Merge branch '16669-oidc-access-token-fed'
[arvados.git] / lib / controller / federation / login_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package federation
6
7 import (
8         "context"
9         "net/url"
10
11         "git.arvados.org/arvados.git/sdk/go/arvados"
12         "git.arvados.org/arvados.git/sdk/go/arvadostest"
13         "git.arvados.org/arvados.git/sdk/go/auth"
14         check "gopkg.in/check.v1"
15 )
16
17 var _ = check.Suite(&LoginSuite{})
18
19 type LoginSuite struct {
20         FederationSuite
21 }
22
23 func (s *LoginSuite) TestDeferToLoginCluster(c *check.C) {
24         s.addHTTPRemote(c, "zhome", &arvadostest.APIStub{})
25         s.cluster.Login.LoginCluster = "zhome"
26
27         returnTo := "https://app.example.com/foo?bar"
28         for _, remote := range []string{"", "ccccc"} {
29                 resp, err := s.fed.Login(context.Background(), arvados.LoginOptions{Remote: remote, ReturnTo: returnTo})
30                 c.Check(err, check.IsNil)
31                 c.Logf("remote %q -- RedirectLocation %q", remote, resp.RedirectLocation)
32                 target, err := url.Parse(resp.RedirectLocation)
33                 c.Check(err, check.IsNil)
34                 c.Check(target.Host, check.Equals, s.cluster.RemoteClusters["zhome"].Host)
35                 c.Check(target.Scheme, check.Equals, "http")
36                 c.Check(target.Query().Get("return_to"), check.Equals, returnTo)
37                 c.Check(target.Query().Get("remote"), check.Equals, remote)
38                 _, remotePresent := target.Query()["remote"]
39                 c.Check(remotePresent, check.Equals, remote != "")
40         }
41 }
42
43 func (s *LoginSuite) TestLogout(c *check.C) {
44         s.cluster.Services.Workbench1.ExternalURL = arvados.URL{Scheme: "https", Host: "workbench1.example.com"}
45         s.cluster.Services.Workbench2.ExternalURL = arvados.URL{Scheme: "https", Host: "workbench2.example.com"}
46         s.addHTTPRemote(c, "zhome", &arvadostest.APIStub{})
47         s.cluster.Login.LoginCluster = "zhome"
48         // s.fed is already set by SetUpTest, but we need to
49         // reinitialize with the above config changes.
50         s.fed = New(s.cluster)
51
52         returnTo := "https://app.example.com/foo?bar"
53         for _, trial := range []struct {
54                 token    string
55                 returnTo string
56                 target   string
57         }{
58                 {token: "", returnTo: "", target: s.cluster.Services.Workbench2.ExternalURL.String()},
59                 {token: "", returnTo: returnTo, target: returnTo},
60                 {token: "zzzzzzzzzzzzzzzzzzzzz", returnTo: returnTo, target: returnTo},
61                 {token: "v2/zzzzz-aaaaa-aaaaaaaaaaaaaaa/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", returnTo: returnTo, target: returnTo},
62                 {token: "v2/zhome-aaaaa-aaaaaaaaaaaaaaa/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", returnTo: returnTo, target: "http://" + s.cluster.RemoteClusters["zhome"].Host + "/logout?" + url.Values{"return_to": {returnTo}}.Encode()},
63         } {
64                 c.Logf("trial %#v", trial)
65                 ctx := context.Background()
66                 if trial.token != "" {
67                         ctx = auth.NewContext(ctx, &auth.Credentials{Tokens: []string{trial.token}})
68                 }
69                 resp, err := s.fed.Logout(ctx, arvados.LogoutOptions{ReturnTo: trial.returnTo})
70                 c.Assert(err, check.IsNil)
71                 c.Logf("  RedirectLocation %q", resp.RedirectLocation)
72                 target, err := url.Parse(resp.RedirectLocation)
73                 c.Check(err, check.IsNil)
74                 c.Check(target.String(), check.Equals, trial.target)
75         }
76 }