(t *testing.T)
| 3764 | } |
| 3765 | |
| 3766 | func TestIdTokenPlaceholderInSignOut(t *testing.T) { |
| 3767 | opts := baseTestOptions() |
| 3768 | opts.WhitelistDomains = []string{"my-oidc-provider.example.com"} |
| 3769 | |
| 3770 | err := validation.Validate(opts) |
| 3771 | assert.NoError(t, err) |
| 3772 | |
| 3773 | const emailAddress = "john.doe@example.com" |
| 3774 | const userName = "9fcab5c9b889a557" |
| 3775 | created := time.Now() |
| 3776 | |
| 3777 | session := &sessions.SessionState{ |
| 3778 | User: userName, |
| 3779 | Groups: []string{"a", "b"}, |
| 3780 | Email: emailAddress, |
| 3781 | IDToken: "eYjjjjjj.vvvv.ddd", |
| 3782 | AccessToken: "oauth_token", |
| 3783 | CreatedAt: &created, |
| 3784 | } |
| 3785 | |
| 3786 | proxy, err := NewOAuthProxy(opts, func(email string) bool { |
| 3787 | return true |
| 3788 | }) |
| 3789 | assert.NoError(t, err) |
| 3790 | |
| 3791 | // Save the required session |
| 3792 | rw := httptest.NewRecorder() |
| 3793 | req, _ := http.NewRequest(http.MethodGet, "/", nil) |
| 3794 | err = proxy.sessionStore.Save(rw, req, session) |
| 3795 | assert.NoError(t, err) |
| 3796 | |
| 3797 | rw = httptest.NewRecorder() |
| 3798 | |
| 3799 | rdUrl := url.QueryEscape("https://my-oidc-provider.example.com/sign_out_page?id_token_hint={id_token}&post_logout_redirect_uri=https://my-app.example.com/") |
| 3800 | req, _ = http.NewRequest(http.MethodGet, "/oauth2/sign_out?rd="+rdUrl, nil) |
| 3801 | req = middlewareapi.AddRequestScope(req, &middlewareapi.RequestScope{ |
| 3802 | RequestID: "11111111-2222-4333-8444-555555555555", |
| 3803 | Session: session, |
| 3804 | }) |
| 3805 | |
| 3806 | proxy.SignOut(rw, req) |
| 3807 | newLocation := rw.Header().Values("Location")[0] |
| 3808 | |
| 3809 | assert.Equal(t, "https://my-oidc-provider.example.com/sign_out_page?id_token_hint=eYjjjjjj.vvvv.ddd&post_logout_redirect_uri=https://my-app.example.com/", newLocation) |
| 3810 | } |
nothing calls this directly
no test coverage detected