This test specifically tests logging in with OIDC when an expired OIDC session token exists. The token refreshing should not happen since we are reauthenticating. nolint:bodyclose
(t *testing.T)
| 54 | // The token refreshing should not happen since we are reauthenticating. |
| 55 | // nolint:bodyclose |
| 56 | func TestOIDCOauthLoginWithExisting(t *testing.T) { |
| 57 | t.Parallel() |
| 58 | |
| 59 | fake := oidctest.NewFakeIDP(t, |
| 60 | oidctest.WithRefresh(func(_ string) error { |
| 61 | return xerrors.New("refreshing token should never occur") |
| 62 | }), |
| 63 | oidctest.WithServing(), |
| 64 | ) |
| 65 | |
| 66 | cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) { |
| 67 | cfg.AllowSignups = true |
| 68 | cfg.SecondaryClaims = coderd.MergedClaimsSourceNone |
| 69 | }) |
| 70 | |
| 71 | certificates := []tls.Certificate{testutil.GenerateTLSCertificate(t, "localhost")} |
| 72 | client, _, api := coderdtest.NewWithAPI(t, &coderdtest.Options{ |
| 73 | OIDCConfig: cfg, |
| 74 | TLSCertificates: certificates, |
| 75 | DeploymentValues: coderdtest.DeploymentValues(t, func(values *codersdk.DeploymentValues) { |
| 76 | values.HTTPCookies = codersdk.HTTPCookieConfig{ |
| 77 | Secure: true, |
| 78 | SameSite: "none", |
| 79 | } |
| 80 | }), |
| 81 | }) |
| 82 | |
| 83 | const username = "alice" |
| 84 | claims := jwt.MapClaims{ |
| 85 | "email": "alice@coder.com", |
| 86 | "email_verified": true, |
| 87 | "preferred_username": username, |
| 88 | "sub": uuid.NewString(), |
| 89 | } |
| 90 | |
| 91 | // Signup alice |
| 92 | freshClient := func() *codersdk.Client { |
| 93 | cli := codersdk.New(client.URL) |
| 94 | cli.HTTPClient.Transport = &http.Transport{ |
| 95 | TLSClientConfig: &tls.Config{ |
| 96 | //nolint:gosec |
| 97 | InsecureSkipVerify: true, |
| 98 | }, |
| 99 | } |
| 100 | cli.HTTPClient.Jar = testjar.New() |
| 101 | return cli |
| 102 | } |
| 103 | |
| 104 | unauthenticated := freshClient() |
| 105 | userClient, _ := fake.Login(t, unauthenticated, claims) |
| 106 | |
| 107 | cookies := unauthenticated.HTTPClient.Jar.Cookies(client.URL) |
| 108 | require.True(t, len(cookies) > 0) |
| 109 | for _, c := range cookies { |
| 110 | require.Truef(t, c.Secure, "cookie %q", c.Name) |
| 111 | require.Equalf(t, http.SameSiteNoneMode, c.SameSite, "cookie %q", c.Name) |
| 112 | } |
| 113 |
nothing calls this directly
no test coverage detected