ContainerImage.Pinniped/test/integration/supervisor_login_test.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package integration

import (
	"context"
	"crypto/tls"
	"crypto/x509/pkix"
	"encoding/base64"
	"net/http"
	"net/http/httptest"
	"net/url"
	"regexp"
	"strings"
	"testing"
	"time"

	"github.com/coreos/go-oidc"
	"github.com/stretchr/testify/require"
	"golang.org/x/oauth2"

	configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"
	idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"
	"go.pinniped.dev/internal/certauthority"
	"go.pinniped.dev/pkg/oidcclient/nonce"
	"go.pinniped.dev/pkg/oidcclient/pkce"
	"go.pinniped.dev/pkg/oidcclient/state"
	"go.pinniped.dev/test/library"
	"go.pinniped.dev/test/library/browsertest"
)

func TestSupervisorLogin(t *testing.T) {
	env := library.IntegrationEnv(t)
	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
	defer cancel()

	// Infer the downstream issuer URL from the callback associated with the upstream test client registration.
	issuerURL, err := url.Parse(env.SupervisorTestUpstream.CallbackURL)
	require.NoError(t, err)
	require.True(t, strings.HasSuffix(issuerURL.Path, "/callback"))
	issuerURL.Path = strings.TrimSuffix(issuerURL.Path, "/callback")
	t.Logf("testing with downstream issuer URL %s", issuerURL.String())

	// Generate a CA bundle with which to serve this provider.
	t.Logf("generating test CA")
	ca, err := certauthority.New(pkix.Name{CommonName: "Downstream Test CA"}, 1*time.Hour)
	require.NoError(t, err)

	// Create an HTTP client that can reach the downstream discovery endpoint using the CA certs.
	httpClient := &http.Client{Transport: &http.Transport{
		TLSClientConfig: &tls.Config{RootCAs: ca.Pool()},
		Proxy: func(req *http.Request) (*url.URL, error) {
			if env.Proxy == "" {
				return nil, nil
			}
			return url.Parse(env.Proxy)
		},
	}}

	// Use the CA to issue a TLS server cert.
	t.Logf("issuing test certificate")
	tlsCert, err := ca.Issue(
		pkix.Name{CommonName: issuerURL.Hostname()},
		[]string{issuerURL.Hostname()},
		nil,
		1*time.Hour,
	)
	require.NoError(t, err)
	certPEM, keyPEM, err := certauthority.ToPEM(tlsCert)
	require.NoError(t, err)

	// Write the serving cert to a secret.
	certSecret := library.CreateTestSecret(t,
		env.SupervisorNamespace,
		"oidc-provider-tls",
		"kubernetes.io/tls",
		map[string]string{"tls.crt": string(certPEM), "tls.key": string(keyPEM)},
	)

	// Create the downstream OIDCProvider and expect it to go into the success status condition.
	downstream := library.CreateTestOIDCProvider(ctx, t,
		issuerURL.String(),
		certSecret.Name,
		configv1alpha1.SuccessOIDCProviderStatusCondition,
	)

	// Create upstream OIDC provider and wait for it to become ready.
	library.CreateTestUpstreamOIDCProvider(t, idpv1alpha1.UpstreamOIDCProviderSpec{
		Issuer: env.SupervisorTestUpstream.Issuer,
		TLS: &idpv1alpha1.TLSSpec{
			CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),
		},
		AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
			AdditionalScopes: []string{"email", "profile"},
		},
		Client: idpv1alpha1.OIDCClient{
			SecretName: library.CreateClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,
		},
	}, idpv1alpha1.PhaseReady)

	// Perform OIDC discovery for our downstream.
	discovery, err := oidc.NewProvider(oidc.ClientContext(ctx, httpClient), downstream.Spec.Issuer)
	require.NoError(t, err)

	// Start a callback server on localhost.
	localCallbackServer := startLocalCallbackServer(t)

	// Form the OAuth2 configuration corresponding to our CLI client.
	downstreamOAuth2Config := oauth2.Config{
		// This is the hardcoded public client that the supervisor supports.
		ClientID:    "pinniped-cli",
		Endpoint:    discovery.Endpoint(),
		RedirectURL: localCallbackServer.URL,
		Scopes:      []string{"openid"},
	}

	// Build a valid downstream authorize URL for the supervisor.
	stateParam, err := state.Generate()
	require.NoError(t, err)
	nonceParam, err := nonce.Generate()
	require.NoError(t, err)
	pkceParam, err := pkce.Generate()
	require.NoError(t, err)
	downstreamAuthorizeURL := downstreamOAuth2Config.AuthCodeURL(
		stateParam.String(),
		nonceParam.Param(),
		pkceParam.Challenge(),
		pkceParam.Method(),
	)

	// Open the web browser and navigate to the downstream authorize URL.
	page := browsertest.Open(t)
	t.Logf("opening browser to downstream authorize URL %s", library.MaskTokens(downstreamAuthorizeURL))
	require.NoError(t, page.Navigate(downstreamAuthorizeURL))

	// Expect to be redirected to the upstream provider and log in.
	browsertest.LoginToUpstream(t, page, env.SupervisorTestUpstream)

	// Wait for the login to happen and us be redirected back to a localhost callback.
	t.Logf("waiting for redirect to callback")
	callbackURLPattern := regexp.MustCompile(`\A` + regexp.QuoteMeta(localCallbackServer.URL) + `\?.+\z`)
	browsertest.WaitForURL(t, page, callbackURLPattern)

	// Expect that our callback handler was invoked.
	callback := localCallbackServer.waitForCallback(10 * time.Second)
	t.Logf("got callback request: %s", library.MaskTokens(callback.URL.String()))
	require.Equal(t, stateParam.String(), callback.URL.Query().Get("state"))
	require.Equal(t, "openid", callback.URL.Query().Get("scope"))
	require.NotEmpty(t, callback.URL.Query().Get("code"))
}

func startLocalCallbackServer(t *testing.T) *localCallbackServer {
	// Handle the callback by sending the *http.Request object back through a channel.
	callbacks := make(chan *http.Request, 1)
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		callbacks <- r
	}))
	server.URL += "/callback"
	t.Cleanup(server.Close)
	t.Cleanup(func() { close(callbacks) })
	return &localCallbackServer{Server: server, t: t, callbacks: callbacks}
}

type localCallbackServer struct {
	*httptest.Server
	t         *testing.T
	callbacks <-chan *http.Request
}

func (s *localCallbackServer) waitForCallback(timeout time.Duration) *http.Request {
	select {
	case callback := <-s.callbacks:
		return callback
	case <-time.After(timeout):
		require.Fail(s.t, "timed out waiting for callback request")
		return nil
	}
}
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`// Copyright 2020 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`package integration`

			`import (`
			`"context"`
			`"crypto/tls"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`"crypto/x509/pkix"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`"encoding/base64"`
			`"net/http"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`"net/http/httptest"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`"net/url"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`"regexp"`
test/integration: get downstream issuer path from upstream redirect See comment in the code. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-11-30 14:58:08 +00:00			`"strings"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`"testing"`
			`"time"`

			`"github.com/coreos/go-oidc"`
			`"github.com/stretchr/testify/require"`
			`"golang.org/x/oauth2"`

Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`configv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/config/v1alpha1"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`idpv1alpha1 "go.pinniped.dev/generated/1.19/apis/supervisor/idp/v1alpha1"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`"go.pinniped.dev/internal/certauthority"`
Move `./internal/oidcclient` to `./pkg/oidcclient`. This will allow it to be imported by Go code outside of our repository, which was something we have planned for since this code was written. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 18:46:54 +00:00			`"go.pinniped.dev/pkg/oidcclient/nonce"`
			`"go.pinniped.dev/pkg/oidcclient/pkce"`
			`"go.pinniped.dev/pkg/oidcclient/state"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`"go.pinniped.dev/test/library"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`"go.pinniped.dev/test/library/browsertest"`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`)`

			`func TestSupervisorLogin(t *testing.T) {`
			`env := library.IntegrationEnv(t)`
			`ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)`
			`defer cancel()`

Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Infer the downstream issuer URL from the callback associated with the upstream test client registration.`
			`issuerURL, err := url.Parse(env.SupervisorTestUpstream.CallbackURL)`
			`require.NoError(t, err)`
			`require.True(t, strings.HasSuffix(issuerURL.Path, "/callback"))`
			`issuerURL.Path = strings.TrimSuffix(issuerURL.Path, "/callback")`
			`t.Logf("testing with downstream issuer URL %s", issuerURL.String())`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Generate a CA bundle with which to serve this provider.`
			`t.Logf("generating test CA")`
			`ca, err := certauthority.New(pkix.Name{CommonName: "Downstream Test CA"}, 1*time.Hour)`
			`require.NoError(t, err)`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Create an HTTP client that can reach the downstream discovery endpoint using the CA certs.`
			`httpClient := &http.Client{Transport: &http.Transport{`
			`TLSClientConfig: &tls.Config{RootCAs: ca.Pool()},`
			`Proxy: func(req http.Request) (url.URL, error) {`
			`if env.Proxy == "" {`
			`return nil, nil`
			`}`
			`return url.Parse(env.Proxy)`
			`},`
			`}}`

			`// Use the CA to issue a TLS server cert.`
			`t.Logf("issuing test certificate")`
			`tlsCert, err := ca.Issue(`
			`pkix.Name{CommonName: issuerURL.Hostname()},`
			`[]string{issuerURL.Hostname()},`
			`nil,`
			`1*time.Hour,`
			`)`
			`require.NoError(t, err)`
			`certPEM, keyPEM, err := certauthority.ToPEM(tlsCert)`
test/integration: get downstream issuer path from upstream redirect See comment in the code. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-11-30 14:58:08 +00:00			`require.NoError(t, err)`

Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Write the serving cert to a secret.`
			`certSecret := library.CreateTestSecret(t,`
			`env.SupervisorNamespace,`
			`"oidc-provider-tls",`
			`"kubernetes.io/tls",`
			`map[string]string{"tls.crt": string(certPEM), "tls.key": string(keyPEM)},`
test/integration: get downstream issuer path from upstream redirect See comment in the code. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-11-30 14:58:08 +00:00			`)`

Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Create the downstream OIDCProvider and expect it to go into the success status condition.`
			`downstream := library.CreateTestOIDCProvider(ctx, t,`
			`issuerURL.String(),`
			`certSecret.Name,`
			`configv1alpha1.SuccessOIDCProviderStatusCondition,`
			`)`
test/integration: get downstream issuer path from upstream redirect See comment in the code. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-11-30 14:58:08 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Create upstream OIDC provider and wait for it to become ready.`
			`library.CreateTestUpstreamOIDCProvider(t, idpv1alpha1.UpstreamOIDCProviderSpec{`
			`Issuer: env.SupervisorTestUpstream.Issuer,`
			`TLS: &idpv1alpha1.TLSSpec{`
			`CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(env.SupervisorTestUpstream.CABundle)),`
			`},`
			`AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{`
			`AdditionalScopes: []string{"email", "profile"},`
			`},`
			`Client: idpv1alpha1.OIDCClient{`
			`SecretName: library.CreateClientCredsSecret(t, env.SupervisorTestUpstream.ClientID, env.SupervisorTestUpstream.ClientSecret).Name,`
			`},`
			`}, idpv1alpha1.PhaseReady)`

			`// Perform OIDC discovery for our downstream.`
			`discovery, err := oidc.NewProvider(oidc.ClientContext(ctx, httpClient), downstream.Spec.Issuer)`
			`require.NoError(t, err)`

			`// Start a callback server on localhost.`
			`localCallbackServer := startLocalCallbackServer(t)`
test/integration: get downstream issuer path from upstream redirect See comment in the code. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-11-30 14:58:08 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Form the OAuth2 configuration corresponding to our CLI client.`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`downstreamOAuth2Config := oauth2.Config{`
			`// This is the hardcoded public client that the supervisor supports.`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`ClientID: "pinniped-cli",`
			`Endpoint: discovery.Endpoint(),`
			`RedirectURL: localCallbackServer.URL,`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`Scopes: []string{"openid"},`
			`}`

Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Build a valid downstream authorize URL for the supervisor.`
			`stateParam, err := state.Generate()`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`require.NoError(t, err)`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`nonceParam, err := nonce.Generate()`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`require.NoError(t, err)`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`pkceParam, err := pkce.Generate()`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`require.NoError(t, err)`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`downstreamAuthorizeURL := downstreamOAuth2Config.AuthCodeURL(`
			`stateParam.String(),`
			`nonceParam.Param(),`
			`pkceParam.Challenge(),`
			`pkceParam.Method(),`
			`)`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`// Open the web browser and navigate to the downstream authorize URL.`
			`page := browsertest.Open(t)`
			`t.Logf("opening browser to downstream authorize URL %s", library.MaskTokens(downstreamAuthorizeURL))`
			`require.NoError(t, page.Navigate(downstreamAuthorizeURL))`

			`// Expect to be redirected to the upstream provider and log in.`
			`browsertest.LoginToUpstream(t, page, env.SupervisorTestUpstream)`

			`// Wait for the login to happen and us be redirected back to a localhost callback.`
			`t.Logf("waiting for redirect to callback")`
			callbackURLPattern := regexp.MustCompile(`\A` + regexp.QuoteMeta(localCallbackServer.URL) + `\?.+\z`)
			`browsertest.WaitForURL(t, page, callbackURLPattern)`

			`// Expect that our callback handler was invoked.`
			`callback := localCallbackServer.waitForCallback(10 * time.Second)`
			`t.Logf("got callback request: %s", library.MaskTokens(callback.URL.String()))`
			`require.Equal(t, stateParam.String(), callback.URL.Query().Get("state"))`
			`require.Equal(t, "openid", callback.URL.Query().Get("scope"))`
			`require.NotEmpty(t, callback.URL.Query().Get("code"))`
			`}`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`func startLocalCallbackServer(t testing.T) localCallbackServer {`
			`// Handle the callback by sending the *http.Request object back through a channel.`
			`callbacks := make(chan *http.Request, 1)`
			`server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`callbacks <- r`
			`}))`
Fix a lint warning by simplifying this append operation. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 22:11:22 +00:00			`server.URL += "/callback"`
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`t.Cleanup(server.Close)`
			`t.Cleanup(func() { close(callbacks) })`
			`return &localCallbackServer{Server: server, t: t, callbacks: callbacks}`
			`}`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`type localCallbackServer struct {`
			`*httptest.Server`
			`t *testing.T`
			`callbacks <-chan *http.Request`
			`}`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00
Update TestSupervisorLogin to test the callback flow using a browser. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-12-02 21:50:42 +00:00			`func (s localCallbackServer) waitForCallback(timeout time.Duration) http.Request {`
			`select {`
			`case callback := <-s.callbacks:`
			`return callback`
			`case <-time.After(timeout):`
			`require.Fail(s.t, "timed out waiting for callback request")`
			`return nil`
			`}`
Re-add the TestSupervisorLogin integration test. This is 99% Andrew's code from 4032ed32aebde02786a51ed9800330d1b8705211, but tweaked to work with the new UpstreamOIDCProvider setup. Signed-off-by: Matt Moyer <moyerm@vmware.com> 2020-11-17 15:21:17 +00:00			`}`