test: add test for OIDC+JSON continuity cookie

ory · Jun 13, 2023 · c5a5972 · c5a5972
1 parent 940e9b0
commit c5a5972
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 2 deletions.
diff --git a/selfservice/flow/login/hook.go b/selfservice/flow/login/hook.go
@@ -114,7 +114,15 @@ func (e *HookExecutor) handleLoginError(_ http.ResponseWriter, r *http.Request,
 	return flowError
 }
 
-func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, g node.UiNodeGroup, a *Flow, i *identity.Identity, s *session.Session, provider string) (err error) {
+func (e *HookExecutor) PostLoginHook(
+	w http.ResponseWriter,
+	r *http.Request,
+	g node.UiNodeGroup,
+	a *Flow,
+	i *identity.Identity,
+	s *session.Session,
+	provider string,
+) (err error) {
 	ctx := r.Context()
 	ctx, span := e.d.Tracer(ctx).Tracer().Start(ctx, "HookExecutor.PostLoginHook")
 	r = r.WithContext(ctx)

diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go
@@ -149,7 +149,7 @@ func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login
 	return nil, s.handleError(w, r, a, provider.Config().ID, nil, errors.WithStack(herodot.ErrInternalServerError.WithReason("Unable to find matching OpenID Connect Credentials.").WithDebugf(`Unable to find credentials that match the given provider "%s" and subject "%s".`, provider.Config().ID, claims.Subject)))
 }
 
-func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, identityID uuid.UUID) (i *identity.Identity, err error) {
+func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, _ uuid.UUID) (i *identity.Identity, err error) {
 	if err := login.CheckAAL(f, identity.AuthenticatorAssuranceLevel1); err != nil {
 		return nil, err
 	}

diff --git a/selfservice/strategy/oidc/strategy_test.go b/selfservice/strategy/oidc/strategy_test.go
@@ -155,6 +155,25 @@ func TestStrategy(t *testing.T) {
 		return makeRequestWithCookieJar(t, provider, action, fv, nil)
 	}
 
+	var makeJSONRequest = func(t *testing.T, provider string, action string, fv url.Values) (*http.Response, []byte) {
+		fv.Set("provider", provider)
+		client := testhelpers.NewClientWithCookieJar(t, nil, false)
+		req, err := http.NewRequest("POST", action, strings.NewReader(fv.Encode()))
+		require.NoError(t, err)
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+		req.Header.Set("Accept", "application/json")
+		res, err := client.Do(req)
+		require.NoError(t, err, action)
+
+		body, err := io.ReadAll(res.Body)
+		require.NoError(t, res.Body.Close())
+		require.NoError(t, err)
+
+		require.Equal(t, 422, res.StatusCode, "%s: %s\n\t%s", action, res.Request.URL.String(), body)
+
+		return res, body
+	}
+
 	var makeAPICodeFlowRequest = func(t *testing.T, provider, action string) (returnToCode string) {
 		res, err := testhelpers.NewDebugClient(t).Post(action, "application/json", strings.NewReader(fmt.Sprintf(`{
 	"method": "oidc",
@@ -461,6 +480,25 @@ func TestStrategy(t *testing.T) {
 		})
 	})
 
+	t.Run("case=login with Browser+JSON", func(t *testing.T) {
+		subject = "login-with-browser-json@ory.sh"
+		scope = []string{"openid"}
+
+		t.Run("case=should pass login", func(t *testing.T) {
+			r := newBrowserLoginFlow(t, returnTS.URL, time.Minute)
+			action := assertFormValues(t, r.ID, "valid")
+			res, body := makeJSONRequest(t, "valid", action, url.Values{})
+
+			assert.Equal(t, "browser_location_change_required", gjson.GetBytes(body, "error.id").String(), "%s", body)
+
+			continuityCookie := res.Header.Get("Set-Cookie")
+			key, val, ok := strings.Cut(continuityCookie, "=")
+			require.True(t, ok)
+			assert.Equal(t, "ory_kratos_continuity", key)
+			assert.NotEmpty(t, val)
+		})
+	})
+
 	t.Run("suite=API with session token exchange code", func(t *testing.T) {
 		scope = []string{"openid"}