httpHandler is the IDP http server.
(t testing.TB)
| 936 | |
| 937 | // httpHandler is the IDP http server. |
| 938 | func (f *FakeIDP) httpHandler(t testing.TB) http.Handler { |
| 939 | t.Helper() |
| 940 | |
| 941 | mux := chi.NewMux() |
| 942 | mux.Use(f.middlewares...) |
| 943 | // This endpoint is required to initialize the OIDC provider. |
| 944 | // It is used to get the OIDC configuration. |
| 945 | mux.Get("/.well-known/openid-configuration", func(rw http.ResponseWriter, r *http.Request) { |
| 946 | f.logger.Info(r.Context(), "http OIDC config", slogRequestFields(r)...) |
| 947 | |
| 948 | cpy := f.locked.Provider() |
| 949 | if f.hookWellKnown != nil { |
| 950 | err := f.hookWellKnown(r, &cpy) |
| 951 | if err != nil { |
| 952 | httpError(rw, http.StatusInternalServerError, err) |
| 953 | return |
| 954 | } |
| 955 | } |
| 956 | |
| 957 | _ = json.NewEncoder(rw).Encode(cpy) |
| 958 | }) |
| 959 | |
| 960 | // Authorize is called when the user is redirected to the IDP to login. |
| 961 | // This is the browser hitting the IDP and the user logging into Google or |
| 962 | // w/e and clicking "Allow". They will be redirected back to the redirect |
| 963 | // when this is done. |
| 964 | mux.Handle(authorizePath, http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 965 | f.logger.Info(r.Context(), "http call authorize", slogRequestFields(r)...) |
| 966 | |
| 967 | challenge := "" |
| 968 | if f.pkce { |
| 969 | method := r.URL.Query().Get("code_challenge_method") |
| 970 | challenge = r.URL.Query().Get("code_challenge") |
| 971 | |
| 972 | if method == "" { |
| 973 | httpError(rw, http.StatusBadRequest, xerrors.New("missing code_challenge_method")) |
| 974 | return |
| 975 | } |
| 976 | |
| 977 | if challenge == "" { |
| 978 | httpError(rw, http.StatusBadRequest, xerrors.New("missing code_challenge")) |
| 979 | return |
| 980 | } |
| 981 | } |
| 982 | |
| 983 | clientID := r.URL.Query().Get("client_id") |
| 984 | if !assert.Equal(t, f.clientID, clientID, "unexpected client_id") { |
| 985 | httpError(rw, http.StatusBadRequest, xerrors.New("invalid client_id")) |
| 986 | return |
| 987 | } |
| 988 | |
| 989 | redirectURI := r.URL.Query().Get("redirect_uri") |
| 990 | state := r.URL.Query().Get("state") |
| 991 | |
| 992 | scope := r.URL.Query().Get("scope") |
| 993 | assert.NotEmpty(t, scope, "scope is empty") |
| 994 | |
| 995 | responseType := r.URL.Query().Get("response_type") |
no test coverage detected