From 509042e5b00a73180afb263ee23b86f44dc06b72 Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Tue, 1 Apr 2025 02:16:02 +0000 Subject: [PATCH] fix: remove shared mutable state between oidc tests --- coderd/userauth_test.go | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go index ad8e126706dd1..ddf3dceba236f 100644 --- a/coderd/userauth_test.go +++ b/coderd/userauth_test.go @@ -1988,22 +1988,28 @@ func TestUserLogout(t *testing.T) { func TestOIDCDomainErrorMessage(t *testing.T) { t.Parallel() - fake := oidctest.NewFakeIDP(t, oidctest.WithServing()) - allowedDomains := []string{"allowed1.com", "allowed2.org", "company.internal"} - cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) { - cfg.EmailDomain = allowedDomains - cfg.AllowSignups = true - }) - server := coderdtest.New(t, &coderdtest.Options{ - OIDCConfig: cfg, - }) + setup := func() (*oidctest.FakeIDP, *codersdk.Client) { + fake := oidctest.NewFakeIDP(t, oidctest.WithServing()) + + cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) { + cfg.EmailDomain = allowedDomains + cfg.AllowSignups = true + }) + + client := coderdtest.New(t, &coderdtest.Options{ + OIDCConfig: cfg, + }) + return fake, client + } // Test case 1: Email domain not in allowed list t.Run("ErrorMessageOmitsDomains", func(t *testing.T) { t.Parallel() + fake, client := setup() + // Prepare claims with email from unauthorized domain claims := jwt.MapClaims{ "email": "user@unauthorized.com", @@ -2011,7 +2017,7 @@ func TestOIDCDomainErrorMessage(t *testing.T) { "sub": uuid.NewString(), } - _, resp := fake.AttemptLogin(t, server, claims) + _, resp := fake.AttemptLogin(t, client, claims) defer resp.Body.Close() require.Equal(t, http.StatusForbidden, resp.StatusCode) @@ -2031,6 +2037,8 @@ func TestOIDCDomainErrorMessage(t *testing.T) { t.Run("MalformedEmailErrorOmitsDomains", func(t *testing.T) { t.Parallel() + fake, client := setup() + // Prepare claims with an invalid email format (no @ symbol) claims := jwt.MapClaims{ "email": "invalid-email-without-domain", @@ -2038,7 +2046,7 @@ func TestOIDCDomainErrorMessage(t *testing.T) { "sub": uuid.NewString(), } - _, resp := fake.AttemptLogin(t, server, claims) + _, resp := fake.AttemptLogin(t, client, claims) defer resp.Body.Close() require.Equal(t, http.StatusForbidden, resp.StatusCode)