mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
refactor: move OAuth2 provider code to dedicated package (#18746)
# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
This commit is contained in:
77
coderd/oauth2provider/pkce_test.go
Normal file
77
coderd/oauth2provider/pkce_test.go
Normal file
@ -0,0 +1,77 @@
|
||||
package oauth2provider_test
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/coder/coder/v2/coderd/oauth2provider"
|
||||
)
|
||||
|
||||
func TestVerifyPKCE(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
verifier string
|
||||
challenge string
|
||||
expectValid bool
|
||||
}{
|
||||
{
|
||||
name: "ValidPKCE",
|
||||
verifier: "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
|
||||
challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
|
||||
expectValid: true,
|
||||
},
|
||||
{
|
||||
name: "InvalidPKCE",
|
||||
verifier: "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
|
||||
challenge: "wrong_challenge",
|
||||
expectValid: false,
|
||||
},
|
||||
{
|
||||
name: "EmptyChallenge",
|
||||
verifier: "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
|
||||
challenge: "",
|
||||
expectValid: false,
|
||||
},
|
||||
{
|
||||
name: "EmptyVerifier",
|
||||
verifier: "",
|
||||
challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
|
||||
expectValid: false,
|
||||
},
|
||||
{
|
||||
name: "BothEmpty",
|
||||
verifier: "",
|
||||
challenge: "",
|
||||
expectValid: false,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
result := oauth2provider.VerifyPKCE(tt.challenge, tt.verifier)
|
||||
require.Equal(t, tt.expectValid, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestPKCES256Generation(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
// Test that we can generate a valid S256 challenge from a verifier
|
||||
verifier := "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
|
||||
expectedChallenge := "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"
|
||||
|
||||
// Generate challenge using S256 method
|
||||
h := sha256.Sum256([]byte(verifier))
|
||||
challenge := base64.RawURLEncoding.EncodeToString(h[:])
|
||||
|
||||
require.Equal(t, expectedChallenge, challenge)
|
||||
require.True(t, oauth2provider.VerifyPKCE(challenge, verifier))
|
||||
}
|
Reference in New Issue
Block a user