Skip to content

Commit 2ac8287

Browse files
johnstcnjohnstcn
committed
chore(coderd): RED: update OAuth2/OIDC login tests to require full name from IDP
1 parent 84b3851 commit 2ac8287

File tree

1 file changed

+86
-20
lines changed

1 file changed

+86
-20
lines changed

coderd/userauth_test.go

+86-20
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,7 @@ func TestUserOAuth2Github(t *testing.T) {
214214
return &github.User{
215215
ID: github.Int64(100),
216216
Login: github.String("kyle"),
217+
Name: github.String("Kylium Carbonate"),
217218
}, nil
218219
},
219220
TeamMembership: func(ctx context.Context, client *http.Client, org, team, username string) (*github.Membership, error) {
@@ -273,7 +274,9 @@ func TestUserOAuth2Github(t *testing.T) {
273274
},
274275
AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
275276
return &github.User{
276-
ID: github.Int64(100),
277+
ID: github.Int64(100),
278+
Login: github.String("testuser"),
279+
Name: github.String("The Right Honorable Sir Test McUser"),
277280
}, nil
278281
},
279282
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -306,7 +309,9 @@ func TestUserOAuth2Github(t *testing.T) {
306309
},
307310
AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
308311
return &github.User{
309-
ID: github.Int64(100),
312+
ID: github.Int64(100),
313+
Login: github.String("testuser"),
314+
Name: github.String("The Right Honorable Sir Test McUser"),
310315
}, nil
311316
},
312317
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -347,9 +352,10 @@ func TestUserOAuth2Github(t *testing.T) {
347352
},
348353
AuthenticatedUser: func(ctx context.Context, _ *http.Client) (*github.User, error) {
349354
return &github.User{
350-
Login: github.String("kyle"),
351-
ID: i64ptr(1234),
352355
AvatarURL: github.String("/hello-world"),
356+
ID: i64ptr(1234),
357+
Login: github.String("kyle"),
358+
Name: github.String("Kylium Carbonate"),
353359
}, nil
354360
},
355361
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -373,6 +379,7 @@ func TestUserOAuth2Github(t *testing.T) {
373379
require.NoError(t, err)
374380
require.Equal(t, "kyle@coder.com", user.Email)
375381
require.Equal(t, "kyle", user.Username)
382+
require.Equal(t, "Kylium Carbonate", user.Name)
376383
require.Equal(t, "/hello-world", user.AvatarURL)
377384

378385
require.Len(t, auditor.AuditLogs(), numLogs)
@@ -402,8 +409,10 @@ func TestUserOAuth2Github(t *testing.T) {
402409
},
403410
AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
404411
return &github.User{
405-
ID: github.Int64(100),
406-
Login: github.String("kyle"),
412+
AvatarURL: github.String("/hello-world"),
413+
ID: github.Int64(100),
414+
Login: github.String("kyle"),
415+
Name: github.String("Kylium Carbonate"),
407416
}, nil
408417
},
409418
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -420,6 +429,14 @@ func TestUserOAuth2Github(t *testing.T) {
420429
resp := oauth2Callback(t, client)
421430
numLogs++ // add an audit log for login
422431

432+
client.SetSessionToken(authCookieValue(resp.Cookies()))
433+
user, err := client.User(context.Background(), "me")
434+
require.NoError(t, err)
435+
require.Equal(t, "kyle@coder.com", user.Email)
436+
require.Equal(t, "kyle", user.Username)
437+
require.Equal(t, "Kylium Carbonate", user.Name)
438+
require.Equal(t, "/hello-world", user.AvatarURL)
439+
423440
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
424441
require.Len(t, auditor.AuditLogs(), numLogs)
425442
require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
@@ -457,6 +474,7 @@ func TestUserOAuth2Github(t *testing.T) {
457474
return &github.User{
458475
ID: github.Int64(100),
459476
Login: github.String("mathias"),
477+
Name: github.String("Mathias Mathias"),
460478
}, nil
461479
},
462480
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -473,6 +491,13 @@ func TestUserOAuth2Github(t *testing.T) {
473491
resp := oauth2Callback(t, client)
474492
numLogs++ // add an audit log for login
475493

494+
client.SetSessionToken(authCookieValue(resp.Cookies()))
495+
user, err := client.User(context.Background(), "me")
496+
require.NoError(t, err)
497+
require.Equal(t, "mathias@coder.com", user.Email)
498+
require.Equal(t, "mathias", user.Username)
499+
require.Equal(t, "Mathias Mathias", user.Name)
500+
476501
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
477502
require.Len(t, auditor.AuditLogs(), numLogs)
478503
require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
@@ -510,6 +535,7 @@ func TestUserOAuth2Github(t *testing.T) {
510535
return &github.User{
511536
ID: github.Int64(100),
512537
Login: github.String("mathias"),
538+
Name: github.String("Mathias Mathias"),
513539
}, nil
514540
},
515541
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -526,6 +552,13 @@ func TestUserOAuth2Github(t *testing.T) {
526552
resp := oauth2Callback(t, client)
527553
numLogs++ // add an audit log for login
528554

555+
client.SetSessionToken(authCookieValue(resp.Cookies()))
556+
user, err := client.User(context.Background(), "me")
557+
require.NoError(t, err)
558+
require.Equal(t, "mathias@coder.com", user.Email)
559+
require.Equal(t, "mathias", user.Username)
560+
require.Equal(t, "Mathias Mathias", user.Name)
561+
529562
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
530563
require.Len(t, auditor.AuditLogs(), numLogs)
531564
require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
@@ -549,6 +582,7 @@ func TestUserOAuth2Github(t *testing.T) {
549582
return &github.User{
550583
ID: github.Int64(100),
551584
Login: github.String("mathias"),
585+
Name: github.String("Mathias Mathias"),
552586
}, nil
553587
},
554588
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -565,6 +599,13 @@ func TestUserOAuth2Github(t *testing.T) {
565599
resp := oauth2Callback(t, client)
566600
numLogs++ // add an audit log for login
567601

602+
client.SetSessionToken(authCookieValue(resp.Cookies()))
603+
user, err := client.User(context.Background(), "me")
604+
require.NoError(t, err)
605+
require.Equal(t, "mathias@coder.com", user.Email)
606+
require.Equal(t, "mathias", user.Username)
607+
require.Equal(t, "Mathias Mathias", user.Name)
608+
568609
require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
569610
require.Len(t, auditor.AuditLogs(), numLogs)
570611
require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)
@@ -592,6 +633,7 @@ func TestUserOAuth2Github(t *testing.T) {
592633
return &github.User{
593634
ID: github.Int64(100),
594635
Login: github.String("kyle"),
636+
Name: github.String("Kylium Carbonate"),
595637
}, nil
596638
},
597639
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -653,6 +695,7 @@ func TestUserOAuth2Github(t *testing.T) {
653695
return &github.User{
654696
Login: github.String("alice"),
655697
ID: github.Int64(ghID),
698+
Name: github.String("Alice Liddell"),
656699
}, nil
657700
},
658701
ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
@@ -740,7 +783,7 @@ func TestUserOIDC(t *testing.T) {
740783
UserInfoClaims jwt.MapClaims
741784
AllowSignups bool
742785
EmailDomain []string
743-
AssertUser func(u codersdk.User)
786+
AssertUser func(t testing.TB, u codersdk.User)
744787
StatusCode int
745788
IgnoreEmailVerified bool
746789
IgnoreUserInfo bool
@@ -752,7 +795,7 @@ func TestUserOIDC(t *testing.T) {
752795
},
753796
AllowSignups: true,
754797
StatusCode: http.StatusOK,
755-
AssertUser: func(u codersdk.User) {
798+
AssertUser: func(t testing.TB, u codersdk.User) {
756799
assert.Equal(t, "kyle", u.Username)
757800
},
758801
},
@@ -782,7 +825,7 @@ func TestUserOIDC(t *testing.T) {
782825
},
783826
AllowSignups: true,
784827
StatusCode: http.StatusOK,
785-
AssertUser: func(u codersdk.User) {
828+
AssertUser: func(t testing.TB, u codersdk.User) {
786829
assert.Equal(t, u.Username, "kyle")
787830
},
788831
IgnoreEmailVerified: true,
@@ -806,6 +849,9 @@ func TestUserOIDC(t *testing.T) {
806849
"email_verified": true,
807850
},
808851
AllowSignups: true,
852+
AssertUser: func(t testing.TB, u codersdk.User) {
853+
assert.Equal(t, u.Username, "kyle")
854+
},
809855
EmailDomain: []string{
810856
"kwc.io",
811857
},
@@ -843,7 +889,7 @@ func TestUserOIDC(t *testing.T) {
843889
"email": "kyle@kwc.io",
844890
"email_verified": true,
845891
},
846-
AssertUser: func(u codersdk.User) {
892+
AssertUser: func(t testing.TB, u codersdk.User) {
847893
assert.Equal(t, "kyle", u.Username)
848894
},
849895
AllowSignups: true,
@@ -856,22 +902,36 @@ func TestUserOIDC(t *testing.T) {
856902
"email_verified": true,
857903
"preferred_username": "hotdog",
858904
},
859-
AssertUser: func(u codersdk.User) {
905+
AssertUser: func(t testing.TB, u codersdk.User) {
860906
assert.Equal(t, "hotdog", u.Username)
861907
},
862908
AllowSignups: true,
863909
StatusCode: http.StatusOK,
864910
},
911+
{
912+
Name: "FullNameFromClaims",
913+
IDTokenClaims: jwt.MapClaims{
914+
"email": "kyle@kwc.io",
915+
"email_verified": true,
916+
"name": "Hot Dog",
917+
},
918+
AssertUser: func(t testing.TB, u codersdk.User) {
919+
assert.Equal(t, "Hot Dog", u.Name)
920+
},
921+
AllowSignups: true,
922+
StatusCode: http.StatusOK,
923+
},
865924
{
866925
// Services like Okta return the email as the username:
867926
// https://developer.okta.com/docs/reference/api/oidc/#base-claims-always-present
868927
Name: "UsernameAsEmail",
869928
IDTokenClaims: jwt.MapClaims{
870929
"email": "kyle@kwc.io",
871930
"email_verified": true,
931+
"name": "Kylium Carbonate",
872932
"preferred_username": "kyle@kwc.io",
873933
},
874-
AssertUser: func(u codersdk.User) {
934+
AssertUser: func(t testing.TB, u codersdk.User) {
875935
assert.Equal(t, "kyle", u.Username)
876936
},
877937
AllowSignups: true,
@@ -883,8 +943,9 @@ func TestUserOIDC(t *testing.T) {
883943
IDTokenClaims: jwt.MapClaims{
884944
"preferred_username": "kyle@kwc.io",
885945
},
886-
AssertUser: func(u codersdk.User) {
946+
AssertUser: func(t testing.TB, u codersdk.User) {
887947
assert.Equal(t, "kyle", u.Username)
948+
assert.Equal(t, "Kylium Carbonate", u.Name)
888949
},
889950
AllowSignups: true,
890951
StatusCode: http.StatusOK,
@@ -897,7 +958,7 @@ func TestUserOIDC(t *testing.T) {
897958
"preferred_username": "kyle",
898959
"picture": "/example.png",
899960
},
900-
AssertUser: func(u codersdk.User) {
961+
AssertUser: func(t testing.TB, u codersdk.User) {
901962
assert.Equal(t, "/example.png", u.AvatarURL)
902963
assert.Equal(t, "kyle", u.Username)
903964
},
@@ -913,9 +974,11 @@ func TestUserOIDC(t *testing.T) {
913974
UserInfoClaims: jwt.MapClaims{
914975
"preferred_username": "potato",
915976
"picture": "/example.png",
977+
"name": "Kylium Carbonate",
916978
},
917-
AssertUser: func(u codersdk.User) {
979+
AssertUser: func(t testing.TB, u codersdk.User) {
918980
assert.Equal(t, "/example.png", u.AvatarURL)
981+
assert.Equal(t, "Kylium Carbonate", u.Name)
919982
assert.Equal(t, "potato", u.Username)
920983
},
921984
AllowSignups: true,
@@ -941,7 +1004,7 @@ func TestUserOIDC(t *testing.T) {
9411004
"email_verified": true,
9421005
"preferred_username": "user",
9431006
},
944-
AssertUser: func(u codersdk.User) {
1007+
AssertUser: func(t testing.TB, u codersdk.User) {
9451008
assert.Equal(t, "user", u.Username)
9461009
},
9471010
AllowSignups: true,
@@ -966,14 +1029,17 @@ func TestUserOIDC(t *testing.T) {
9661029
IDTokenClaims: jwt.MapClaims{
9671030
"email": "user@internal.domain",
9681031
"email_verified": true,
1032+
"name": "User McName",
9691033
"preferred_username": "user",
9701034
},
9711035
UserInfoClaims: jwt.MapClaims{
9721036
"email": "user.mcname@external.domain",
1037+
"name": "Mr. User McName",
9731038
"preferred_username": "Mr. User McName",
9741039
},
975-
AssertUser: func(u codersdk.User) {
1040+
AssertUser: func(t testing.TB, u codersdk.User) {
9761041
assert.Equal(t, "user", u.Username)
1042+
assert.Equal(t, "User Name", u.Name)
9771043
},
9781044
IgnoreUserInfo: true,
9791045
AllowSignups: true,
@@ -985,7 +1051,7 @@ func TestUserOIDC(t *testing.T) {
9851051
"email": "user@domain.tld",
9861052
"email_verified": true,
9871053
}, 65536),
988-
AssertUser: func(u codersdk.User) {
1054+
AssertUser: func(t testing.TB, u codersdk.User) {
9891055
assert.Equal(t, "user", u.Username)
9901056
},
9911057
AllowSignups: true,
@@ -998,7 +1064,7 @@ func TestUserOIDC(t *testing.T) {
9981064
"email_verified": true,
9991065
},
10001066
UserInfoClaims: inflateClaims(t, jwt.MapClaims{}, 65536),
1001-
AssertUser: func(u codersdk.User) {
1067+
AssertUser: func(t testing.TB, u codersdk.User) {
10021068
assert.Equal(t, "user", u.Username)
10031069
},
10041070
AllowSignups: true,
@@ -1041,7 +1107,7 @@ func TestUserOIDC(t *testing.T) {
10411107
user, err := client.User(ctx, "me")
10421108
require.NoError(t, err)
10431109

1044-
tc.AssertUser(user)
1110+
tc.AssertUser(t, user)
10451111
require.Len(t, auditor.AuditLogs(), numLogs)
10461112
require.NotEqual(t, uuid.Nil, auditor.AuditLogs()[numLogs-1].UserID)
10471113
require.Equal(t, database.AuditActionRegister, auditor.AuditLogs()[numLogs-1].Action)

0 commit comments

Comments
 (0)