2022-04-28 19:07:04 +00:00
|
|
|
// Copyright 2022 the Pinniped contributors. All Rights Reserved.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2022-04-28 16:11:51 +00:00
|
|
|
package login
|
|
|
|
|
|
|
|
import (
|
2022-04-29 17:36:13 +00:00
|
|
|
"fmt"
|
2022-04-28 16:11:51 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"go.pinniped.dev/internal/testutil"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"go.pinniped.dev/internal/oidc"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestGetLogin(t *testing.T) {
|
|
|
|
const (
|
|
|
|
happyLdapIDPName = "some-ldap-idp"
|
|
|
|
)
|
2022-04-29 17:36:13 +00:00
|
|
|
|
2022-04-28 16:11:51 +00:00
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
decodedState *oidc.UpstreamStateParamData
|
|
|
|
encodedState string
|
2022-04-29 17:36:13 +00:00
|
|
|
errParam string
|
2022-04-28 16:11:51 +00:00
|
|
|
idps oidc.UpstreamIdentityProvidersLister
|
|
|
|
wantStatus int
|
|
|
|
wantContentType string
|
|
|
|
wantBody string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "Happy path ldap",
|
|
|
|
decodedState: &oidc.UpstreamStateParamData{
|
|
|
|
UpstreamName: happyLdapIDPName,
|
|
|
|
UpstreamType: "ldap",
|
|
|
|
},
|
|
|
|
encodedState: "foo", // the encoded and decoded state don't match, but that verification is handled one level up.
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
wantContentType: htmlContentType,
|
2022-04-29 17:36:13 +00:00
|
|
|
wantBody: getHTMLResult(""),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "displays error banner when err=login_error param is sent",
|
|
|
|
decodedState: &oidc.UpstreamStateParamData{
|
|
|
|
UpstreamName: happyLdapIDPName,
|
|
|
|
UpstreamType: "ldap",
|
|
|
|
},
|
|
|
|
encodedState: "foo",
|
|
|
|
errParam: "login_error",
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
wantContentType: htmlContentType,
|
|
|
|
wantBody: getHTMLResult(`
|
|
|
|
<div class="alert">
|
|
|
|
<span>Incorrect username or password.</span>
|
|
|
|
</div>
|
|
|
|
`),
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "displays error banner when err=internal_error param is sent",
|
|
|
|
decodedState: &oidc.UpstreamStateParamData{
|
|
|
|
UpstreamName: happyLdapIDPName,
|
|
|
|
UpstreamType: "ldap",
|
|
|
|
},
|
|
|
|
encodedState: "foo",
|
|
|
|
errParam: "internal_error",
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
wantContentType: htmlContentType,
|
|
|
|
wantBody: getHTMLResult(`
|
|
|
|
<div class="alert">
|
|
|
|
<span>An internal error occurred. Please contact your administrator for help.</span>
|
|
|
|
</div>
|
|
|
|
`),
|
|
|
|
},
|
|
|
|
// If we get an error that we don't recognize, that's also an error, so we
|
|
|
|
// should probably just tell you to contact your administrator...
|
|
|
|
{
|
|
|
|
name: "displays generic error banner when unrecognized err param is sent",
|
|
|
|
decodedState: &oidc.UpstreamStateParamData{
|
|
|
|
UpstreamName: happyLdapIDPName,
|
|
|
|
UpstreamType: "ldap",
|
|
|
|
},
|
|
|
|
encodedState: "foo",
|
|
|
|
errParam: "some_other_error",
|
|
|
|
wantStatus: http.StatusOK,
|
|
|
|
wantContentType: htmlContentType,
|
|
|
|
wantBody: getHTMLResult(`
|
|
|
|
<div class="alert">
|
|
|
|
<span>An internal error occurred. Please contact your administrator for help.</span>
|
|
|
|
</div>
|
|
|
|
`),
|
2022-04-28 16:11:51 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
tt := test
|
2022-05-03 23:46:09 +00:00
|
|
|
|
2022-04-28 16:11:51 +00:00
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2022-05-03 23:46:09 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2022-04-28 16:11:51 +00:00
|
|
|
handler := NewGetHandler(tt.idps)
|
2022-05-03 22:18:38 +00:00
|
|
|
target := "/some/path/login?state=" + tt.encodedState
|
2022-04-29 17:36:13 +00:00
|
|
|
if tt.errParam != "" {
|
|
|
|
target += "&err=" + tt.errParam
|
|
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, target, nil)
|
2022-04-28 16:11:51 +00:00
|
|
|
rsp := httptest.NewRecorder()
|
|
|
|
err := handler(rsp, req, tt.encodedState, tt.decodedState)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-05-03 23:46:09 +00:00
|
|
|
require.Equal(t, tt.wantStatus, rsp.Code)
|
2022-04-28 16:11:51 +00:00
|
|
|
testutil.RequireEqualContentType(t, rsp.Header().Get("Content-Type"), tt.wantContentType)
|
|
|
|
body := rsp.Body.String()
|
|
|
|
require.Equal(t, tt.wantBody, body)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-04-29 17:36:13 +00:00
|
|
|
|
|
|
|
func getHTMLResult(errorBanner string) string {
|
|
|
|
happyGetResult := `<!DOCTYPE html>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Pinniped</title>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
<h1>Pinniped</h1>
|
|
|
|
<p>some-ldap-idp</p>
|
|
|
|
%s
|
2022-05-03 22:18:38 +00:00
|
|
|
<form action="/some/path/login" method="post" target="_parent">
|
2022-04-29 17:36:13 +00:00
|
|
|
|
|
|
|
<div>
|
|
|
|
<label for="username"><b>Username</b></label>
|
|
|
|
<input type="text" name="username" id="username" autocomplete="username" required>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div>
|
|
|
|
<label for="password"><b>Password</b></label>
|
|
|
|
<input type="password" name="password" id="password current-password" autocomplete="current-password" required>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div>
|
|
|
|
<input type="hidden" name="state" id="state" value="foo">
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<button type="submit" name="submit" id="submit">Log in</button>
|
|
|
|
|
|
|
|
</form>
|
|
|
|
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
`
|
|
|
|
return fmt.Sprintf(happyGetResult, errorBanner)
|
|
|
|
}
|