root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 243 Packages Projects Releases Wiki Activity
grafana/pkg/api/login_oauth_test.go

211 lines
6.1 KiB
Go
Raw Normal View History

OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
package api
import (
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
"errors"
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
"net/http"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Auth: Remove auth broker flag and clean up login handlers (#73109) * Auth: Remove auth broker flag and clean up login handlers
2023-08-10 15:56:04 +08:00
"github.com/grafana/grafana/pkg/infra/log"
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
"github.com/grafana/grafana/pkg/models/usertoken"
"github.com/grafana/grafana/pkg/services/authn"
"github.com/grafana/grafana/pkg/services/authn/authntest"
OAuth: Refactor OAuth parameters handling to support obtaining refresh tokens for Google OAuth (#58782) * Add ApprovalForce to AuthCodeOptions * Extract access token validity check to a function * Refactor * Oauth: set options internally instead of exposing new function * Align tests * Remove unused function Co-authored-by: Karl Persson <kalle.persson@grafana.com>
2022-11-18 17:12:17 +08:00
"github.com/grafana/grafana/pkg/services/secrets/fakes"
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
"github.com/grafana/grafana/pkg/setting"
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
"github.com/grafana/grafana/pkg/web/webtest"
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
)
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
func setClientWithoutRedirectFollow(t *testing.T, s *webtest.Server) {
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
t.Helper()
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
s.HttpClient = &http.Client{
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
}
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
}
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
func TestOAuthLogin_Redirect(t *testing.T) {
type testCase struct {
desc string
expectedErr error
expectedCode int
expectedRedirect *authn.Redirect
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
}
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
tests := []testCase{
{
desc: "should be redirected to /login when passing un-configured provider",
expectedErr: authn.ErrClientNotConfigured,
expectedCode: http.StatusFound,
},
{
desc: "should be redirected to provider",
expectedCode: http.StatusFound,
expectedRedirect: &authn.Redirect{
URL: "https://some-provider.com",
Extra: map[string]string{
authn.KeyOAuthState: "some-state",
},
},
},
{
desc: "should set pkce cookie",
expectedCode: http.StatusFound,
expectedRedirect: &authn.Redirect{
URL: "https://some-provider.com",
Extra: map[string]string{
authn.KeyOAuthState: "some-state",
authn.KeyOAuthPKCE: "pkce-",
},
},
},
}
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
hs.SecretsService = fakes.NewFakeSecretsService()
hs.authnService = &authntest.FakeService{
ExpectedErr: tt.expectedErr,
ExpectedRedirect: tt.expectedRedirect,
}
})
// we need to prevent the http.Client from following redirects
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
setClientWithoutRedirectFollow(t, server)
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
res, err := server.Send(server.NewGetRequest("/login/generic_oauth"))
require.NoError(t, err)
assert.Equal(t, http.StatusFound, res.StatusCode)
// on every error we should get redirected to /login
if tt.expectedErr != nil {
assert.Equal(t, "/login", res.Header.Get("Location"))
} else {
// check that we get correct redirect url
assert.Equal(t, tt.expectedRedirect.URL, res.Header.Get("Location"))
require.GreaterOrEqual(t, len(res.Cookies()), 1)
if tt.expectedRedirect.Extra[authn.KeyOAuthPKCE] != "" {
require.Len(t, res.Cookies(), 2)
} else {
require.Len(t, res.Cookies(), 1)
}
require.GreaterOrEqual(t, len(res.Cookies()), 1)
stateCookie := res.Cookies()[0]
assert.Equal(t, OauthStateCookieName, stateCookie.Name)
assert.Equal(t, tt.expectedRedirect.Extra[authn.KeyOAuthState], stateCookie.Value)
if tt.expectedRedirect.Extra[authn.KeyOAuthPKCE] != "" {
require.Len(t, res.Cookies(), 2)
pkceCookie := res.Cookies()[1]
assert.Equal(t, OauthPKCECookieName, pkceCookie.Name)
assert.Equal(t, tt.expectedRedirect.Extra[authn.KeyOAuthPKCE], pkceCookie.Value)
} else {
require.Len(t, res.Cookies(), 1)
}
require.NoError(t, res.Body.Close())
}
})
OAuth: Support PKCE (#39948)
2021-10-13 22:45:15 +08:00
}
}
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
func TestOAuthLogin_AuthorizationCode(t *testing.T) {
type testCase struct {
desc string
expectedErr error
expectedIdentity *authn.Identity
}
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
tests := []testCase{
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
{
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
desc: "should redirect to /login on error",
expectedErr: errors.New("some error"),
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
},
{
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
desc: "should redirect to / and set session cookie on successful authentication",
expectedIdentity: &authn.Identity{
SessionToken: &usertoken.UserToken{UnhashedToken: "some-token"},
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
},
},
}
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
var cfg *setting.Cfg
server := SetupAPITestServer(t, func(hs *HTTPServer) {
cfg = setting.NewCfg()
hs.Cfg = cfg
hs.Cfg.LoginCookieName = "some_name"
hs.SecretsService = fakes.NewFakeSecretsService()
hs.authnService = &authntest.FakeService{
ExpectedErr: tt.expectedErr,
ExpectedIdentity: tt.expectedIdentity,
}
})
// we need to prevent the http.Client from following redirects
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
setClientWithoutRedirectFollow(t, server)
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
res, err := server.Send(server.NewGetRequest("/login/generic_oauth?code=code"))
require.NoError(t, err)
require.GreaterOrEqual(t, len(res.Cookies()), 3)
// make sure oauth state cookie is deleted
assert.Equal(t, OauthStateCookieName, res.Cookies()[0].Name)
assert.Equal(t, "", res.Cookies()[0].Value)
assert.Equal(t, -1, res.Cookies()[0].MaxAge)
// make sure oauth pkce cookie is deleted
assert.Equal(t, OauthPKCECookieName, res.Cookies()[1].Name)
assert.Equal(t, "", res.Cookies()[1].Value)
assert.Equal(t, -1, res.Cookies()[1].MaxAge)
if tt.expectedErr != nil {
require.Len(t, res.Cookies(), 3)
assert.Equal(t, http.StatusFound, res.StatusCode)
assert.Equal(t, "/login", res.Header.Get("Location"))
assert.Equal(t, loginErrorCookieName, res.Cookies()[2].Name)
} else {
require.Len(t, res.Cookies(), 4)
assert.Equal(t, http.StatusFound, res.StatusCode)
assert.Equal(t, "/", res.Header.Get("Location"))
// verify session expiry cookie is set
assert.Equal(t, cfg.LoginCookieName, res.Cookies()[2].Name)
assert.Equal(t, "grafana_session_expiry", res.Cookies()[3].Name)
}
require.NoError(t, res.Body.Close())
})
Auth: Add skip_org_role_sync setting for GrafanaCom (#60553) * add frontend settings and setting for grafanacom * removed println * add skip-org-role-sync on login * add deprecation notice for this field * remove println * remove newline * change and renamed variables * fix for reconfiguring the settings for grafanacom * add documentationf or grafanacom setup * WIP tests * added tests * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * updated steps * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * doc: updated the docs to reflect what happens to grafana.com users * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * Update docs/sources/setup-grafana/configure-security/configure-authentication/grafana-com/index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add blankline * rephrase of doc improvements for explaing of the settings * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Jo <joao.guerreiro@grafana.com> * add frontend setting for grafanacom. * WIP tests * refactor docs * frontend to adhere to skipping org role sync for GrafanaCom users * update docs to reflect desired behavior * tests: added test for skip and nonskip * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jo <joao.guerreiro@grafana.com> Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2023-01-12 23:44:08 +08:00
}
}
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
func TestOAuthLogin_Error(t *testing.T) {
server := SetupAPITestServer(t, func(hs *HTTPServer) {
hs.Cfg = setting.NewCfg()
Auth: Remove auth broker flag and clean up login handlers (#73109) * Auth: Remove auth broker flag and clean up login handlers
2023-08-10 15:56:04 +08:00
hs.log = log.NewNopLogger()
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
hs.SecretsService = fakes.NewFakeSecretsService()
})
apply 445-202506261243 manually
2025-07-02 22:45:07 +08:00
setClientWithoutRedirectFollow(t, server)
Auth: Use authn.Service for all tests (#72921) * Dashboards: Fix tests when authn broker is enabled. StarService was not configured for tests, the call was guarded by !c.IsSignedIn * Change default to be anon user to match expectations from tests * OAuth: rewrite tests to work with authn.Service * Setup template renderer by default * Extract cookie options from cfg instead of relying on global variables * Fix test to work with authn service * Middleware: rewrite auth tests * Remvoe session cookie if we cannot refresh access token
2023-08-09 14:54:52 +08:00
res, err := server.Send(server.NewGetRequest("/login/azuread?error=someerror"))
require.NoError(t, err)
assert.Equal(t, http.StatusFound, res.StatusCode)
assert.Equal(t, "/login", res.Header.Get("Location"))
require.Len(t, res.Cookies(), 1)
errCookie := res.Cookies()[0]
assert.Equal(t, loginErrorCookieName, errCookie.Name)
require.NoError(t, res.Body.Close())
}