integration: add forward auth test

2025-05-09 23:27:43 +02:00 · 2020-08-21 13:44:51 +07:00 · 2020-08-21 13:44:51 +07:00 · 82deafee63
commit 82deafee63
parent 79741d5345
2 changed files with 54 additions and 1 deletions
--- a/integration/internal/flows/flows.go
+++ b/integration/internal/flows/flows.go
@ -27,6 +27,7 @@ type authenticateConfig struct {
 	groups          []string
 	tokenExpiration time.Duration
 	apiPath         string
+	forwardAuth     bool
 }

 // An AuthenticateOption is an option for authentication.
@ -44,6 +45,13 @@ func getAuthenticateConfig(options ...AuthenticateOption) *authenticateConfig {
 	return cfg
 }

+// WithForwardAuth enables/disables forward auth.
+func WithForwardAuth(fa bool) AuthenticateOption {
+	return func(cfg *authenticateConfig) {
+		cfg.forwardAuth = fa
+	}
+}
+
 // WithEmail sets the email to use.
 func WithEmail(email string) AuthenticateOption {
 	return func(cfg *authenticateConfig) {
@ -184,10 +192,28 @@ func Authenticate(ctx context.Context, client *http.Client, url *url.URL, option
 	}

 	// (5) finally to callback
-	if req.URL.Path != pomeriumCallbackPath {
+	if !cfg.forwardAuth && req.URL.Path != pomeriumCallbackPath {
 		return nil, fmt.Errorf("expected to redirect back to %s, but got %s", pomeriumCallbackPath, req.URL.String())
 	}

+	if cfg.forwardAuth {
+		for {
+			res, err = client.Do(req)
+			if err != nil {
+				return nil, err
+			}
+			defer res.Body.Close()
+			if res.StatusCode != 302 {
+				break
+			}
+			req, err = requestFromRedirectResponse(ctx, res, req)
+			if err != nil {
+				return nil, fmt.Errorf("expected redirect to %s: %w", originalHostname, err)
+			}
+		}
+		return res, err
+	}
+
 	res, err = client.Do(req)
 	if err != nil {
 		return nil, err