public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

test: Add specific OAuth redirect assertions per code review feedback 

Improve TestAuthOnlyEndpointRedirectWithSkipProviderButton to verify
that the Location header actually redirects to the OAuth provider's
authorize endpoint with required parameters (client_id, redirect_uri,
state), not just that a Location header exists.

Signed-off-by: Stefan Markmann <stefan@markmann.net>
This commit is contained in:
Stefan Markmann 2026-01-17 13:58:00 +01:00
parent 22c410b65b
commit 4024efb1f9
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
oauthproxy_test.go
View File

@ -1144,6 +1144,13 @@ func TestAuthOnlyEndpointRedirectWithSkipProviderButton(t *testing.T) {
assert.Equal(t, http.StatusFound, test.rw.Code)
location := test.rw.Header().Get("Location")
assert.NotEmpty(t, location, "Expected Location header for redirect")
// Verify the redirect points to the OAuth provider's authorize endpoint
// and contains key OAuth parameters
assert.Contains(t, location, "/oauth/authorize", "Expected redirect to OAuth authorize endpoint")
assert.Contains(t, location, "client_id=", "Expected client_id in redirect URL")
assert.Contains(t, location, "redirect_uri=", "Expected redirect_uri in redirect URL")
assert.Contains(t, location, "state=", "Expected state parameter in redirect URL")
}
func TestAuthOnlyEndpointUnauthorizedOnExpiration(t *testing.T) {