MCPcopy Index your code
hub / github.com/coder/coder / TestConstantQueryParams

Function TestConstantQueryParams

coderd/externalauth/externalauth_test.go:1361–1427  ·  view source on GitHub ↗

TestConstantQueryParams verifies a constant query parameter can be set in the "authenticate" url for external auth applications, and it will be carried forward to actual auth requests. This unit test was specifically created for Auth0 which can set an audience query parameter in it's /authorize endp

(t *testing.T)

Source from the content-addressed store, hash-verified

1359// This unit test was specifically created for Auth0 which can set an
1360// audience query parameter in it's /authorize endpoint.
1361func TestConstantQueryParams(t *testing.T) {
1362 t.Parallel()
1363 const constantQueryParamKey = "audience"
1364 const constantQueryParamValue = "foobar"
1365 constantQueryParam := fmt.Sprintf("%s=%s", constantQueryParamKey, constantQueryParamValue)
1366 fake, config, _ := setupOauth2Test(t, testConfig{
1367 FakeIDPOpts: []oidctest.FakeIDPOpt{
1368 oidctest.WithMiddlewares(func(next http.Handler) http.Handler {
1369 return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
1370 if strings.Contains(request.URL.Path, "authorize") {
1371 // Assert has the audience query param
1372 assert.Equal(t, request.URL.Query().Get(constantQueryParamKey), constantQueryParamValue)
1373 }
1374 next.ServeHTTP(writer, request)
1375 })
1376 }),
1377 },
1378 CoderOIDCConfigOpts: []func(cfg *coderd.OIDCConfig){
1379 func(cfg *coderd.OIDCConfig) {
1380 // Include a constant query parameter.
1381 authURL, err := url.Parse(cfg.OAuth2Config.(*oauth2.Config).Endpoint.AuthURL)
1382 require.NoError(t, err)
1383
1384 authURL.RawQuery = url.Values{constantQueryParamKey: []string{constantQueryParamValue}}.Encode()
1385 cfg.OAuth2Config.(*oauth2.Config).Endpoint.AuthURL = authURL.String()
1386 require.Contains(t, cfg.OAuth2Config.(*oauth2.Config).Endpoint.AuthURL, constantQueryParam)
1387 cfg.PKCEMethods = []promoauth.Oauth2PKCEChallengeMethod{promoauth.PKCEChallengeMethodSha256}
1388 },
1389 },
1390 })
1391
1392 callbackCalled := false
1393 fake.SetCoderdCallbackHandler(func(writer http.ResponseWriter, request *http.Request) {
1394 // Just record the callback was hit, and the auth succeeded.
1395 callbackCalled = true
1396 })
1397
1398 // Verify the AuthURL endpoint contains the constant query parameter and is a valid URL.
1399 // It should look something like:
1400 // http://127.0.0.1:<port>>/oauth2/authorize?
1401 // audience=foobar&
1402 // client_id=d<uuid>&
1403 // redirect_uri=<redirect>&
1404 // response_type=code&
1405 // scope=openid+email+profile&
1406 // state=state
1407 const state = "state"
1408 rawAuthURL := config.AuthCodeURL(state)
1409 // Parsing the url is not perfect. It allows imperfections like the query
1410 // params having 2 question marks '?a=foo?b=bar'.
1411 // So use it to validate, then verify the raw url is as expected.
1412 authURL, err := url.Parse(rawAuthURL)
1413 require.NoError(t, err)
1414 require.Equal(t, authURL.Query().Get(constantQueryParamKey), constantQueryParamValue)
1415 // We are not using a real server, so it fakes https://coder.com
1416 require.Equal(t, authURL.Scheme, "https")
1417 // Validate the raw URL.
1418 // Double check only 1 '?' exists. Url parsing allows multiple '?' in the query string.

Callers

nothing calls this directly

Calls 13

WithMiddlewaresFunction · 0.92
setupOauth2TestFunction · 0.85
EncodeMethod · 0.80
CountMethod · 0.80
OIDCCallbackMethod · 0.80
GetMethod · 0.65
ParseMethod · 0.65
AuthCodeURLMethod · 0.65
ContainsMethod · 0.45
EqualMethod · 0.45
ServeHTTPMethod · 0.45

Tested by

no test coverage detected