diff options
author | Patrick O'Doherty <p@trickod.com> | 2016-05-23 17:56:15 +0100 |
---|---|---|
committer | Patrick O'Doherty <p@trickod.com> | 2016-05-24 12:25:15 +0100 |
commit | 6f86efb594721bc577c56b284f5f2499e563c45c (patch) | |
tree | d5e98834090b6f800893b7ff3708f0ff419f106c /server/auth/github/github_test.go | |
parent | 7f6b342de26e16e197f69c7576bb687aac03e527 (diff) |
Don't allow wide-open Google or Github configs
Fail loudly if either the google_opts domain value or github_opts organization
values are not set in the configuration. The lack of these values means that
a) in the Google case any @gmail.com address will be allowed
b) the Github case any Github user will be allowed.
This was previously documented but left as a foot-gun in the code.
Future commits will allow for explicit wildcards to be set.
Diffstat (limited to 'server/auth/github/github_test.go')
-rw-r--r-- | server/auth/github/github_test.go | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/server/auth/github/github_test.go b/server/auth/github/github_test.go index 383642f..f50d134 100644 --- a/server/auth/github/github_test.go +++ b/server/auth/github/github_test.go @@ -19,7 +19,7 @@ var ( func TestNew(t *testing.T) { a := assert.New(t) - p := newGithub() + p, _ := newGithub() g := p.(*Config) a.Equal(g.config.ClientID, oauthClientID) a.Equal(g.config.ClientSecret, oauthClientSecret) @@ -27,10 +27,20 @@ func TestNew(t *testing.T) { a.Equal(g.organization, organization) } +func TestNewEmptyOrganization(t *testing.T) { + organization = "" + a := assert.New(t) + + _, err := newGithub() + a.EqualError(err, "github_opts organization must not be empty") + + organization = "exampleorg" +} + func TestStartSession(t *testing.T) { a := assert.New(t) - p := newGithub() + p, _ := newGithub() s := p.StartSession("test_state") a.Equal(s.State, "test_state") a.Contains(s.AuthURL, "github.com/login/oauth/authorize") @@ -38,7 +48,7 @@ func TestStartSession(t *testing.T) { a.Contains(s.AuthURL, fmt.Sprintf("client_id=%s", oauthClientID)) } -func newGithub() auth.Provider { +func newGithub() (auth.Provider, error) { c := &config.Auth{ OauthClientID: oauthClientID, OauthClientSecret: oauthClientSecret, |