3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 15:47:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

integration: add forward auth test

Browse source
This commit is contained in:
Cuong Manh Le 2020-08-21 13:44:51 +07:00
parent 79741d5345
commit 82deafee63
2 changed files with 54 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

27
integration/forward_auth_test.go Normal file
View file

@ -0,0 +1,27 @@
package main
import (
"context"
"net/http"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/pomerium/pomerium/integration/internal/flows"
)
func TestForwardAuth(t *testing.T) {
ctx := mainCtx
ctx, clearTimeout := context.WithTimeout(ctx, time.Second*30)
defer clearTimeout()
client := testcluster.NewHTTPClient()
res, err := flows.Authenticate(ctx, client, mustParseURL("https://fa-httpdetails.localhost.pomerium.io/by-user"),
flows.WithForwardAuth(true), flows.WithEmail("bob@dogs.test"), flows.WithGroups("user"))
if !assert.NoError(t, err, "unexpected http error") {
return
}
defer res.Body.Close()
assert.Equal(t, http.StatusOK, res.StatusCode)
}

28
integration/internal/flows/flows.go
View file

@ -27,6 +27,7 @@ type authenticateConfig struct {
groups []string groups []string
tokenExpiration time.Duration tokenExpiration time.Duration
apiPath string apiPath string
forwardAuth bool
} }
// An AuthenticateOption is an option for authentication. // An AuthenticateOption is an option for authentication.
@ -44,6 +45,13 @@ func getAuthenticateConfig(options ...AuthenticateOption) *authenticateConfig {
return cfg return cfg
} }
// WithForwardAuth enables/disables forward auth.
func WithForwardAuth(fa bool) AuthenticateOption {
return func(cfg *authenticateConfig) {
cfg.forwardAuth = fa
}
}
// WithEmail sets the email to use. // WithEmail sets the email to use.
func WithEmail(email string) AuthenticateOption { func WithEmail(email string) AuthenticateOption {
return func(cfg *authenticateConfig) { return func(cfg *authenticateConfig) {
@ -184,10 +192,28 @@ func Authenticate(ctx context.Context, client *http.Client, url *url.URL, option
} }
// (5) finally to callback // (5) finally to callback
if req.URL.Path != pomeriumCallbackPath { if !cfg.forwardAuth && req.URL.Path != pomeriumCallbackPath {
return nil, fmt.Errorf("expected to redirect back to %s, but got %s", pomeriumCallbackPath, req.URL.String()) return nil, fmt.Errorf("expected to redirect back to %s, but got %s", pomeriumCallbackPath, req.URL.String())
} }
if cfg.forwardAuth {
for {
res, err = client.Do(req)
if err != nil {
return nil, err
}
defer res.Body.Close()
if res.StatusCode != 302 {
break
}
req, err = requestFromRedirectResponse(ctx, res, req)
if err != nil {
return nil, fmt.Errorf("expected redirect to %s: %w", originalHostname, err)
}
}
return res, err
}
res, err = client.Do(req) res, err = client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err