ExternalAuthConfig is the config for external auth providers.
(t testing.TB, id string, custom *ExternalAuthConfigOptions, opts ...func(cfg *externalauth.Config))
| 1559 | |
| 1560 | // ExternalAuthConfig is the config for external auth providers. |
| 1561 | func (f *FakeIDP) ExternalAuthConfig(t testing.TB, id string, custom *ExternalAuthConfigOptions, opts ...func(cfg *externalauth.Config)) *externalauth.Config { |
| 1562 | if custom == nil { |
| 1563 | custom = &ExternalAuthConfigOptions{} |
| 1564 | } |
| 1565 | f.externalProviderID = id |
| 1566 | f.externalAuthValidate = func(email string, rw http.ResponseWriter, r *http.Request) { |
| 1567 | newPath := strings.TrimPrefix(r.URL.Path, "/external-auth-validate") |
| 1568 | switch newPath { |
| 1569 | // /user is ALWAYS supported under the `/` path too. |
| 1570 | case "/user", "/", "": |
| 1571 | var payload interface{} = "OK" |
| 1572 | if custom.ValidatePayload != nil { |
| 1573 | var err error |
| 1574 | var code int |
| 1575 | payload, code, err = custom.ValidatePayload(email) |
| 1576 | if code == 0 && err == nil { |
| 1577 | code = http.StatusOK |
| 1578 | } |
| 1579 | if code == 0 && err != nil { |
| 1580 | code = http.StatusUnauthorized |
| 1581 | } |
| 1582 | if err != nil { |
| 1583 | http.Error(rw, fmt.Sprintf("failed validation via custom method: %s", err.Error()), code) |
| 1584 | return |
| 1585 | } |
| 1586 | rw.WriteHeader(code) |
| 1587 | } |
| 1588 | _ = json.NewEncoder(rw).Encode(payload) |
| 1589 | default: |
| 1590 | if custom.routes == nil { |
| 1591 | custom.routes = make(map[string]func(email string, rw http.ResponseWriter, r *http.Request)) |
| 1592 | } |
| 1593 | handle, ok := custom.routes[newPath] |
| 1594 | if !ok { |
| 1595 | t.Errorf("missing route handler for %s", newPath) |
| 1596 | http.Error(rw, fmt.Sprintf("missing route handler for %s", newPath), http.StatusBadRequest) |
| 1597 | return |
| 1598 | } |
| 1599 | handle(email, rw, r) |
| 1600 | } |
| 1601 | } |
| 1602 | instrumentF := promoauth.NewFactory(prometheus.NewRegistry()) |
| 1603 | oauthCfg := instrumentF.New(f.clientID, f.OIDCConfig(t, nil)) |
| 1604 | cfg := &externalauth.Config{ |
| 1605 | DisplayName: id, |
| 1606 | InstrumentedOAuth2Config: oauthCfg, |
| 1607 | ID: id, |
| 1608 | ClientID: f.clientID, |
| 1609 | ClientSecret: f.clientSecret, |
| 1610 | // No defaults for these fields by omitting the type |
| 1611 | Type: "", |
| 1612 | DisplayIcon: f.WellknownConfig().UserInfoURL, |
| 1613 | // Omit the /user for the validate so we can easily append to it when modifying |
| 1614 | // the cfg for advanced tests. |
| 1615 | ValidateURL: f.locked.IssuerURL().ResolveReference(&url.URL{Path: "/external-auth-validate/"}).String(), |
| 1616 | RevokeURL: f.locked.IssuerURL().ResolveReference(&url.URL{Path: revokeTokenPath}).String(), |
| 1617 | RevokeTimeout: 1 * time.Second, |
| 1618 | DeviceAuth: &externalauth.DeviceAuth{ |