MCPcopy Index your code
hub / github.com/coder/coder / TestRefreshToken

Function TestRefreshToken

coderd/externalauth/externalauth_test.go:37–849  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

35)
36
37func TestRefreshToken(t *testing.T) {
38 t.Parallel()
39 expired := time.Now().Add(time.Hour * -1)
40
41 t.Run("NoRefreshExpired", func(t *testing.T) {
42 t.Parallel()
43 fake, config, link := setupOauth2Test(t, testConfig{
44 FakeIDPOpts: []oidctest.FakeIDPOpt{
45 oidctest.WithRefresh(func(_ string) error {
46 t.Error("refresh on the IDP was called, but NoRefresh was set")
47 return xerrors.New("should not be called")
48 }),
49 // The IDP should not be contacted since the token is expired. An expired
50 // token with 'NoRefresh' should early abort.
51 oidctest.WithDynamicUserInfo(func(_ string) (jwt.MapClaims, error) {
52 t.Error("token was validated, but it was expired and this should never have happened.")
53 return nil, xerrors.New("should not be called")
54 }),
55 },
56 ExternalAuthOpt: func(cfg *externalauth.Config) {
57 cfg.NoRefresh = true
58 },
59 })
60
61 ctx := oidc.ClientContext(context.Background(), fake.HTTPClient(nil))
62 // Expire the link
63 link.OAuthExpiry = expired
64
65 _, err := config.RefreshToken(ctx, nil, link)
66 require.Error(t, err)
67 require.True(t, externalauth.IsInvalidTokenError(err))
68 require.Contains(t, err.Error(), "refreshing is either disabled or refreshing failed")
69 })
70
71 // NoRefreshNoExpiry tests that an oauth token without an expiry is always valid.
72 // The "validate url" should be hit, but the refresh endpoint should not.
73 t.Run("NoRefreshNoExpiry", func(t *testing.T) {
74 t.Parallel()
75
76 validated := false
77 fake, config, link := setupOauth2Test(t, testConfig{
78 FakeIDPOpts: []oidctest.FakeIDPOpt{
79 oidctest.WithRefresh(func(_ string) error {
80 t.Error("refresh on the IDP was called, but NoRefresh was set")
81 return xerrors.New("should not be called")
82 }),
83 oidctest.WithDynamicUserInfo(func(_ string) (jwt.MapClaims, error) {
84 validated = true
85 return jwt.MapClaims{}, nil
86 }),
87 },
88 ExternalAuthOpt: func(cfg *externalauth.Config) {
89 cfg.NoRefresh = true
90 },
91 })
92
93 ctx := oidc.ClientContext(context.Background(), fake.HTTPClient(nil))
94

Callers

nothing calls this directly

Calls 15

RefreshTokenMethod · 0.95
EXPECTMethod · 0.95
WithRefreshFunction · 0.92
WithDynamicUserInfoFunction · 0.92
IsInvalidTokenErrorFunction · 0.92
NewMockStoreFunction · 0.92
NewDBFunction · 0.92
StatusErrorFunction · 0.92
WithMutateTokenFunction · 0.92
NowFunction · 0.92
setupOauth2TestFunction · 0.85
HTTPClientMethod · 0.80

Tested by

no test coverage detected