diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/sessions/controller.go | 6 | ||||
| -rw-r--r-- | app/controllers/sessions/controller_test.go | 19 | ||||
| -rw-r--r-- | app/controllers/sessions/service.go | 2 | ||||
| -rw-r--r-- | app/controllers/sessions/service_test.go | 9 |
4 files changed, 34 insertions, 2 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go index 25c215e..e2f4b22 100644 --- a/app/controllers/sessions/controller.go +++ b/app/controllers/sessions/controller.go @@ -5,6 +5,7 @@ import ( "time" "github.com/xlgmokha/x/pkg/log" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" ) @@ -26,6 +27,11 @@ func (c *Controller) MountTo(mux *http.ServeMux) { } func (c *Controller) New(w http.ResponseWriter, r *http.Request) { + if middleware.IsLoggedIn(r) { + http.Redirect(w, r, "/dashboard", http.StatusFound) + return + } + url, nonce := c.svc.GenerateRedirectURL() http.SetCookie(w, cookie.New("oauth_state", nonce, time.Now().Add(10*time.Minute))) http.Redirect(w, r, url, http.StatusFound) diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go index 64c9fc1..05f642b 100644 --- a/app/controllers/sessions/controller_test.go +++ b/app/controllers/sessions/controller_test.go @@ -12,6 +12,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/xlgmokha/x/pkg/x" + xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" @@ -68,7 +70,22 @@ func TestSessions(t *testing.T) { }) }) - t.Run("with an active authenicated session", func(t *testing.T) {}) + t.Run("with an active authenicated session", func(t *testing.T) { + t.Run("redirects to the dashboard", func(t *testing.T) { + user := &domain.User{} + r, w := test.RequestResponse( + "GET", + "/session/new", + test.WithContextKeyValue(t.Context(), xcfg.CurrentUser, user), + ) + + mux.ServeHTTP(w, r) + + require.Equal(t, http.StatusFound, w.Code) + assert.Equal(t, "/dashboard", w.Header().Get("Location")) + }) + }) + t.Run("with an expired authenicated session", func(t *testing.T) {}) }) diff --git a/app/controllers/sessions/service.go b/app/controllers/sessions/service.go index 68ee26d..cbd00fe 100644 --- a/app/controllers/sessions/service.go +++ b/app/controllers/sessions/service.go @@ -22,7 +22,7 @@ func NewService(cfg *oidc.OpenID, http *http.Client) *Service { } func (svc *Service) GenerateRedirectURL() (string, string) { - nonce := pls.GenerateNonce(32) + nonce := pls.GenerateRandomHex(32) url := svc.cfg.Config.AuthCodeURL( nonce, oauth2.SetAuthURLParam("audience", svc.cfg.Config.ClientID), diff --git a/app/controllers/sessions/service_test.go b/app/controllers/sessions/service_test.go new file mode 100644 index 0000000..5f270f0 --- /dev/null +++ b/app/controllers/sessions/service_test.go @@ -0,0 +1,9 @@ +package sessions + +import "testing" + +func TestService(t *testing.T) { + t.Run("Exchange", func(t *testing.T) { + + }) +} |