From c31754c55592c4f23a4aa5d291c8fef75175f6e2 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 2 Nov 2018 08:35:26 +0000
Subject: [PATCH] Add a logout test

---
 server/http_test.go | 63 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/server/http_test.go b/server/http_test.go
index 379f82f..a65b21a 100644
--- a/server/http_test.go
+++ b/server/http_test.go
@@ -195,6 +195,69 @@ func TestHTTP_Login(t *testing.T) {
 	doPostForm(t, httpSrv, c, "/login", v, checkRedirectToTargetService)
 }
 
+func TestHTTP_LoginOnSecondAttempt(t *testing.T) {
+	tmpdir, httpSrv := startTestHTTPServer(t)
+	defer os.RemoveAll(tmpdir)
+	defer httpSrv.Close()
+
+	c := newTestHTTPClient()
+
+	// Simulate an authorization request from a service, expect to
+	// see the login page.
+	v := make(url.Values)
+	v.Set("s", "service.example.com/")
+	v.Set("d", "https://service.example.com/admin/")
+	v.Set("n", "averysecretnonce")
+	doGet(t, httpSrv, c, "/?"+v.Encode(), checkStatusOk, checkLoginPasswordPage)
+
+	// Attempt to login with wrong credentials.
+	v = make(url.Values)
+	v.Set("username", "testuser")
+	v.Set("password", "badpassword")
+	doPostForm(t, httpSrv, c, "/login", v, checkStatusOk, checkLoginPasswordPage)
+
+	// Attempt to login by submitting the form. We expect the
+	// result to be a 302 redirect to the target service.
+	v = make(url.Values)
+	v.Set("username", "testuser")
+	v.Set("password", "password")
+	doPostForm(t, httpSrv, c, "/login", v, checkRedirectToTargetService)
+}
+
+func TestHTTP_LoginAndLogout(t *testing.T) {
+	tmpdir, httpSrv := startTestHTTPServer(t)
+	defer os.RemoveAll(tmpdir)
+	defer httpSrv.Close()
+
+	c := newTestHTTPClient()
+
+	// Simulate an authorization request from a service, expect to
+	// see the login page.
+	v := make(url.Values)
+	v.Set("s", "service.example.com/")
+	v.Set("d", "https://service.example.com/admin/")
+	v.Set("n", "averysecretnonce")
+	doGet(t, httpSrv, c, "/?"+v.Encode(), checkStatusOk, checkLoginPasswordPage)
+
+	// Attempt to login by submitting the form. We expect the
+	// result to be a 302 redirect to the target service.
+	v = make(url.Values)
+	v.Set("username", "testuser")
+	v.Set("password", "password")
+	doPostForm(t, httpSrv, c, "/login", v, checkRedirectToTargetService)
+
+	// Make a logout request.
+	doGet(t, httpSrv, c, "/logout", checkStatusOk)
+	doPostForm(t, httpSrv, c, "/logout", nil, checkStatusOk)
+
+	// This new authorization request should send us to the login page.
+	v = make(url.Values)
+	v.Set("s", "service.example.com/")
+	v.Set("d", "https://service.example.com/admin/")
+	v.Set("n", "averysecretnonce")
+	doGet(t, httpSrv, c, "/?"+v.Encode(), checkStatusOk, checkLoginPasswordPage)
+}
+
 func TestHTTP_LoginOTP(t *testing.T) {
 	tmpdir, httpSrv := startTestHTTPServer(t)
 	defer os.RemoveAll(tmpdir)
-- 
GitLab