Skip to content

Commit 08ea3e4

Browse files
EmyrkEmyrk
committed
test: add unit tests
1 parent 846a50a commit 08ea3e4

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

coderd/userauth_test.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -899,10 +899,19 @@ func TestUserOIDC(t *testing.T) {
899899
IgnoreEmailVerified bool
900900
IgnoreUserInfo bool
901901
}{
902+
{
903+
Name: "NoSub",
904+
IDTokenClaims: jwt.MapClaims{
905+
"email": "kyle@kwc.io",
906+
},
907+
AllowSignups: true,
908+
StatusCode: http.StatusBadRequest,
909+
},
902910
{
903911
Name: "EmailOnly",
904912
IDTokenClaims: jwt.MapClaims{
905913
"email": "kyle@kwc.io",
914+
"sub": uuid.NewString(),
906915
},
907916
AllowSignups: true,
908917
StatusCode: http.StatusOK,
@@ -915,6 +924,7 @@ func TestUserOIDC(t *testing.T) {
915924
IDTokenClaims: jwt.MapClaims{
916925
"email": "kyle@kwc.io",
917926
"email_verified": false,
927+
"sub": uuid.NewString(),
918928
},
919929
AllowSignups: true,
920930
StatusCode: http.StatusForbidden,
@@ -924,6 +934,7 @@ func TestUserOIDC(t *testing.T) {
924934
IDTokenClaims: jwt.MapClaims{
925935
"email": 3.14159,
926936
"email_verified": false,
937+
"sub": uuid.NewString(),
927938
},
928939
AllowSignups: true,
929940
StatusCode: http.StatusBadRequest,
@@ -933,6 +944,7 @@ func TestUserOIDC(t *testing.T) {
933944
IDTokenClaims: jwt.MapClaims{
934945
"email": "kyle@kwc.io",
935946
"email_verified": false,
947+
"sub": uuid.NewString(),
936948
},
937949
AllowSignups: true,
938950
StatusCode: http.StatusOK,
@@ -946,6 +958,7 @@ func TestUserOIDC(t *testing.T) {
946958
IDTokenClaims: jwt.MapClaims{
947959
"email": "kyle@kwc.io",
948960
"email_verified": true,
961+
"sub": uuid.NewString(),
949962
},
950963
AllowSignups: true,
951964
EmailDomain: []string{
@@ -958,6 +971,7 @@ func TestUserOIDC(t *testing.T) {
958971
IDTokenClaims: jwt.MapClaims{
959972
"email": "cian@coder.com",
960973
"email_verified": true,
974+
"sub": uuid.NewString(),
961975
},
962976
AllowSignups: true,
963977
EmailDomain: []string{
@@ -970,6 +984,7 @@ func TestUserOIDC(t *testing.T) {
970984
IDTokenClaims: jwt.MapClaims{
971985
"email": "kyle@kwc.io",
972986
"email_verified": true,
987+
"sub": uuid.NewString(),
973988
},
974989
AllowSignups: true,
975990
EmailDomain: []string{
@@ -982,6 +997,7 @@ func TestUserOIDC(t *testing.T) {
982997
IDTokenClaims: jwt.MapClaims{
983998
"email": "kyle@KWC.io",
984999
"email_verified": true,
1000+
"sub": uuid.NewString(),
9851001
},
9861002
AllowSignups: true,
9871003
AssertUser: func(t testing.TB, u codersdk.User) {
@@ -997,6 +1013,7 @@ func TestUserOIDC(t *testing.T) {
9971013
IDTokenClaims: jwt.MapClaims{
9981014
"email": "colin@gmail.com",
9991015
"email_verified": true,
1016+
"sub": uuid.NewString(),
10001017
},
10011018
AllowSignups: true,
10021019
EmailDomain: []string{
@@ -1015,6 +1032,7 @@ func TestUserOIDC(t *testing.T) {
10151032
IDTokenClaims: jwt.MapClaims{
10161033
"email": "kyle@kwc.io",
10171034
"email_verified": true,
1035+
"sub": uuid.NewString(),
10181036
},
10191037
StatusCode: http.StatusForbidden,
10201038
},
@@ -1023,6 +1041,7 @@ func TestUserOIDC(t *testing.T) {
10231041
IDTokenClaims: jwt.MapClaims{
10241042
"email": "kyle@kwc.io",
10251043
"email_verified": true,
1044+
"sub": uuid.NewString(),
10261045
},
10271046
AssertUser: func(t testing.TB, u codersdk.User) {
10281047
assert.Equal(t, "kyle", u.Username)
@@ -1036,6 +1055,7 @@ func TestUserOIDC(t *testing.T) {
10361055
"email": "kyle@kwc.io",
10371056
"email_verified": true,
10381057
"preferred_username": "hotdog",
1058+
"sub": uuid.NewString(),
10391059
},
10401060
AssertUser: func(t testing.TB, u codersdk.User) {
10411061
assert.Equal(t, "hotdog", u.Username)
@@ -1049,6 +1069,7 @@ func TestUserOIDC(t *testing.T) {
10491069
"email": "kyle@kwc.io",
10501070
"email_verified": true,
10511071
"name": "Hot Dog",
1072+
"sub": uuid.NewString(),
10521073
},
10531074
AssertUser: func(t testing.TB, u codersdk.User) {
10541075
assert.Equal(t, "Hot Dog", u.Name)
@@ -1065,6 +1086,7 @@ func TestUserOIDC(t *testing.T) {
10651086
// However, we should not fail to log someone in if their name is too long.
10661087
// Just truncate it.
10671088
"name": strings.Repeat("a", 129),
1089+
"sub": uuid.NewString(),
10681090
},
10691091
AllowSignups: true,
10701092
StatusCode: http.StatusOK,
@@ -1080,6 +1102,7 @@ func TestUserOIDC(t *testing.T) {
10801102
// Full names must not have leading or trailing whitespace, but this is a
10811103
// daft reason to fail a login.
10821104
"name": " Bobby Whitespace ",
1105+
"sub": uuid.NewString(),
10831106
},
10841107
AllowSignups: true,
10851108
StatusCode: http.StatusOK,
@@ -1096,6 +1119,7 @@ func TestUserOIDC(t *testing.T) {
10961119
"email_verified": true,
10971120
"name": "Kylium Carbonate",
10981121
"preferred_username": "kyle@kwc.io",
1122+
"sub": uuid.NewString(),
10991123
},
11001124
AssertUser: func(t testing.TB, u codersdk.User) {
11011125
assert.Equal(t, "kyle", u.Username)
@@ -1108,6 +1132,7 @@ func TestUserOIDC(t *testing.T) {
11081132
Name: "UsernameIsEmail",
11091133
IDTokenClaims: jwt.MapClaims{
11101134
"preferred_username": "kyle@kwc.io",
1135+
"sub": uuid.NewString(),
11111136
},
11121137
AssertUser: func(t testing.TB, u codersdk.User) {
11131138
assert.Equal(t, "kyle", u.Username)
@@ -1123,6 +1148,7 @@ func TestUserOIDC(t *testing.T) {
11231148
"email_verified": true,
11241149
"preferred_username": "kyle",
11251150
"picture": "/example.png",
1151+
"sub": uuid.NewString(),
11261152
},
11271153
AssertUser: func(t testing.TB, u codersdk.User) {
11281154
assert.Equal(t, "/example.png", u.AvatarURL)
@@ -1136,6 +1162,7 @@ func TestUserOIDC(t *testing.T) {
11361162
IDTokenClaims: jwt.MapClaims{
11371163
"email": "kyle@kwc.io",
11381164
"email_verified": true,
1165+
"sub": uuid.NewString(),
11391166
},
11401167
UserInfoClaims: jwt.MapClaims{
11411168
"preferred_username": "potato",
@@ -1155,6 +1182,7 @@ func TestUserOIDC(t *testing.T) {
11551182
IDTokenClaims: jwt.MapClaims{
11561183
"email": "coolin@coder.com",
11571184
"groups": []string{"pingpong"},
1185+
"sub": uuid.NewString(),
11581186
},
11591187
AllowSignups: true,
11601188
StatusCode: http.StatusOK,
@@ -1164,6 +1192,7 @@ func TestUserOIDC(t *testing.T) {
11641192
IDTokenClaims: jwt.MapClaims{
11651193
"email": "internaluser@internal.domain",
11661194
"email_verified": false,
1195+
"sub": uuid.NewString(),
11671196
},
11681197
UserInfoClaims: jwt.MapClaims{
11691198
"email": "externaluser@external.domain",
@@ -1182,6 +1211,7 @@ func TestUserOIDC(t *testing.T) {
11821211
IDTokenClaims: jwt.MapClaims{
11831212
"email": "internaluser@internal.domain",
11841213
"email_verified": false,
1214+
"sub": uuid.NewString(),
11851215
},
11861216
UserInfoClaims: jwt.MapClaims{
11871217
"email": 1,
@@ -1197,6 +1227,7 @@ func TestUserOIDC(t *testing.T) {
11971227
"email_verified": true,
11981228
"name": "User McName",
11991229
"preferred_username": "user",
1230+
"sub": uuid.NewString(),
12001231
},
12011232
UserInfoClaims: jwt.MapClaims{
12021233
"email": "user.mcname@external.domain",
@@ -1216,6 +1247,7 @@ func TestUserOIDC(t *testing.T) {
12161247
IDTokenClaims: inflateClaims(t, jwt.MapClaims{
12171248
"email": "user@domain.tld",
12181249
"email_verified": true,
1250+
"sub": uuid.NewString(),
12191251
}, 65536),
12201252
AssertUser: func(t testing.TB, u codersdk.User) {
12211253
assert.Equal(t, "user", u.Username)
@@ -1228,6 +1260,7 @@ func TestUserOIDC(t *testing.T) {
12281260
IDTokenClaims: jwt.MapClaims{
12291261
"email": "user@domain.tld",
12301262
"email_verified": true,
1263+
"sub": uuid.NewString(),
12311264
},
12321265
UserInfoClaims: inflateClaims(t, jwt.MapClaims{}, 65536),
12331266
AssertUser: func(t testing.TB, u codersdk.User) {
@@ -1242,6 +1275,7 @@ func TestUserOIDC(t *testing.T) {
12421275
"iss": "https://mismatch.com",
12431276
"email": "user@domain.tld",
12441277
"email_verified": true,
1278+
"sub": uuid.NewString(),
12451279
},
12461280
AllowSignups: true,
12471281
StatusCode: http.StatusBadRequest,

0 commit comments

Comments
 (0)