code.gitea.io/gitea@v1.22.3/routers/web/auth/auth_test.go

code.gitea.io/gitea@v1.22.3/routers/web/auth/auth_test.go (about)

     1  // Copyright 2024 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package auth
     5  
     6  import (
     7  	"net/http"
     8  	"net/url"
     9  	"testing"
    10  
    11  	auth_model "code.gitea.io/gitea/models/auth"
    12  	"code.gitea.io/gitea/models/db"
    13  	"code.gitea.io/gitea/modules/session"
    14  	"code.gitea.io/gitea/modules/setting"
    15  	"code.gitea.io/gitea/modules/test"
    16  	"code.gitea.io/gitea/modules/util"
    17  	"code.gitea.io/gitea/services/auth/source/oauth2"
    18  	"code.gitea.io/gitea/services/contexttest"
    19  
    20  	"github.com/markbates/goth"
    21  	"github.com/markbates/goth/gothic"
    22  	"github.com/stretchr/testify/assert"
    23  )
    24  
    25  func addOAuth2Source(t *testing.T, authName string, cfg oauth2.Source) {
    26  	cfg.Provider = util.IfZero(cfg.Provider, "gitea")
    27  	err := auth_model.CreateSource(db.DefaultContext, &auth_model.Source{
    28  		Type:     auth_model.OAuth2,
    29  		Name:     authName,
    30  		IsActive: true,
    31  		Cfg:      &cfg,
    32  	})
    33  	assert.NoError(t, err)
    34  }
    35  
    36  func TestUserLogin(t *testing.T) {
    37  	ctx, resp := contexttest.MockContext(t, "/user/login")
    38  	SignIn(ctx)
    39  	assert.Equal(t, http.StatusOK, resp.Code)
    40  
    41  	ctx, resp = contexttest.MockContext(t, "/user/login")
    42  	ctx.IsSigned = true
    43  	SignIn(ctx)
    44  	assert.Equal(t, http.StatusSeeOther, resp.Code)
    45  	assert.Equal(t, "/", test.RedirectURL(resp))
    46  
    47  	ctx, resp = contexttest.MockContext(t, "/user/login?redirect_to=/other")
    48  	ctx.IsSigned = true
    49  	SignIn(ctx)
    50  	assert.Equal(t, "/other", test.RedirectURL(resp))
    51  
    52  	ctx, resp = contexttest.MockContext(t, "/user/login")
    53  	ctx.Req.AddCookie(&http.Cookie{Name: "redirect_to", Value: "/other-cookie"})
    54  	ctx.IsSigned = true
    55  	SignIn(ctx)
    56  	assert.Equal(t, "/other-cookie", test.RedirectURL(resp))
    57  
    58  	ctx, resp = contexttest.MockContext(t, "/user/login?redirect_to="+url.QueryEscape("https://example.com"))
    59  	ctx.IsSigned = true
    60  	SignIn(ctx)
    61  	assert.Equal(t, "/", test.RedirectURL(resp))
    62  }
    63  
    64  func TestSignUpOAuth2ButMissingFields(t *testing.T) {
    65  	defer test.MockVariableValue(&setting.OAuth2Client.EnableAutoRegistration, true)()
    66  	defer test.MockVariableValue(&gothic.CompleteUserAuth, func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
    67  		return goth.User{Provider: "dummy-auth-source", UserID: "dummy-user"}, nil
    68  	})()
    69  
    70  	addOAuth2Source(t, "dummy-auth-source", oauth2.Source{})
    71  
    72  	mockOpt := contexttest.MockContextOption{SessionStore: session.NewMockStore("dummy-sid")}
    73  	ctx, resp := contexttest.MockContext(t, "/user/oauth2/dummy-auth-source/callback?code=dummy-code", mockOpt)
    74  	ctx.SetParams("provider", "dummy-auth-source")
    75  	SignInOAuthCallback(ctx)
    76  	assert.Equal(t, http.StatusSeeOther, resp.Code)
    77  	assert.Equal(t, "/user/link_account", test.RedirectURL(resp))
    78  
    79  	// then the user will be redirected to the link account page, and see a message about the missing fields
    80  	ctx, _ = contexttest.MockContext(t, "/user/link_account", mockOpt)
    81  	LinkAccount(ctx)
    82  	assert.EqualValues(t, "auth.oauth_callback_unable_auto_reg:dummy-auth-source,email", ctx.Data["AutoRegistrationFailedPrompt"])
    83  }