Mirror/forgejo
0
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-07-14 05:09:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix(sec): add tests for OAuth2 signup (#7755)

Browse source 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7755
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2025-05-02 06:25:56 +00:00
commit beb985062d
1 changed files with 66 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
tests/integration/oauth_test.go
View file

@ -1456,3 +1456,69 @@ func TestSignUpViaOAuthDefaultRestricted(t *testing.T) {
unittest.AssertExistsIf(t, true, &user_model.User{Name: "gitlab-user"}, "is_restricted = true") unittest.AssertExistsIf(t, true, &user_model.User{Name: "gitlab-user"}, "is_restricted = true")
} }
func TestSignUpViaOAuthLinking2FA(t *testing.T) {
defer tests.PrepareTestEnv(t)()
defer test.MockVariableValue(&setting.OAuth2Client.EnableAutoRegistration, true)()
defer test.MockVariableValue(&setting.OAuth2Client.AccountLinking, setting.OAuth2AccountLinkingAuto)()
// Fake that user 2 is enrolled into WebAuthn.
t.Cleanup(func() {
unittest.AssertSuccessfulDelete(t, &auth_model.WebAuthnCredential{UserID: 2})
})
unittest.AssertSuccessfulInsert(t, &auth_model.WebAuthnCredential{UserID: 2})
gitlabName := "gitlab"
addAuthSource(t, authSourcePayloadGitLabCustom(gitlabName))
userGitLabUserID := "BB(4)=107"
defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
return goth.User{
Provider: gitlabName,
UserID: userGitLabUserID,
NickName: "user2",
Email: "user2@example.com",
}, nil
})()
req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
resp := MakeRequest(t, req, http.StatusSeeOther)
// Make sure the user has to go through 2FA after linking.
assert.Equal(t, "/user/webauthn", test.RedirectURL(resp))
}
func TestSignUpViaOAuth2FA(t *testing.T) {
defer tests.PrepareTestEnv(t)()
defer test.MockVariableValue(&setting.OAuth2Client.EnableAutoRegistration, true)()
defer test.MockVariableValue(&setting.OAuth2Client.AccountLinking, setting.OAuth2AccountLinkingAuto)()
gitlabName := "gitlab"
addAuthSource(t, authSourcePayloadGitLabCustom(gitlabName))
userGitLabUserID := "BB(3)=21"
defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
return goth.User{
Provider: gitlabName,
UserID: userGitLabUserID,
NickName: "user2",
Email: "user2@example.com",
}, nil
})()
req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
resp := MakeRequest(t, req, http.StatusSeeOther)
// Make sure the user can login normally and is linked.
assert.Equal(t, "/", test.RedirectURL(resp))
// Fake that user 2 is enrolled into WebAuthn.
t.Cleanup(func() {
unittest.AssertSuccessfulDelete(t, &auth_model.WebAuthnCredential{UserID: 2})
})
unittest.AssertSuccessfulInsert(t, &auth_model.WebAuthnCredential{UserID: 2})
req = NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
resp = MakeRequest(t, req, http.StatusSeeOther)
// Make sure user has to go through 2FA.
assert.Equal(t, "/user/webauthn", test.RedirectURL(resp))
}