callback_handler.go: add a test for invalid state auth params
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler
parent
652ea6bd2a
commit
ffdb7fa795
@ -36,7 +36,7 @@ func NewHandler(idpListGetter oidc.IDPListGetter, oauthHelper fosite.OAuth2Provi
|
|||||||
|
|
||||||
downstreamAuthParams, err := url.ParseQuery(state.AuthParams)
|
downstreamAuthParams, err := url.ParseQuery(state.AuthParams)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err) // TODO
|
return httperr.New(http.StatusBadRequest, "error reading state's downstream auth params")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Recreate enough of the original authorize request so we can pass it to NewAuthorizeRequest().
|
// Recreate enough of the original authorize request so we can pass it to NewAuthorizeRequest().
|
||||||
|
|||||||
@ -96,6 +96,7 @@ func TestCallbackEndpoint(t *testing.T) {
|
|||||||
happyCSRF := "test-csrf"
|
happyCSRF := "test-csrf"
|
||||||
happyPKCE := "test-pkce"
|
happyPKCE := "test-pkce"
|
||||||
happyNonce := "test-nonce"
|
happyNonce := "test-nonce"
|
||||||
|
happyStateVersion := "1"
|
||||||
|
|
||||||
happyState, err := happyStateCodec.Encode("s",
|
happyState, err := happyStateCodec.Encode("s",
|
||||||
testutil.ExpectedUpstreamStateParamFormat{
|
testutil.ExpectedUpstreamStateParamFormat{
|
||||||
@ -103,7 +104,7 @@ func TestCallbackEndpoint(t *testing.T) {
|
|||||||
N: happyNonce,
|
N: happyNonce,
|
||||||
C: happyCSRF,
|
C: happyCSRF,
|
||||||
K: happyPKCE,
|
K: happyPKCE,
|
||||||
V: "1",
|
V: happyStateVersion,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -114,7 +115,7 @@ func TestCallbackEndpoint(t *testing.T) {
|
|||||||
N: happyNonce,
|
N: happyNonce,
|
||||||
C: "wrong-csrf-value",
|
C: "wrong-csrf-value",
|
||||||
K: happyPKCE,
|
K: happyPKCE,
|
||||||
V: "1",
|
V: happyStateVersion,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -125,7 +126,18 @@ func TestCallbackEndpoint(t *testing.T) {
|
|||||||
N: happyNonce,
|
N: happyNonce,
|
||||||
C: happyCSRF,
|
C: happyCSRF,
|
||||||
K: happyPKCE,
|
K: happyPKCE,
|
||||||
V: "wrong-version",
|
V: "wrong-state-version",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
wrongDownstreamAuthParamsState, err := happyStateCodec.Encode("s",
|
||||||
|
testutil.ExpectedUpstreamStateParamFormat{
|
||||||
|
P: "these-is-not-a-valid-url-query-%z",
|
||||||
|
N: happyNonce,
|
||||||
|
C: happyCSRF,
|
||||||
|
K: happyPKCE,
|
||||||
|
V: happyStateVersion,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -224,6 +236,15 @@ func TestCallbackEndpoint(t *testing.T) {
|
|||||||
wantStatus: http.StatusUnprocessableEntity,
|
wantStatus: http.StatusUnprocessableEntity,
|
||||||
wantBody: "Unprocessable Entity: state format version is invalid\n",
|
wantBody: "Unprocessable Entity: state format version is invalid\n",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "state's downstream auth params element is invalid",
|
||||||
|
idpListGetter: testutil.NewIDPListGetter(upstreamOIDCIdentityProvider),
|
||||||
|
method: http.MethodGet,
|
||||||
|
path: newRequestPath().WithState(wrongDownstreamAuthParamsState).String(),
|
||||||
|
csrfCookie: happyCSRFCookie,
|
||||||
|
wantStatus: http.StatusBadRequest,
|
||||||
|
wantBody: "Bad Request: error reading state's downstream auth params\n",
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "the UpstreamOIDCProvider CRD has been deleted",
|
name: "the UpstreamOIDCProvider CRD has been deleted",
|
||||||
idpListGetter: testutil.NewIDPListGetter(otherUpstreamOIDCIdentityProvider),
|
idpListGetter: testutil.NewIDPListGetter(otherUpstreamOIDCIdentityProvider),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user