MCPcopy Index your code
hub / github.com/coder/coder / TestOIDCOauthLoginWithExisting

Function TestOIDCOauthLoginWithExisting

coderd/userauth_test.go:56–121  ·  view source on GitHub ↗

This test specifically tests logging in with OIDC when an expired OIDC session token exists. The token refreshing should not happen since we are reauthenticating. nolint:bodyclose

(t *testing.T)

Source from the content-addressed store, hash-verified

54// The token refreshing should not happen since we are reauthenticating.
55// nolint:bodyclose
56func TestOIDCOauthLoginWithExisting(t *testing.T) {
57 t.Parallel()
58
59 fake := oidctest.NewFakeIDP(t,
60 oidctest.WithRefresh(func(_ string) error {
61 return xerrors.New("refreshing token should never occur")
62 }),
63 oidctest.WithServing(),
64 )
65
66 cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) {
67 cfg.AllowSignups = true
68 cfg.SecondaryClaims = coderd.MergedClaimsSourceNone
69 })
70
71 certificates := []tls.Certificate{testutil.GenerateTLSCertificate(t, "localhost")}
72 client, _, api := coderdtest.NewWithAPI(t, &coderdtest.Options{
73 OIDCConfig: cfg,
74 TLSCertificates: certificates,
75 DeploymentValues: coderdtest.DeploymentValues(t, func(values *codersdk.DeploymentValues) {
76 values.HTTPCookies = codersdk.HTTPCookieConfig{
77 Secure: true,
78 SameSite: "none",
79 }
80 }),
81 })
82
83 const username = "alice"
84 claims := jwt.MapClaims{
85 "email": "alice@coder.com",
86 "email_verified": true,
87 "preferred_username": username,
88 "sub": uuid.NewString(),
89 }
90
91 // Signup alice
92 freshClient := func() *codersdk.Client {
93 cli := codersdk.New(client.URL)
94 cli.HTTPClient.Transport = &http.Transport{
95 TLSClientConfig: &tls.Config{
96 //nolint:gosec
97 InsecureSkipVerify: true,
98 },
99 }
100 cli.HTTPClient.Jar = testjar.New()
101 return cli
102 }
103
104 unauthenticated := freshClient()
105 userClient, _ := fake.Login(t, unauthenticated, claims)
106
107 cookies := unauthenticated.HTTPClient.Jar.Cookies(client.URL)
108 require.True(t, len(cookies) > 0)
109 for _, c := range cookies {
110 require.Truef(t, c.Secure, "cookie %q", c.Name)
111 require.Equalf(t, http.SameSiteNoneMode, c.SameSite, "cookie %q", c.Name)
112 }
113

Callers

nothing calls this directly

Calls 14

OIDCConfigMethod · 0.95
LoginMethod · 0.95
ExpireOauthTokenMethod · 0.95
NewFakeIDPFunction · 0.92
WithRefreshFunction · 0.92
WithServingFunction · 0.92
GenerateTLSCertificateFunction · 0.92
NewWithAPIFunction · 0.92
DeploymentValuesFunction · 0.92
NewFunction · 0.92
NewFunction · 0.92
NewLoginHelperFunction · 0.92

Tested by

no test coverage detected