Add unit test

Emyrk · Emyrk · commit 62ef8d9399f4 · 2023-03-09T19:24:36.000-06:00
diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go
@@ -939,7 +939,7 @@ func (o *OIDCConfig) EncodeClaims(t *testing.T, claims jwt.MapClaims) string {
 	return base64.StdEncoding.EncodeToString([]byte(signed))
 }
 
-func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims) *coderd.OIDCConfig {
+func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims, opts ...func(cfg *coderd.OIDCConfig)) *coderd.OIDCConfig {
 	// By default, the provider can be empty.
 	// This means it won't support any endpoints!
 	provider := &oidc.Provider{}
@@ -956,7 +956,7 @@ func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims) *cod
 		}
 		provider = cfg.NewProvider(context.Background())
 	}
-	return &coderd.OIDCConfig{
+	cfg := &coderd.OIDCConfig{
 		OAuth2Config: o,
 		Verifier: oidc.NewVerifier(o.issuer, &oidc.StaticKeySet{
 			PublicKeys: []crypto.PublicKey{o.key.Public()},
@@ -965,7 +965,12 @@ func (o *OIDCConfig) OIDCConfig(t *testing.T, userInfoClaims jwt.MapClaims) *cod
 		}),
 		Provider:      provider,
 		UsernameField: "preferred_username",
+		GroupField:    "groups",
 	}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+	return cfg
 }
 
 // NewAzureInstanceIdentity returns a metadata client and ID token validator for faking
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -824,7 +824,7 @@ when required by your organization's security policy.`,
 			Description: "OIDC claim field to use as the user's groups. Set to \"\" to disable OIDC group support.",
 			Flag:        "oidc-group-field",
 			Env:         "OIDC_GROUP_FIELD",
-			Default:     "group",
+			Default:     "groups",
 			Value:       &c.OIDC.GroupField,
 			Group:       &deploymentGroupOIDC,
 			YAML:        "groupField",
diff --git a/enterprise/coderd/userauth_test.go b/enterprise/coderd/userauth_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/coder/coder/coderd"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/enterprise/coderd/coderdenttest"
@@ -28,7 +29,10 @@ func TestUserOIDC(t *testing.T) {
 			ctx, _ := testutil.Context(t)
 			conf := coderdtest.NewOIDCConfig(t, "")
 
-			config := conf.OIDCConfig(t, jwt.MapClaims{})
+			const groupClaim = "custom-groups"
+			config := conf.OIDCConfig(t, jwt.MapClaims{}, func(cfg *coderd.OIDCConfig) {
+				cfg.GroupField = groupClaim
+			})
 			config.AllowSignups = true
 
 			client := coderdenttest.New(t, &coderdenttest.Options{
@@ -53,8 +57,8 @@ func TestUserOIDC(t *testing.T) {
 			require.Len(t, group.Members, 0)
 
 			resp := oidcCallback(t, client, conf.EncodeClaims(t, jwt.MapClaims{
-				"email":  "colin@coder.com",
-				"groups": []string{groupName},
+				"email":    "colin@coder.com",
+				groupClaim: []string{groupName},
 			}))
 			assert.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode)
 

Original file line number	Diff line number	Diff line change
`@@ -939,7 +939,7 @@ func (o OIDCConfig) EncodeClaims(t testing.T, claims jwt.MapClaims) string {`
`939`	`939`	`return base64.StdEncoding.EncodeToString([]byte(signed))`
`940`	`940`	`}`
`941`	`941`
`942`		`-func (o OIDCConfig) OIDCConfig(t testing.T, userInfoClaims jwt.MapClaims) *coderd.OIDCConfig {`
	`942`	`+func (o OIDCConfig) OIDCConfig(t testing.T, userInfoClaims jwt.MapClaims, opts ...func(cfg coderd.OIDCConfig)) coderd.OIDCConfig {`
`943`	`943`	`// By default, the provider can be empty.`
`944`	`944`	`// This means it won't support any endpoints!`
`945`	`945`	`provider := &oidc.Provider{}`
`@@ -956,7 +956,7 @@ func (o OIDCConfig) OIDCConfig(t testing.T, userInfoClaims jwt.MapClaims) *cod`
`956`	`956`	`}`
`957`	`957`	`provider = cfg.NewProvider(context.Background())`
`958`	`958`	`}`
`959`		`- return &coderd.OIDCConfig{`
	`959`	`+ cfg := &coderd.OIDCConfig{`
`960`	`960`	`OAuth2Config: o,`
`961`	`961`	`Verifier: oidc.NewVerifier(o.issuer, &oidc.StaticKeySet{`
`962`	`962`	`PublicKeys: []crypto.PublicKey{o.key.Public()},`
`@@ -965,7 +965,12 @@ func (o OIDCConfig) OIDCConfig(t testing.T, userInfoClaims jwt.MapClaims) *cod`
`965`	`965`	`}),`
`966`	`966`	`Provider: provider,`
`967`	`967`	`UsernameField: "preferred_username",`
	`968`	`+ GroupField: "groups",`
`968`	`969`	`}`
	`970`	`+ for _, opt := range opts {`
	`971`	`+ opt(cfg)`
	`972`	`+ }`
	`973`	`+ return cfg`
`969`	`974`	`}`
`970`	`975`
`971`	`976`	`// NewAzureInstanceIdentity returns a metadata client and ID token validator for faking`