`1064`	`+detail:=fmt.Sprintf("Ask an administrator to add one of your groups to the whitelist: %s",strings.Join(groups,", "))`
	`1065`	`+iflen(groups)==0 {`
	`1066`	`+detail="You are currently not a member of any groups!"`
	`1067`	`+}`
`1064`	`1068`	`returnusingGroups,groups,&httpError{`
`1065`	`1069`	`code:http.StatusForbidden,`
`1066`		`-msg:"You aren'ta member of anauthorized group!",`
`1067`		`-detail:fmt.Sprintf("You must be a member of one of the following groups: %v",api.OIDCConfig.GroupAllowList),`
`1068`		`-renderStaticPage:false,`
	`1070`	`+msg:"Nota member of anallowed group",`
	`1071`	`+detail:detail,`
	`1072`	`+renderStaticPage:true,`
`1069`	`1073`	`}`
`1070`	`1074`	`}`
`1071`	`1075`	`}`

`‎coderd/userauth_test.go`

Lines changed: 186 additions & 185 deletions

Original file line number	Diff line number	Diff line change
`@@ -608,191 +608,192 @@ func TestUserOIDC(t *testing.T) {`
`608`	`608`	`StatusCodeint`
`609`	`609`	`IgnoreEmailVerifiedbool`
`610`	`610`	`IgnoreUserInfobool`
`611`		`-}{{`
`612`		`-Name:"EmailOnly",`
`613`		`-IDTokenClaims: jwt.MapClaims{`
`614`		`-"email":"kyle@kwc.io",`
`615`		`-},`
`616`		`-AllowSignups:true,`
`617`		`-StatusCode:http.StatusOK,`
`618`		`-Username:"kyle",`
`619`		`-}, {`
`620`		`-Name:"EmailNotVerified",`
`621`		`-IDTokenClaims: jwt.MapClaims{`
`622`		`-"email":"kyle@kwc.io",`
`623`		`-"email_verified":false,`
`624`		`-},`
`625`		`-AllowSignups:true,`
`626`		`-StatusCode:http.StatusForbidden,`
`627`		`-}, {`
`628`		`-Name:"EmailNotAString",`
`629`		`-IDTokenClaims: jwt.MapClaims{`
`630`		`-"email":3.14159,`
`631`		`-"email_verified":false,`
`632`		`-},`
`633`		`-AllowSignups:true,`
`634`		`-StatusCode:http.StatusBadRequest,`
`635`		`-}, {`
`636`		`-Name:"EmailNotVerifiedIgnored",`
`637`		`-IDTokenClaims: jwt.MapClaims{`
`638`		`-"email":"kyle@kwc.io",`
`639`		`-"email_verified":false,`
`640`		`-},`
`641`		`-AllowSignups:true,`
`642`		`-StatusCode:http.StatusOK,`
`643`		`-Username:"kyle",`
`644`		`-IgnoreEmailVerified:true,`
`645`		`-}, {`
`646`		`-Name:"NotInRequiredEmailDomain",`
`647`		`-IDTokenClaims: jwt.MapClaims{`
`648`		`-"email":"kyle@kwc.io",`
`649`		`-"email_verified":true,`
`650`		`-},`
`651`		`-AllowSignups:true,`
`652`		`-EmailDomain: []string{`
`653`		`-"coder.com",`
`654`		`-},`
`655`		`-StatusCode:http.StatusForbidden,`
`656`		`-}, {`
`657`		`-Name:"EmailDomainCaseInsensitive",`
`658`		`-IDTokenClaims: jwt.MapClaims{`
`659`		`-"email":"kyle@KWC.io",`
`660`		`-"email_verified":true,`
`661`		`-},`
`662`		`-AllowSignups:true,`
`663`		`-EmailDomain: []string{`
`664`		`-"kwc.io",`
`665`		`-},`
`666`		`-StatusCode:http.StatusOK,`
`667`		`-}, {`
`668`		`-Name:"EmptyClaims",`
`669`		`-IDTokenClaims: jwt.MapClaims{},`
`670`		`-AllowSignups:true,`
`671`		`-StatusCode:http.StatusBadRequest,`
`672`		`-}, {`
`673`		`-Name:"NoSignups",`
`674`		`-IDTokenClaims: jwt.MapClaims{`
`675`		`-"email":"kyle@kwc.io",`
`676`		`-"email_verified":true,`
`677`		`-},`
`678`		`-StatusCode:http.StatusForbidden,`
`679`		`-}, {`
`680`		`-Name:"UsernameFromEmail",`
`681`		`-IDTokenClaims: jwt.MapClaims{`
`682`		`-"email":"kyle@kwc.io",`
`683`		`-"email_verified":true,`
`684`		`-},`
`685`		`-Username:"kyle",`
`686`		`-AllowSignups:true,`
`687`		`-StatusCode:http.StatusOK,`
`688`		`-}, {`
`689`		`-Name:"UsernameFromClaims",`
`690`		`-IDTokenClaims: jwt.MapClaims{`
`691`		`-"email":"kyle@kwc.io",`
`692`		`-"email_verified":true,`
`693`		`-"preferred_username":"hotdog",`
`694`		`-},`
`695`		`-Username:"hotdog",`
`696`		`-AllowSignups:true,`
`697`		`-StatusCode:http.StatusOK,`
`698`		`-}, {`
`699`		`-// Services like Okta return the email as the username:`
`700`		`-// https://developer.okta.com/docs/reference/api/oidc/#base-claims-always-present`
`701`		`-Name:"UsernameAsEmail",`
`702`		`-IDTokenClaims: jwt.MapClaims{`
`703`		`-"email":"kyle@kwc.io",`
`704`		`-"email_verified":true,`
`705`		`-"preferred_username":"kyle@kwc.io",`
`706`		`-},`
`707`		`-Username:"kyle",`
`708`		`-AllowSignups:true,`
`709`		`-StatusCode:http.StatusOK,`
`710`		`-}, {`
`711`		`-// See: https://github.com/coder/coder/issues/4472`
`712`		`-Name:"UsernameIsEmail",`
`713`		`-IDTokenClaims: jwt.MapClaims{`
`714`		`-"preferred_username":"kyle@kwc.io",`
`715`		`-},`
`716`		`-Username:"kyle",`
`717`		`-AllowSignups:true,`
`718`		`-StatusCode:http.StatusOK,`
`719`		`-}, {`
`720`		`-Name:"WithPicture",`
`721`		`-IDTokenClaims: jwt.MapClaims{`
`722`		`-"email":"kyle@kwc.io",`
`723`		`-"email_verified":true,`
`724`		`-"preferred_username":"kyle",`
`725`		`-"picture":"/example.png",`
`726`		`-},`
`727`		`-Username:"kyle",`
`728`		`-AllowSignups:true,`
`729`		`-AvatarURL:"/example.png",`
`730`		`-StatusCode:http.StatusOK,`
`731`		`-}, {`
`732`		`-Name:"WithUserInfoClaims",`
`733`		`-IDTokenClaims: jwt.MapClaims{`
`734`		`-"email":"kyle@kwc.io",`
`735`		`-"email_verified":true,`
`736`		`-},`
`737`		`-UserInfoClaims: jwt.MapClaims{`
`738`		`-"preferred_username":"potato",`
`739`		`-"picture":"/example.png",`
`740`		`-},`
`741`		`-Username:"potato",`
`742`		`-AllowSignups:true,`
`743`		`-AvatarURL:"/example.png",`
`744`		`-StatusCode:http.StatusOK,`
`745`		`-}, {`
`746`		`-Name:"GroupsDoesNothing",`
`747`		`-IDTokenClaims: jwt.MapClaims{`
`748`		`-"email":"coolin@coder.com",`
`749`		`-"groups": []string{"pingpong"},`
`750`		`-},`
`751`		`-AllowSignups:true,`
`752`		`-StatusCode:http.StatusOK,`
`753`		`-}, {`
`754`		`-Name:"UserInfoOverridesIDTokenClaims",`
`755`		`-IDTokenClaims: jwt.MapClaims{`
`756`		`-"email":"internaluser@internal.domain",`
`757`		`-"email_verified":false,`
`758`		`-},`
`759`		`-UserInfoClaims: jwt.MapClaims{`
`760`		`-"email":"externaluser@external.domain",`
`761`		`-"email_verified":true,`
`762`		`-"preferred_username":"user",`
`763`		`-},`
`764`		`-Username:"user",`
`765`		`-AllowSignups:true,`
`766`		`-IgnoreEmailVerified:false,`
`767`		`-StatusCode:http.StatusOK,`
`768`		`-}, {`
`769`		`-Name:"InvalidUserInfo",`
`770`		`-IDTokenClaims: jwt.MapClaims{`
`771`		`-"email":"internaluser@internal.domain",`
`772`		`-"email_verified":false,`
`773`		`-},`
`774`		`-UserInfoClaims: jwt.MapClaims{`
`775`		`-"email":1,`
`776`		`-},`
`777`		`-AllowSignups:true,`
`778`		`-IgnoreEmailVerified:false,`
`779`		`-StatusCode:http.StatusInternalServerError,`
`780`		`-}, {`
`781`		`-Name:"IgnoreUserInfo",`
`782`		`-IDTokenClaims: jwt.MapClaims{`
`783`		`-"email":"user@internal.domain",`
`784`		`-"email_verified":true,`
`785`		`-"preferred_username":"user",`
`786`		`-},`
`787`		`-UserInfoClaims: jwt.MapClaims{`
`788`		`-"email":"user.mcname@external.domain",`
`789`		`-"preferred_username":"Mr. User McName",`
`790`		`-},`
`791`		`-Username:"user",`
`792`		`-IgnoreUserInfo:true,`
`793`		`-AllowSignups:true,`
`794`		`-StatusCode:http.StatusOK,`
`795`		`-}} {`
	`611`	`+}{`
	`612`	`+{`
	`613`	`+Name:"EmailOnly",`
	`614`	`+IDTokenClaims: jwt.MapClaims{`
	`615`	`+"email":"kyle@kwc.io",`
	`616`	`+},`
	`617`	`+AllowSignups:true,`
	`618`	`+StatusCode:http.StatusOK,`
	`619`	`+Username:"kyle",`
	`620`	`+}, {`
	`621`	`+Name:"EmailNotVerified",`
	`622`	`+IDTokenClaims: jwt.MapClaims{`
	`623`	`+"email":"kyle@kwc.io",`
	`624`	`+"email_verified":false,`
	`625`	`+},`
	`626`	`+AllowSignups:true,`
	`627`	`+StatusCode:http.StatusForbidden,`
	`628`	`+}, {`
	`629`	`+Name:"EmailNotAString",`
	`630`	`+IDTokenClaims: jwt.MapClaims{`
	`631`	`+"email":3.14159,`
	`632`	`+"email_verified":false,`
	`633`	`+},`
	`634`	`+AllowSignups:true,`
	`635`	`+StatusCode:http.StatusBadRequest,`
	`636`	`+}, {`
	`637`	`+Name:"EmailNotVerifiedIgnored",`
	`638`	`+IDTokenClaims: jwt.MapClaims{`
	`639`	`+"email":"kyle@kwc.io",`
	`640`	`+"email_verified":false,`
	`641`	`+},`
	`642`	`+AllowSignups:true,`
	`643`	`+StatusCode:http.StatusOK,`
	`644`	`+Username:"kyle",`
	`645`	`+IgnoreEmailVerified:true,`
	`646`	`+}, {`
	`647`	`+Name:"NotInRequiredEmailDomain",`
	`648`	`+IDTokenClaims: jwt.MapClaims{`
	`649`	`+"email":"kyle@kwc.io",`
	`650`	`+"email_verified":true,`
	`651`	`+},`
	`652`	`+AllowSignups:true,`
	`653`	`+EmailDomain: []string{`
	`654`	`+"coder.com",`
	`655`	`+},`
	`656`	`+StatusCode:http.StatusForbidden,`
	`657`	`+}, {`
	`658`	`+Name:"EmailDomainCaseInsensitive",`
	`659`	`+IDTokenClaims: jwt.MapClaims{`
	`660`	`+"email":"kyle@KWC.io",`
	`661`	`+"email_verified":true,`
	`662`	`+},`
	`663`	`+AllowSignups:true,`
	`664`	`+EmailDomain: []string{`
	`665`	`+"kwc.io",`
	`666`	`+},`
	`667`	`+StatusCode:http.StatusOK,`
	`668`	`+}, {`
	`669`	`+Name:"EmptyClaims",`
	`670`	`+IDTokenClaims: jwt.MapClaims{},`
	`671`	`+AllowSignups:true,`
	`672`	`+StatusCode:http.StatusBadRequest,`
	`673`	`+}, {`
	`674`	`+Name:"NoSignups",`
	`675`	`+IDTokenClaims: jwt.MapClaims{`
	`676`	`+"email":"kyle@kwc.io",`
	`677`	`+"email_verified":true,`
	`678`	`+},`
	`679`	`+StatusCode:http.StatusForbidden,`
	`680`	`+}, {`
	`681`	`+Name:"UsernameFromEmail",`
	`682`	`+IDTokenClaims: jwt.MapClaims{`
	`683`	`+"email":"kyle@kwc.io",`
	`684`	`+"email_verified":true,`
	`685`	`+},`
	`686`	`+Username:"kyle",`
	`687`	`+AllowSignups:true,`
	`688`	`+StatusCode:http.StatusOK,`
	`689`	`+}, {`
	`690`	`+Name:"UsernameFromClaims",`
	`691`	`+IDTokenClaims: jwt.MapClaims{`
	`692`	`+"email":"kyle@kwc.io",`
	`693`	`+"email_verified":true,`
	`694`	`+"preferred_username":"hotdog",`
	`695`	`+},`
	`696`	`+Username:"hotdog",`
	`697`	`+AllowSignups:true,`
	`698`	`+StatusCode:http.StatusOK,`
	`699`	`+}, {`
	`700`	`+// Services like Okta return the email as the username:`
	`701`	`+// https://developer.okta.com/docs/reference/api/oidc/#base-claims-always-present`
	`702`	`+Name:"UsernameAsEmail",`
	`703`	`+IDTokenClaims: jwt.MapClaims{`
	`704`	`+"email":"kyle@kwc.io",`
	`705`	`+"email_verified":true,`
	`706`	`+"preferred_username":"kyle@kwc.io",`
	`707`	`+},`
	`708`	`+Username:"kyle",`
	`709`	`+AllowSignups:true,`
	`710`	`+StatusCode:http.StatusOK,`
	`711`	`+}, {`
	`712`	`+// See: https://github.com/coder/coder/issues/4472`
	`713`	`+Name:"UsernameIsEmail",`
	`714`	`+IDTokenClaims: jwt.MapClaims{`
	`715`	`+"preferred_username":"kyle@kwc.io",`
	`716`	`+},`
	`717`	`+Username:"kyle",`
	`718`	`+AllowSignups:true,`
	`719`	`+StatusCode:http.StatusOK,`
	`720`	`+}, {`
	`721`	`+Name:"WithPicture",`
	`722`	`+IDTokenClaims: jwt.MapClaims{`
	`723`	`+"email":"kyle@kwc.io",`
	`724`	`+"email_verified":true,`
	`725`	`+"preferred_username":"kyle",`
	`726`	`+"picture":"/example.png",`
	`727`	`+},`
	`728`	`+Username:"kyle",`
	`729`	`+AllowSignups:true,`
	`730`	`+AvatarURL:"/example.png",`
	`731`	`+StatusCode:http.StatusOK,`
	`732`	`+}, {`
	`733`	`+Name:"WithUserInfoClaims",`
	`734`	`+IDTokenClaims: jwt.MapClaims{`
	`735`	`+"email":"kyle@kwc.io",`
	`736`	`+"email_verified":true,`
	`737`	`+},`
	`738`	`+UserInfoClaims: jwt.MapClaims{`
	`739`	`+"preferred_username":"potato",`
	`740`	`+"picture":"/example.png",`
	`741`	`+},`
	`742`	`+Username:"potato",`
	`743`	`+AllowSignups:true,`
	`744`	`+AvatarURL:"/example.png",`
	`745`	`+StatusCode:http.StatusOK,`
	`746`	`+}, {`
	`747`	`+Name:"GroupsDoesNothing",`
	`748`	`+IDTokenClaims: jwt.MapClaims{`
	`749`	`+"email":"coolin@coder.com",`
	`750`	`+"groups": []string{"pingpong"},`
	`751`	`+},`
	`752`	`+AllowSignups:true,`
	`753`	`+StatusCode:http.StatusOK,`
	`754`	`+}, {`
	`755`	`+Name:"UserInfoOverridesIDTokenClaims",`
	`756`	`+IDTokenClaims: jwt.MapClaims{`
	`757`	`+"email":"internaluser@internal.domain",`
	`758`	`+"email_verified":false,`
	`759`	`+},`
	`760`	`+UserInfoClaims: jwt.MapClaims{`
	`761`	`+"email":"externaluser@external.domain",`
	`762`	`+"email_verified":true,`
	`763`	`+"preferred_username":"user",`
	`764`	`+},`
	`765`	`+Username:"user",`
	`766`	`+AllowSignups:true,`
	`767`	`+IgnoreEmailVerified:false,`
	`768`	`+StatusCode:http.StatusOK,`
	`769`	`+}, {`
	`770`	`+Name:"InvalidUserInfo",`
	`771`	`+IDTokenClaims: jwt.MapClaims{`
	`772`	`+"email":"internaluser@internal.domain",`
	`773`	`+"email_verified":false,`
	`774`	`+},`
	`775`	`+UserInfoClaims: jwt.MapClaims{`
	`776`	`+"email":1,`
	`777`	`+},`
	`778`	`+AllowSignups:true,`
	`779`	`+IgnoreEmailVerified:false,`
	`780`	`+StatusCode:http.StatusInternalServerError,`
	`781`	`+}, {`
	`782`	`+Name:"IgnoreUserInfo",`
	`783`	`+IDTokenClaims: jwt.MapClaims{`
	`784`	`+"email":"user@internal.domain",`
	`785`	`+"email_verified":true,`
	`786`	`+"preferred_username":"user",`
	`787`	`+},`
	`788`	`+UserInfoClaims: jwt.MapClaims{`
	`789`	`+"email":"user.mcname@external.domain",`
	`790`	`+"preferred_username":"Mr. User McName",`
	`791`	`+},`
	`792`	`+Username:"user",`
	`793`	`+IgnoreUserInfo:true,`
	`794`	`+AllowSignups:true,`
	`795`	`+StatusCode:http.StatusOK,`
	`796`	`+}} {`
`796`	`797`	`tc:=tc`
`797`	`798`	`t.Run(tc.Name,func(t*testing.T) {`
`798`	`799`	`t.Parallel()`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit524aced

File tree

3 files changed

3 files changed

`‎coderd/userauth.go`

`‎coderd/userauth_test.go`

0 commit comments