nolint:bodyclose
(t *testing.T)
| 1097 | |
| 1098 | // nolint:bodyclose |
| 1099 | func TestUserOIDC(t *testing.T) { |
| 1100 | t.Parallel() |
| 1101 | |
| 1102 | for _, tc := range []struct { |
| 1103 | Name string |
| 1104 | IDTokenClaims jwt.MapClaims |
| 1105 | UserInfoClaims jwt.MapClaims |
| 1106 | AccessTokenClaims jwt.MapClaims |
| 1107 | AllowSignups bool |
| 1108 | EmailDomain []string |
| 1109 | AssertUser func(t testing.TB, u codersdk.User) |
| 1110 | StatusCode int |
| 1111 | AssertResponse func(t testing.TB, resp *http.Response) |
| 1112 | IgnoreEmailVerified bool |
| 1113 | IgnoreUserInfo bool |
| 1114 | UseAccessToken bool |
| 1115 | PrecreateFirstUser bool |
| 1116 | }{ |
| 1117 | { |
| 1118 | Name: "NoSub", |
| 1119 | IDTokenClaims: jwt.MapClaims{ |
| 1120 | "email": "kyle@kwc.io", |
| 1121 | }, |
| 1122 | AllowSignups: true, |
| 1123 | StatusCode: http.StatusBadRequest, |
| 1124 | }, |
| 1125 | { |
| 1126 | Name: "AccessTokenMerge", |
| 1127 | IDTokenClaims: jwt.MapClaims{ |
| 1128 | "sub": uuid.NewString(), |
| 1129 | }, |
| 1130 | AccessTokenClaims: jwt.MapClaims{ |
| 1131 | "email": "kyle@kwc.io", |
| 1132 | "email_verified": true, |
| 1133 | }, |
| 1134 | IgnoreUserInfo: true, |
| 1135 | AllowSignups: true, |
| 1136 | UseAccessToken: true, |
| 1137 | StatusCode: http.StatusOK, |
| 1138 | AssertUser: func(t testing.TB, u codersdk.User) { |
| 1139 | assert.Equal(t, "kyle@kwc.io", u.Email) |
| 1140 | }, |
| 1141 | }, |
| 1142 | { |
| 1143 | Name: "AccessTokenMergeNotJWT", |
| 1144 | IDTokenClaims: jwt.MapClaims{ |
| 1145 | "sub": uuid.NewString(), |
| 1146 | }, |
| 1147 | IgnoreUserInfo: true, |
| 1148 | AllowSignups: true, |
| 1149 | UseAccessToken: true, |
| 1150 | StatusCode: http.StatusBadRequest, |
| 1151 | }, |
| 1152 | { |
| 1153 | Name: "EmailOnly", |
| 1154 | IDTokenClaims: jwt.MapClaims{ |
| 1155 | "email": "kyle@kwc.io", |
| 1156 | "email_verified": true, |
nothing calls this directly
no test coverage detected