From: Brett Smith <brett.smith@curii.com>
Date: Tue, 21 Nov 2023 21:33:57 +0000 (-0500)
Subject: 21137: Tighten TestEndSessionEndpointBadScheme check
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/795fecd239bb7905c92576be8c6e1c3144c17fc3?hp=8ab0bcca4fc5dae249e25a97bbc3a816c160d05d

21137: Tighten TestEndSessionEndpointBadScheme check

Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>
---

diff --git a/lib/controller/localdb/login_oidc_test.go b/lib/controller/localdb/login_oidc_test.go
index 7384935246..f505f5bc49 100644
--- a/lib/controller/localdb/login_oidc_test.go
+++ b/lib/controller/localdb/login_oidc_test.go
@@ -15,6 +15,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"regexp"
 	"sort"
 	"strings"
 	"sync"
@@ -149,9 +150,11 @@ func (s *OIDCLoginSuite) TestRPInitiatedLogoutWithReturnTo(c *check.C) {
 
 func (s *OIDCLoginSuite) TestEndSessionEndpointBadScheme(c *check.C) {
 	// RP-Initiated Logout 1.0 says: "This URL MUST use the https scheme..."
-	s.fakeProvider.EndSessionEndpoint = &url.URL{Scheme: "http", Host: "example.com"}
+	u := url.URL{Scheme: "http", Host: "example.com"}
+	s.fakeProvider.EndSessionEndpoint = &u
 	_, err := s.localdb.Logout(s.ctx, arvados.LogoutOptions{})
-	c.Check(err, check.NotNil)
+	c.Check(err, check.ErrorMatches,
+		`.*\bend_session_endpoint MUST use HTTPS but does not: `+regexp.QuoteMeta(u.String()))
 }
 
 func (s *OIDCLoginSuite) TestNoRPInitiatedLogoutWithoutToken(c *check.C) {