mirror of
https://github.com/nais/wonderwall.git
synced 2026-05-29 11:42:53 +00:00
5a50ba7c3a
Replace hardcoded callback URLs with dynamic generation of URLs based on incoming requests. These are validated against a pre-registered list of ingresses for which Wonderwall is considered authorative for. We also preserve the cookie behaviour; the most specific ingress path and domain is used for the cookies. The `url` package has been moved to the `handler` package, and its implementation refactored slightly for readability and DRY.
81 lines
2.0 KiB
Go
81 lines
2.0 KiB
Go
package client_test
|
|
|
|
import (
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/nais/wonderwall/pkg/mock"
|
|
"github.com/nais/wonderwall/pkg/openid/client"
|
|
)
|
|
|
|
const (
|
|
LogoutCallbackURI = mock.Ingress + "/oauth2/logout/callback"
|
|
PostLogoutRedirectURI = "http://some-other-url"
|
|
EndSessionEndpoint = "http://provider/endsession"
|
|
)
|
|
|
|
func TestLogout_SingleLogoutURL(t *testing.T) {
|
|
t.Run("with id_token", func(t *testing.T) {
|
|
logout := newLogout(t)
|
|
idToken := "some-id-token"
|
|
|
|
raw := logout.SingleLogoutURL(idToken)
|
|
assert.NotEmpty(t, raw)
|
|
|
|
logoutUrl, err := url.Parse(raw)
|
|
assert.NoError(t, err)
|
|
|
|
query := logoutUrl.Query()
|
|
assert.Len(t, query, 2)
|
|
|
|
assert.Contains(t, query, "id_token_hint")
|
|
assert.Equal(t, idToken, query.Get("id_token_hint"))
|
|
|
|
assert.Contains(t, query, "post_logout_redirect_uri")
|
|
assert.Equal(t, LogoutCallbackURI, query.Get("post_logout_redirect_uri"))
|
|
|
|
logoutUrl.RawQuery = ""
|
|
assert.Equal(t, EndSessionEndpoint, logoutUrl.String())
|
|
})
|
|
|
|
t.Run("without id_token", func(t *testing.T) {
|
|
logout := newLogout(t)
|
|
idToken := ""
|
|
|
|
raw := logout.SingleLogoutURL(idToken)
|
|
assert.NotEmpty(t, raw)
|
|
|
|
logoutUrl, err := url.Parse(raw)
|
|
assert.NoError(t, err)
|
|
|
|
query := logoutUrl.Query()
|
|
assert.Len(t, query, 1)
|
|
|
|
assert.NotContains(t, query, "id_token_hint")
|
|
assert.Equal(t, idToken, query.Get("id_token_hint"))
|
|
|
|
assert.Contains(t, query, "post_logout_redirect_uri")
|
|
assert.Equal(t, LogoutCallbackURI, query.Get("post_logout_redirect_uri"))
|
|
|
|
logoutUrl.RawQuery = ""
|
|
assert.Equal(t, EndSessionEndpoint, logoutUrl.String())
|
|
})
|
|
}
|
|
|
|
func newLogout(t *testing.T) client.Logout {
|
|
cfg := mock.Config()
|
|
|
|
openidCfg := mock.NewTestConfiguration(cfg)
|
|
openidCfg.TestClient.SetPostLogoutRedirectURI(PostLogoutRedirectURI)
|
|
openidCfg.TestProvider.SetEndSessionEndpoint(EndSessionEndpoint)
|
|
|
|
req := mock.NewGetRequest(mock.Ingress+"/oauth2/logout", openidCfg)
|
|
|
|
logout, err := newTestClientWithConfig(openidCfg).Logout(req)
|
|
assert.NoError(t, err)
|
|
|
|
return logout
|
|
}
|