ContainerImage.Pinniped/internal/oidc/login/get_login_handler_test.go

// Copyright 2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package login

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/require"

	"go.pinniped.dev/internal/oidc"
	"go.pinniped.dev/internal/oidc/login/loginhtml"
	"go.pinniped.dev/internal/testutil"
)

func TestGetLogin(t *testing.T) {
	const (
		testPath         = "/some/path/login"
		testUpstreamName = "some-ldap-idp"
		testUpstreamType = "ldap"
		testEncodedState = "fake-encoded-state-value"
	)

	tests := []struct {
		name            string
		decodedState    *oidc.UpstreamStateParamData
		encodedState    string
		errParam        string
		idps            oidc.UpstreamIdentityProvidersLister
		wantStatus      int
		wantContentType string
		wantBody        string
	}{
		{
			name: "Happy path ldap",
			decodedState: &oidc.UpstreamStateParamData{
				UpstreamName: testUpstreamName,
				UpstreamType: testUpstreamType,
			},
			encodedState:    testEncodedState, // the encoded and decoded state don't match, but that verification is handled one level up.
			wantStatus:      http.StatusOK,
			wantContentType: htmlContentType,
			wantBody:        testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState, ""), // no alert message
		},
		{
			name: "displays error banner when err=login_error param is sent",
			decodedState: &oidc.UpstreamStateParamData{
				UpstreamName: testUpstreamName,
				UpstreamType: testUpstreamType,
			},
			encodedState:    testEncodedState,
			errParam:        "login_error",
			wantStatus:      http.StatusOK,
			wantContentType: htmlContentType,
			wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,
				"Incorrect username or password.",
			),
		},
		{
			name: "displays error banner when err=internal_error param is sent",
			decodedState: &oidc.UpstreamStateParamData{
				UpstreamName: testUpstreamName,
				UpstreamType: testUpstreamType,
			},
			encodedState:    testEncodedState,
			errParam:        "internal_error",
			wantStatus:      http.StatusOK,
			wantContentType: htmlContentType,
			wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,
				"An internal error occurred. Please contact your administrator for help.",
			),
		},
		{
			// If we get an error that we don't recognize, that's also an error, so we
			// should probably just tell you to contact your administrator...
			name: "displays generic error banner when unrecognized err param is sent",
			decodedState: &oidc.UpstreamStateParamData{
				UpstreamName: testUpstreamName,
				UpstreamType: testUpstreamType,
			},
			encodedState:    testEncodedState,
			errParam:        "some_other_error",
			wantStatus:      http.StatusOK,
			wantContentType: htmlContentType,
			wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,
				"An internal error occurred. Please contact your administrator for help.",
			),
		},
	}

	for _, test := range tests {
		tt := test

		t.Run(tt.name, func(t *testing.T) {
			t.Parallel()

			handler := NewGetHandler()
			target := testPath + "?state=" + tt.encodedState
			if tt.errParam != "" {
				target += "&err=" + tt.errParam
			}
			req := httptest.NewRequest(http.MethodGet, target, nil)
			rsp := httptest.NewRecorder()
			err := handler(rsp, req, tt.encodedState, tt.decodedState)
			require.NoError(t, err)

			require.Equal(t, tt.wantStatus, rsp.Code)
			testutil.RequireEqualContentType(t, rsp.Header().Get("Content-Type"), tt.wantContentType)
			body := rsp.Body.String()
			// t.Log("actual body:", body) // useful when updating expected values
			require.Equal(t, tt.wantBody, body)
		})
	}
}
Fix some errors and pass state as form element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 19:07:04 +00:00			`// Copyright 2022 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`package login`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/stretchr/testify/require"`

			`"go.pinniped.dev/internal/oidc"`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`"go.pinniped.dev/internal/oidc/login/loginhtml"`
			`"go.pinniped.dev/internal/testutil"`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`)`

			`func TestGetLogin(t *testing.T) {`
			`const (`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`testPath = "/some/path/login"`
			`testUpstreamName = "some-ldap-idp"`
			`testUpstreamType = "ldap"`
			`testEncodedState = "fake-encoded-state-value"`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`)`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`tests := []struct {`
			`name string`
			`decodedState *oidc.UpstreamStateParamData`
			`encodedState string`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`errParam string`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`idps oidc.UpstreamIdentityProvidersLister`
			`wantStatus int`
			`wantContentType string`
			`wantBody string`
			`}{`
			`{`
			`name: "Happy path ldap",`
			`decodedState: &oidc.UpstreamStateParamData{`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`UpstreamName: testUpstreamName,`
			`UpstreamType: testUpstreamType,`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`},`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`encodedState: testEncodedState, // the encoded and decoded state don't match, but that verification is handled one level up.`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`wantStatus: http.StatusOK,`
			`wantContentType: htmlContentType,`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState, ""), // no alert message`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
			`{`
			`name: "displays error banner when err=login_error param is sent",`
			`decodedState: &oidc.UpstreamStateParamData{`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`UpstreamName: testUpstreamName,`
			`UpstreamType: testUpstreamType,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`encodedState: testEncodedState,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`errParam: "login_error",`
			`wantStatus: http.StatusOK,`
			`wantContentType: htmlContentType,`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,`
			`"Incorrect username or password.",`
			`),`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
			`{`
			`name: "displays error banner when err=internal_error param is sent",`
			`decodedState: &oidc.UpstreamStateParamData{`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`UpstreamName: testUpstreamName,`
			`UpstreamType: testUpstreamType,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`encodedState: testEncodedState,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`errParam: "internal_error",`
			`wantStatus: http.StatusOK,`
			`wantContentType: htmlContentType,`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,`
			`"An internal error occurred. Please contact your administrator for help.",`
			`),`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
			`{`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`// If we get an error that we don't recognize, that's also an error, so we`
			`// should probably just tell you to contact your administrator...`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`name: "displays generic error banner when unrecognized err param is sent",`
			`decodedState: &oidc.UpstreamStateParamData{`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`UpstreamName: testUpstreamName,`
			`UpstreamType: testUpstreamType,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`},`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`encodedState: testEncodedState,`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`errParam: "some_other_error",`
			`wantStatus: http.StatusOK,`
			`wantContentType: htmlContentType,`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`wantBody: testutil.ExpectedLoginPageHTML(loginhtml.CSS(), testUpstreamName, testPath, testEncodedState,`
			`"An internal error occurred. Please contact your administrator for help.",`
			`),`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`},`
			`}`

			`for _, test := range tests {`
			`tt := test`
Use security headers for the form_post page in the POST /login endpoint Also use more specific test assertions where security headers are expected. And run the unit tests for the login package in parallel. 2022-05-03 23:46:09 +00:00
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`t.Run(tt.name, func(t *testing.T) {`
Use security headers for the form_post page in the POST /login endpoint Also use more specific test assertions where security headers are expected. And run the unit tests for the login package in parallel. 2022-05-03 23:46:09 +00:00			`t.Parallel()`

Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`handler := NewGetHandler()`
			`target := testPath + "?state=" + tt.encodedState`
Show error message on login page Also add autocomplete attribute and title element Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-29 17:36:13 +00:00			`if tt.errParam != "" {`
			`target += "&err=" + tt.errParam`
			`}`
			`req := httptest.NewRequest(http.MethodGet, target, nil)`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`rsp := httptest.NewRecorder()`
			`err := handler(rsp, req, tt.encodedState, tt.decodedState)`
			`require.NoError(t, err)`

Use security headers for the form_post page in the POST /login endpoint Also use more specific test assertions where security headers are expected. And run the unit tests for the login package in parallel. 2022-05-03 23:46:09 +00:00			`require.Equal(t, tt.wantStatus, rsp.Code)`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`testutil.RequireEqualContentType(t, rsp.Header().Get("Content-Type"), tt.wantContentType)`
			`body := rsp.Body.String()`
Login page styling/structure for users, screen readers, passwd managers Also: - Add CSS to login page - Refactor login page HTML and CSS into a new package - New custom CSP headers for the login page, because the requirements are different from the form_post page 2022-05-05 20:12:06 +00:00			`// t.Log("actual body:", body) // useful when updating expected values`
Add basic outline of login get handler Signed-off-by: Margo Crawford <margaretc@vmware.com> 2022-04-28 16:11:51 +00:00			`require.Equal(t, tt.wantBody, body)`
			`})`
			`}`
			`}`