MCPcopy Index your code
hub / github.com/coder/coder / TestOIDCMCPTokenSource

Function TestOIDCMCPTokenSource

coderd/mcp_internal_test.go:94–216  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

92}
93
94func TestOIDCMCPTokenSource(t *testing.T) {
95 t.Parallel()
96
97 logger := testutil.Logger(t)
98
99 t.Run("NilConfig", func(t *testing.T) {
100 t.Parallel()
101 db, _ := dbtestutil.NewDB(t)
102 require.Nil(t, newOIDCMCPTokenSource(db, nil, logger))
103 })
104
105 t.Run("NoLink", func(t *testing.T) {
106 // When the user has no OIDC link the source returns ("", nil)
107 // rather than an error so the caller can fall through to
108 // "no Authorization header".
109 t.Parallel()
110 db, _ := dbtestutil.NewDB(t)
111 store := dbauthzTestStore(t, db)
112 user := dbgen.User(t, db, database.User{LoginType: database.LoginTypeOIDC})
113
114 src := newOIDCMCPTokenSource(store, &testutil.OAuth2Config{}, logger)
115 ctx := dbauthz.AsChatd(context.Background())
116
117 tok, err := src.OIDCAccessToken(ctx, user.ID)
118 require.NoError(t, err)
119 require.Empty(t, tok)
120 })
121
122 t.Run("FreshToken", func(t *testing.T) {
123 // A non-expired token is returned as-is; no refresh is performed.
124 t.Parallel()
125 db, _ := dbtestutil.NewDB(t)
126 store := dbauthzTestStore(t, db)
127 user := dbgen.User(t, db, database.User{})
128 dbgen.UserLink(t, db, database.UserLink{
129 UserID: user.ID,
130 LoginType: database.LoginTypeOIDC,
131 OAuthAccessToken: "fresh",
132 OAuthRefreshToken: "refresh",
133 OAuthExpiry: dbtime.Now().Add(time.Hour),
134 })
135
136 src := newOIDCMCPTokenSource(store, &testutil.OAuth2Config{
137 Token: &oauth2.Token{AccessToken: "should-not-be-used"},
138 }, logger)
139 ctx := dbauthz.AsChatd(context.Background())
140
141 tok, err := src.OIDCAccessToken(ctx, user.ID)
142 require.NoError(t, err)
143 require.Equal(t, "fresh", tok)
144 })
145
146 t.Run("RefreshExpired", func(t *testing.T) {
147 // An expired token triggers a refresh; the new token is
148 // persisted via UpdateUserLink. This exercises the dbauthz
149 // elevation: chatd lacks ResourceSystem.Read and
150 // ResourceUser.UpdatePersonal so a non-elevated context
151 // would fail both reads and writes.

Callers

nothing calls this directly

Calls 15

LoggerFunction · 0.92
NewDBFunction · 0.92
UserFunction · 0.92
AsChatdFunction · 0.92
UserLinkFunction · 0.92
NowFunction · 0.92
AsSystemRestrictedFunction · 0.92
newOIDCMCPTokenSourceFunction · 0.85
dbauthzTestStoreFunction · 0.85
RunMethod · 0.65
OIDCAccessTokenMethod · 0.65
AddMethod · 0.65

Tested by

no test coverage detected