refactor: tests (#731)

* tests: rework tests for context controller * tests: add tests for health controller * tests: add tests for oidc controller * tests: use testify assert in context and health controller * tests: add tests for user controller * tests: add tests for resources controller * tests: add well known controller tests * test: add proxy controller tests * chore: review comments * chore: more review comments * chore: cancel lockdown in testing * tests: fix get cookie domain tests * chore: add comment for testing passwords
2026-03-31 10:57:55 +00:00 · 2026-03-30 15:31:34 +03:00
parent f65df872f0
commit 5811218dbf
12 changed files with 1501 additions and 968 deletions
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -1,6 +1,7 @@
 package service

 import (
+	"context"
 	"database/sql"
 	"errors"
 	"fmt"
@@ -78,6 +79,8 @@ type AuthService struct {
 	queries              *repository.Queries
 	oauthBroker          *OAuthBrokerService
 	lockdown             *Lockdown
+	lockdownCtx          context.Context
+	lockdownCancelFunc   context.CancelFunc
 }

 func NewAuthService(config AuthServiceConfig, docker *DockerService, ldap *LdapService, queries *repository.Queries, oauthBroker *OAuthBrokerService) *AuthService {
@@ -770,6 +773,11 @@ func (auth *AuthService) ensureOAuthSessionLimit() {
 }

 func (auth *AuthService) lockdownMode() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	auth.lockdownCtx = ctx
+	auth.lockdownCancelFunc = cancel
+
 	auth.loginMutex.Lock()

 	tlog.App.Warn().Msg("Multiple login attempts detected, possibly DDOS attack. Activating temporary lockdown.")
@@ -788,7 +796,12 @@ func (auth *AuthService) lockdownMode() {

 	auth.loginMutex.Unlock()

-	<-timer.C
+	select {
+	case <-timer.C:
+		// Timer expired, end lockdown
+	case <-ctx.Done():
+		// Context cancelled, end lockdown
+	}

 	auth.loginMutex.Lock()

@@ -796,3 +809,13 @@ func (auth *AuthService) lockdownMode() {
 	auth.lockdown = nil
 	auth.loginMutex.Unlock()
 }
+
+// Function only used for testing - do not use in prod!
+func (auth *AuthService) ClearRateLimitsTestingOnly() {
+	auth.loginMutex.Lock()
+	auth.loginAttempts = make(map[string]*LoginAttempt)
+	if auth.lockdown != nil {
+		auth.lockdownCancelFunc()
+	}
+	auth.loginMutex.Unlock()
+}