NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit8b597a1

committed

Extract auth code helper

1 parent7b118ac commit8b597a1Copy full SHA for 8b597a1

File tree

2 files changed

+59

-27

lines changed

coderd/coderdtest/oidctest
- helper.go
- idp.go

2 files changed

+59

-27

lines changed

`‎coderd/coderdtest/oidctest/helper.go`

Lines changed: 51 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,17 @@`
`1`	`1`	`package oidctest`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+"context"`
`4`	`5`	`"database/sql"`
`5`	`6`	`"encoding/json"`
`6`	`7`	`"net/http"`
	`8`	`+"net/url"`
`7`	`9`	`"testing"`
`8`	`10`	`"time"`
`9`	`11`
`10`	`12`	`"github.com/golang-jwt/jwt/v4"`
`11`	`13`	`"github.com/stretchr/testify/require"`
	`14`	`+"golang.org/x/xerrors"`
`12`	`15`
`13`	`16`	`"github.com/coder/coder/v2/coderd/database"`
`14`	`17`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`@@ -114,3 +117,51 @@ func (h LoginHelper) ForceRefresh(t testing.T, db database.Store, user *coders`
`114`	`117`	`_,err:=user.User(testutil.Context(t,testutil.WaitShort),"me")`
`115`	`118`	`require.NoError(t,err,"user must be able to be fetched")`
`116`	`119`	`}`
	`120`	`+`
	`121`	`+// OAuth2GetCode emulates a user clicking "allow" on the IDP page. When doing`
	`122`	`+// unit tests, it's easier to skip this step sometimes. It does make an actual`
	`123`	`+// request to the IDP, so it should be equivalent to doing this "manually" with`
	`124`	`+// actual requests.`
	`125`	`+//`
	`126`	`+// TODO: Is state param optional? Can we grab it from the authURL?`
	`127`	`+funcOAuth2GetCode(authURLstring,statestring,doRequestfunc(reqhttp.Request) (http.Response,error)) (string,error) {`
	`128`	`+// We need to store some claims, because this is also an OIDC provider, and`
	`129`	`+// it expects some claims to be present.`
	`130`	`+// TODO: POST or GET method?`
	`131`	`+r,err:=http.NewRequestWithContext(context.Background(),http.MethodGet,authURL,nil)`
	`132`	`+iferr!=nil {`
	`133`	`+return"",xerrors.Errorf("failed to create auth request: %w",err)`
	`134`	`+}`
	`135`	`+`
	`136`	`+expCode:=http.StatusTemporaryRedirect`
	`137`	`+resp,err:=doRequest(r)`
	`138`	`+iferr!=nil {`
	`139`	`+return"",xerrors.Errorf("request: %w",err)`
	`140`	`+}`
	`141`	`+deferresp.Body.Close()`
	`142`	`+`
	`143`	`+ifresp.StatusCode!=expCode {`
	`144`	`+return"",codersdk.ReadBodyAsError(resp)`
	`145`	`+}`
	`146`	`+`
	`147`	`+to:=resp.Header.Get("Location")`
	`148`	`+ifto=="" {`
	`149`	`+return"",xerrors.Errorf("expected redirect location")`
	`150`	`+}`
	`151`	`+`
	`152`	`+toURL,err:=url.Parse(to)`
	`153`	`+iferr!=nil {`
	`154`	`+return"",xerrors.Errorf("failed to parse redirect location: %w",err)`
	`155`	`+}`
	`156`	`+`
	`157`	`+code:=toURL.Query().Get("code")`
	`158`	`+ifcode=="" {`
	`159`	`+return"",xerrors.Errorf("expected code in redirect location")`
	`160`	`+}`
	`161`	`+`
	`162`	`+newState:=toURL.Query().Get("state")`
	`163`	`+ifnewState!=state {`
	`164`	`+return"",xerrors.Errorf("expected state %q, got %q",state,newState)`
	`165`	`+}`
	`166`	`+returncode,nil`
	`167`	`+}`

`‎coderd/coderdtest/oidctest/idp.go`

Lines changed: 8 additions & 27 deletions

Original file line number	Diff line number	Diff line change
`@@ -514,37 +514,18 @@ func (FakeIDP) DeviceLogin(t testing.TB, client codersdk.Client, externalAuthI`
`514`	`514`	`// unit tests, it's easier to skip this step sometimes. It does make an actual`
`515`	`515`	`// request to the IDP, so it should be equivalent to doing this "manually" with`
`516`	`516`	`// actual requests.`
`517`		`-func (fFakeIDP)CreateAuthCode(t testing.TB,statestring,opts...func(rhttp.Request))string {`
	`517`	`+func (f*FakeIDP)CreateAuthCode(t testing.TB,statestring)string {`
`518`	`518`	`// We need to store some claims, because this is also an OIDC provider, and`
`519`	`519`	`// it expects some claims to be present.`
`520`	`520`	`f.stateToIDTokenClaims.Store(state, jwt.MapClaims{})`
`521`	`521`
`522`		`-u:=f.cfg.AuthCodeURL(state)`
`523`		`-r,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,u,nil)`
`524`		`-require.NoError(t,err,"failed to create auth request")`
`525`		`-`
`526`		`-for_,opt:=rangeopts {`
`527`		`-opt(r)`
`528`		`-}`
`529`		`-`
`530`		`-rw:=httptest.NewRecorder()`
`531`		`-f.handler.ServeHTTP(rw,r)`
`532`		`-resp:=rw.Result()`
`533`		`-deferresp.Body.Close()`
`534`		`-`
`535`		`-require.Equal(t,http.StatusTemporaryRedirect,resp.StatusCode,"expected redirect")`
`536`		`-to:=resp.Header.Get("Location")`
`537`		`-require.NotEmpty(t,to,"expected redirect location")`
`538`		`-`
`539`		`-toURL,err:=url.Parse(to)`
`540`		`-require.NoError(t,err,"failed to parse redirect location")`
`541`		`-`
`542`		`-code:=toURL.Query().Get("code")`
`543`		`-require.NotEmpty(t,code,"expected code in redirect location")`
`544`		`-`
`545`		`-newState:=toURL.Query().Get("state")`
`546`		`-require.Equal(t,state,newState,"expected state to match")`
`547`		`-`
	`522`	`+code,err:=OAuth2GetCode(f.cfg.AuthCodeURL(state),state,func(reqhttp.Request) (http.Response,error) {`
	`523`	`+rw:=httptest.NewRecorder()`
	`524`	`+f.handler.ServeHTTP(rw,req)`
	`525`	`+resp:=rw.Result()`
	`526`	`+returnresp,nil`
	`527`	`+})`
	`528`	`+require.NoError(t,err,"failed to get auth code")`
`548`	`529`	`returncode`
`549`	`530`	`}`
`550`	`531`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8b597a1

File tree

2 files changed

2 files changed

`‎coderd/coderdtest/oidctest/helper.go`

`‎coderd/coderdtest/oidctest/idp.go`

0 commit comments