(t *testing.T)
| 2698 | } |
| 2699 | |
| 2700 | func TestOIDCSkipIssuer(t *testing.T) { |
| 2701 | t.Parallel() |
| 2702 | const primaryURLString = "https://primary.com" |
| 2703 | const secondaryURLString = "https://secondary.com" |
| 2704 | primaryURL := must(url.Parse(primaryURLString)) |
| 2705 | |
| 2706 | fake := oidctest.NewFakeIDP(t, |
| 2707 | oidctest.WithServing(), |
| 2708 | oidctest.WithDefaultIDClaims(jwt.MapClaims{}), |
| 2709 | oidctest.WithHookWellKnown(func(r *http.Request, j *oidctest.ProviderJSON) error { |
| 2710 | assert.NotEqual(t, r.URL.Host, primaryURL.Host, "request went to wrong host") |
| 2711 | j.Issuer = primaryURLString |
| 2712 | return nil |
| 2713 | }), |
| 2714 | ) |
| 2715 | |
| 2716 | owner := coderdtest.New(t, &coderdtest.Options{ |
| 2717 | OIDCConfig: fake.OIDCConfigSkipIssuerChecks(t, nil, func(cfg *coderd.OIDCConfig) { |
| 2718 | cfg.AllowSignups = true |
| 2719 | }), |
| 2720 | }) |
| 2721 | |
| 2722 | // User can login and use their token. |
| 2723 | ctx := testutil.Context(t, testutil.WaitShort) |
| 2724 | //nolint:bodyclose |
| 2725 | userClient, _ := fake.Login(t, owner, jwt.MapClaims{ |
| 2726 | "iss": secondaryURLString, |
| 2727 | "email": "alice@coder.com", |
| 2728 | "email_verified": true, |
| 2729 | "sub": uuid.NewString(), |
| 2730 | }) |
| 2731 | found, err := userClient.User(ctx, "me") |
| 2732 | require.NoError(t, err) |
| 2733 | require.Equal(t, found.LoginType, codersdk.LoginTypeOIDC) |
| 2734 | } |
| 2735 | |
| 2736 | func TestUserForgotPassword(t *testing.T) { |
| 2737 | t.Parallel() |
nothing calls this directly
no test coverage detected