Skip to content

Commit 424579e

Browse files
kylecarbskylecarbs
committed
Add test case for invalid tokens
1 parent 7eb897a commit 424579e

File tree

2 files changed

+40
-14
lines changed

2 files changed

+40
-14
lines changed

coderd/userauth.go

-14
Original file line numberDiff line numberDiff line change
@@ -48,13 +48,6 @@ func (api *API) userAuthMethods(rw http.ResponseWriter, _ *http.Request) {
4848
}
4949

5050
func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
51-
if api.GithubOAuth2Config == nil {
52-
httpapi.Write(rw, http.StatusPreconditionRequired, codersdk.Response{
53-
Message: "GitHub authentication is not enabled!",
54-
})
55-
return
56-
}
57-
5851
state := httpmw.OAuth2(r)
5952

6053
oauthClient := oauth2.NewClient(r.Context(), oauth2.StaticTokenSource(state.Token))
@@ -227,13 +220,6 @@ type OIDCConfig struct {
227220
}
228221

229222
func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
230-
if api.OIDCConfig == nil {
231-
httpapi.Write(rw, http.StatusPreconditionRequired, codersdk.Response{
232-
Message: "OpenID Connect authentication is not enabled!",
233-
})
234-
return
235-
}
236-
237223
state := httpmw.OAuth2(r)
238224

239225
// See the example here: https://github.com/coreos/go-oidc

coderd/userauth_test.go

+40
Original file line numberDiff line numberDiff line change
@@ -340,6 +340,46 @@ func TestUserOIDC(t *testing.T) {
340340
}
341341
})
342342
}
343+
344+
t.Run("Disabled", func(t *testing.T) {
345+
t.Parallel()
346+
client := coderdtest.New(t, nil)
347+
resp := oidcCallback(t, client)
348+
require.Equal(t, http.StatusPreconditionRequired, resp.StatusCode)
349+
})
350+
351+
t.Run("NoIDToken", func(t *testing.T) {
352+
t.Parallel()
353+
client := coderdtest.New(t, &coderdtest.Options{
354+
OIDCConfig: &coderd.OIDCConfig{
355+
OAuth2Config: &oauth2Config{},
356+
},
357+
})
358+
resp := oidcCallback(t, client)
359+
require.Equal(t, http.StatusBadRequest, resp.StatusCode)
360+
})
361+
362+
t.Run("BadVerify", func(t *testing.T) {
363+
t.Parallel()
364+
verifier := oidc.NewVerifier("", &oidc.StaticKeySet{
365+
PublicKeys: []crypto.PublicKey{},
366+
}, &oidc.Config{})
367+
368+
client := coderdtest.New(t, &coderdtest.Options{
369+
OIDCConfig: &coderd.OIDCConfig{
370+
OAuth2Config: &oauth2Config{
371+
token: (&oauth2.Token{
372+
AccessToken: "token",
373+
}).WithExtra(map[string]interface{}{
374+
"id_token": "invalid",
375+
}),
376+
},
377+
Verifier: verifier,
378+
},
379+
})
380+
resp := oidcCallback(t, client)
381+
require.Equal(t, http.StatusBadRequest, resp.StatusCode)
382+
})
343383
}
344384

345385
// createOIDCConfig generates a new OIDCConfig that returns a static token

0 commit comments

Comments
 (0)