projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
16552: change default db name to just arvados.
[arvados.git]
/
sdk
/
go
/
arvadostest
/
oidc_provider.go
diff --git
a/sdk/go/arvadostest/oidc_provider.go
b/sdk/go/arvadostest/oidc_provider.go
index de21302e5a048dfbca340abf24cb6c5359de7305..087adc4b2441648111c0857b93c84eeb48d58cca 100644
(file)
--- a/
sdk/go/arvadostest/oidc_provider.go
+++ b/
sdk/go/arvadostest/oidc_provider.go
@@
-29,10
+29,18
@@
type OIDCProvider struct {
AuthEmail string
AuthEmailVerified bool
AuthName string
AuthEmail string
AuthEmailVerified bool
AuthName string
+ AuthGivenName string
+ AuthFamilyName string
AccessTokenPayload map[string]interface{}
PeopleAPIResponse map[string]interface{}
AccessTokenPayload map[string]interface{}
PeopleAPIResponse map[string]interface{}
+ // send incoming /userinfo requests to HoldUserInfo (if not
+ // nil), then receive from ReleaseUserInfo (if not nil),
+ // before responding (these are used to set up races)
+ HoldUserInfo chan *http.Request
+ ReleaseUserInfo chan struct{}
+
key *rsa.PrivateKey
Issuer *httptest.Server
PeopleAPI *httptest.Server
key *rsa.PrivateKey
Issuer *httptest.Server
PeopleAPI *httptest.Server
@@
-96,6
+104,8
@@
func (p *OIDCProvider) serveOIDC(w http.ResponseWriter, req *http.Request) {
"email": p.AuthEmail,
"email_verified": p.AuthEmailVerified,
"name": p.AuthName,
"email": p.AuthEmail,
"email_verified": p.AuthEmailVerified,
"name": p.AuthName,
+ "given_name": p.AuthGivenName,
+ "family_name": p.AuthFamilyName,
"alt_verified": true, // for custom claim tests
"alt_email": "alt_email@example.com", // for custom claim tests
"alt_username": "desired-username", // for custom claim tests
"alt_verified": true, // for custom claim tests
"alt_email": "alt_email@example.com", // for custom claim tests
"alt_username": "desired-username", // for custom claim tests
@@
-122,6
+132,12
@@
func (p *OIDCProvider) serveOIDC(w http.ResponseWriter, req *http.Request) {
case "/auth":
w.WriteHeader(http.StatusInternalServerError)
case "/userinfo":
case "/auth":
w.WriteHeader(http.StatusInternalServerError)
case "/userinfo":
+ if p.HoldUserInfo != nil {
+ p.HoldUserInfo <- req
+ }
+ if p.ReleaseUserInfo != nil {
+ <-p.ReleaseUserInfo
+ }
authhdr := req.Header.Get("Authorization")
if _, err := jwt.ParseSigned(strings.TrimPrefix(authhdr, "Bearer ")); err != nil {
p.c.Logf("OIDCProvider: bad auth %q", authhdr)
authhdr := req.Header.Get("Authorization")
if _, err := jwt.ParseSigned(strings.TrimPrefix(authhdr, "Bearer ")); err != nil {
p.c.Logf("OIDCProvider: bad auth %q", authhdr)
@@
-131,8
+147,8
@@
func (p *OIDCProvider) serveOIDC(w http.ResponseWriter, req *http.Request) {
json.NewEncoder(w).Encode(map[string]interface{}{
"sub": "fake-user-id",
"name": p.AuthName,
json.NewEncoder(w).Encode(map[string]interface{}{
"sub": "fake-user-id",
"name": p.AuthName,
- "given_name": p.AuthName,
- "family_name":
""
,
+ "given_name": p.Auth
Given
Name,
+ "family_name":
p.AuthFamilyName
,
"alt_username": "desired-username",
"email": p.AuthEmail,
"email_verified": p.AuthEmailVerified,
"alt_username": "desired-username",
"email": p.AuthEmail,
"email_verified": p.AuthEmailVerified,