(t *testing.T)
| 1281 | } |
| 1282 | |
| 1283 | func TestWorkspaceDeleteSuspendedUser(t *testing.T) { |
| 1284 | t.Parallel() |
| 1285 | const providerID = "fake-github" |
| 1286 | fake := oidctest.NewFakeIDP(t, oidctest.WithServing()) |
| 1287 | |
| 1288 | validateCalls := 0 |
| 1289 | userSuspended := false |
| 1290 | owner := coderdtest.New(t, &coderdtest.Options{ |
| 1291 | IncludeProvisionerDaemon: true, |
| 1292 | ExternalAuthConfigs: []*externalauth.Config{ |
| 1293 | fake.ExternalAuthConfig(t, providerID, &oidctest.ExternalAuthConfigOptions{ |
| 1294 | ValidatePayload: func(email string) (interface{}, int, error) { |
| 1295 | validateCalls++ |
| 1296 | if userSuspended { |
| 1297 | // Simulate the user being suspended from the IDP too. |
| 1298 | return "", http.StatusForbidden, xerrors.New("user is suspended") |
| 1299 | } |
| 1300 | return "OK", 0, nil |
| 1301 | }, |
| 1302 | }), |
| 1303 | }, |
| 1304 | }) |
| 1305 | |
| 1306 | first := coderdtest.CreateFirstUser(t, owner) |
| 1307 | |
| 1308 | // New user that we will suspend when we try to delete the workspace. |
| 1309 | client, user := coderdtest.CreateAnotherUser(t, owner, first.OrganizationID, rbac.RoleTemplateAdmin()) |
| 1310 | fake.ExternalLogin(t, client) |
| 1311 | |
| 1312 | version := coderdtest.CreateTemplateVersion(t, client, first.OrganizationID, &echo.Responses{ |
| 1313 | Parse: echo.ParseComplete, |
| 1314 | ProvisionApply: echo.ApplyComplete, |
| 1315 | ProvisionGraph: []*proto.Response{{ |
| 1316 | Type: &proto.Response_Graph{ |
| 1317 | Graph: &proto.GraphComplete{ |
| 1318 | Error: "", |
| 1319 | Resources: nil, |
| 1320 | Parameters: nil, |
| 1321 | ExternalAuthProviders: []*proto.ExternalAuthProviderResource{ |
| 1322 | { |
| 1323 | Id: providerID, |
| 1324 | Optional: false, |
| 1325 | }, |
| 1326 | }, |
| 1327 | }, |
| 1328 | }, |
| 1329 | }}, |
| 1330 | }) |
| 1331 | |
| 1332 | validateCalls = 0 // Reset |
| 1333 | coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) |
| 1334 | template := coderdtest.CreateTemplate(t, client, first.OrganizationID, version.ID) |
| 1335 | workspace := coderdtest.CreateWorkspace(t, client, template.ID) |
| 1336 | coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) |
| 1337 | // Ensure the external link is working. Workspace creation validates the |
| 1338 | // owner's required external auth, and the build's token injection |
| 1339 | // validates it again. |
| 1340 | require.Equal(t, 2, validateCalls) |
nothing calls this directly
no test coverage detected