MCPcopy Index your code
hub / github.com/coder/coder / TestOAuth2

Function TestOAuth2

coderd/httpmw/oauth2_test.go:47–176  ·  view source on GitHub ↗

nolint:bodyclose

(t *testing.T)

Source from the content-addressed store, hash-verified

45
46// nolint:bodyclose
47func TestOAuth2(t *testing.T) {
48 t.Parallel()
49 t.Run("NotSetup", func(t *testing.T) {
50 t.Parallel()
51 req := httptest.NewRequest("GET", "/", nil)
52 res := httptest.NewRecorder()
53 httpmw.ExtractOAuth2(nil, nil, codersdk.HTTPCookieConfig{}, nil, nil)(nil).ServeHTTP(res, req)
54 require.Equal(t, http.StatusBadRequest, res.Result().StatusCode)
55 })
56 t.Run("RedirectWithoutCode", func(t *testing.T) {
57 t.Parallel()
58 req := httptest.NewRequest("GET", "/?redirect="+url.QueryEscape("/dashboard"), nil)
59 res := httptest.NewRecorder()
60 tp := newTestOAuth2Provider(t, oauth2.AccessTypeOffline)
61 httpmw.ExtractOAuth2(tp, nil, codersdk.HTTPCookieConfig{}, nil, nil)(nil).ServeHTTP(res, req)
62 location := res.Header().Get("Location")
63 if !assert.NotEmpty(t, location) {
64 return
65 }
66 require.Len(t, res.Result().Cookies(), 2)
67 cookie := res.Result().Cookies()[1]
68 require.Equal(t, "/dashboard", cookie.Value)
69 })
70 t.Run("OnlyPathBaseRedirect", func(t *testing.T) {
71 t.Parallel()
72 // Construct a URI to a potentially malicious
73 // site and assert that we omit the host
74 // when redirecting the request.
75 uri := &url.URL{
76 Scheme: "https",
77 Host: "some.bad.domain.com",
78 Path: "/sadf/asdfasdf",
79 RawQuery: "foo=hello&bar=world",
80 }
81 expectedValue := uri.Path + "?" + uri.RawQuery
82 req := httptest.NewRequest("GET", "/?redirect="+url.QueryEscape(uri.String()), nil)
83 res := httptest.NewRecorder()
84 tp := newTestOAuth2Provider(t, oauth2.AccessTypeOffline)
85 httpmw.ExtractOAuth2(tp, nil, codersdk.HTTPCookieConfig{}, nil, nil)(nil).ServeHTTP(res, req)
86 location := res.Header().Get("Location")
87 if !assert.NotEmpty(t, location) {
88 return
89 }
90 require.Len(t, res.Result().Cookies(), 2)
91 cookie := res.Result().Cookies()[1]
92 require.Equal(t, expectedValue, cookie.Value)
93 })
94
95 t.Run("NoState", func(t *testing.T) {
96 t.Parallel()
97 req := httptest.NewRequest("GET", "/?code=something", nil)
98 res := httptest.NewRecorder()
99 tp := newTestOAuth2Provider(t, oauth2.AccessTypeOffline)
100 httpmw.ExtractOAuth2(tp, nil, codersdk.HTTPCookieConfig{}, nil, nil)(nil).ServeHTTP(res, req)
101 require.Equal(t, http.StatusBadRequest, res.Result().StatusCode)
102 })
103 t.Run("NoStateCookie", func(t *testing.T) {
104 t.Parallel()

Callers

nothing calls this directly

Calls 14

ExtractOAuth2Function · 0.92
OAuth2Function · 0.92
GetRandomNameFunction · 0.92
newTestOAuth2ProviderFunction · 0.85
NotEmptyMethod · 0.80
CookiesMethod · 0.80
RunMethod · 0.65
GetMethod · 0.65
ServeHTTPMethod · 0.45
EqualMethod · 0.45
ResultMethod · 0.45
HeaderMethod · 0.45

Tested by

no test coverage detected