TestOAuth2ConcurrentSecurityOperations tests security under concurrent operations
(t *testing.T)
| 395 | |
| 396 | // TestOAuth2ConcurrentSecurityOperations tests security under concurrent operations |
| 397 | func TestOAuth2ConcurrentSecurityOperations(t *testing.T) { |
| 398 | t.Parallel() |
| 399 | |
| 400 | client := coderdtest.New(t, nil) |
| 401 | _ = coderdtest.CreateFirstUser(t, client) |
| 402 | |
| 403 | ctx := t.Context() |
| 404 | |
| 405 | // Register a client for testing |
| 406 | clientName := fmt.Sprintf("test-client-%d", time.Now().UnixNano()) |
| 407 | regReq := codersdk.OAuth2ClientRegistrationRequest{ |
| 408 | RedirectURIs: []string{"https://example.com/callback"}, |
| 409 | ClientName: clientName, |
| 410 | } |
| 411 | regResp, err := client.PostOAuth2ClientRegistration(ctx, regReq) |
| 412 | require.NoError(t, err) |
| 413 | |
| 414 | t.Run("ConcurrentAccessAttempts", func(t *testing.T) { |
| 415 | t.Parallel() |
| 416 | ctx := t.Context() |
| 417 | |
| 418 | const numGoroutines = 20 |
| 419 | var wg sync.WaitGroup |
| 420 | errors := make([]error, numGoroutines) |
| 421 | |
| 422 | // Launch concurrent attempts to access the client configuration |
| 423 | for i := 0; i < numGoroutines; i++ { |
| 424 | wg.Add(1) |
| 425 | go func(index int) { |
| 426 | defer wg.Done() |
| 427 | |
| 428 | _, err := client.GetOAuth2ClientConfiguration(ctx, regResp.ClientID, regResp.RegistrationAccessToken) |
| 429 | errors[index] = err |
| 430 | }(i) |
| 431 | } |
| 432 | |
| 433 | wg.Wait() |
| 434 | |
| 435 | // All requests should succeed (they're all valid) |
| 436 | for i, err := range errors { |
| 437 | require.NoError(t, err, "Request %d failed", i) |
| 438 | } |
| 439 | }) |
| 440 | |
| 441 | t.Run("ConcurrentInvalidAccessAttempts", func(t *testing.T) { |
| 442 | t.Parallel() |
| 443 | ctx := t.Context() |
| 444 | |
| 445 | const numGoroutines = 20 |
| 446 | var wg sync.WaitGroup |
| 447 | statusCodes := make([]int, numGoroutines) |
| 448 | |
| 449 | // Launch concurrent attempts with invalid tokens |
| 450 | for i := 0; i < numGoroutines; i++ { |
| 451 | wg.Add(1) |
| 452 | go func(index int) { |
| 453 | defer wg.Done() |
| 454 |
nothing calls this directly
no test coverage detected