fix(settings): restore wechat and payment config persistence
This commit is contained in:
IanShaw027
@@ -122,6 +122,13 @@ func (h *SettingHandler) GetSettings(c *gin.Context) {
|
||||
LinuxDoConnectClientID: settings.LinuxDoConnectClientID,
|
||||
LinuxDoConnectClientSecretConfigured: settings.LinuxDoConnectClientSecretConfigured,
|
||||
LinuxDoConnectRedirectURL: settings.LinuxDoConnectRedirectURL,
|
||||
WeChatConnectEnabled: settings.WeChatConnectEnabled,
|
||||
WeChatConnectAppID: settings.WeChatConnectAppID,
|
||||
WeChatConnectAppSecretConfigured: settings.WeChatConnectAppSecretConfigured,
|
||||
WeChatConnectMode: settings.WeChatConnectMode,
|
||||
WeChatConnectScopes: settings.WeChatConnectScopes,
|
||||
WeChatConnectRedirectURL: settings.WeChatConnectRedirectURL,
|
||||
WeChatConnectFrontendRedirectURL: settings.WeChatConnectFrontendRedirectURL,
|
||||
OIDCConnectEnabled: settings.OIDCConnectEnabled,
|
||||
OIDCConnectProviderName: settings.OIDCConnectProviderName,
|
||||
OIDCConnectClientID: settings.OIDCConnectClientID,
|
||||
@@ -246,6 +253,15 @@ type UpdateSettingsRequest struct {
|
||||
LinuxDoConnectClientSecret string `json:"linuxdo_connect_client_secret"`
|
||||
LinuxDoConnectRedirectURL string `json:"linuxdo_connect_redirect_url"`
|
||||
|
||||
// WeChat Connect OAuth 登录
|
||||
WeChatConnectEnabled bool `json:"wechat_connect_enabled"`
|
||||
WeChatConnectAppID string `json:"wechat_connect_app_id"`
|
||||
WeChatConnectAppSecret string `json:"wechat_connect_app_secret"`
|
||||
WeChatConnectMode string `json:"wechat_connect_mode"`
|
||||
WeChatConnectScopes string `json:"wechat_connect_scopes"`
|
||||
WeChatConnectRedirectURL string `json:"wechat_connect_redirect_url"`
|
||||
WeChatConnectFrontendRedirectURL string `json:"wechat_connect_frontend_redirect_url"`
|
||||
|
||||
// Generic OIDC OAuth 登录
|
||||
OIDCConnectEnabled bool `json:"oidc_connect_enabled"`
|
||||
OIDCConnectProviderName string `json:"oidc_connect_provider_name"`
|
||||
@@ -509,6 +525,54 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
if req.WeChatConnectEnabled {
|
||||
req.WeChatConnectAppID = strings.TrimSpace(req.WeChatConnectAppID)
|
||||
req.WeChatConnectAppSecret = strings.TrimSpace(req.WeChatConnectAppSecret)
|
||||
req.WeChatConnectMode = strings.ToLower(strings.TrimSpace(req.WeChatConnectMode))
|
||||
req.WeChatConnectScopes = strings.TrimSpace(req.WeChatConnectScopes)
|
||||
req.WeChatConnectRedirectURL = strings.TrimSpace(req.WeChatConnectRedirectURL)
|
||||
req.WeChatConnectFrontendRedirectURL = strings.TrimSpace(req.WeChatConnectFrontendRedirectURL)
|
||||
|
||||
if req.WeChatConnectAppID == "" {
|
||||
response.BadRequest(c, "WeChat App ID is required when enabled")
|
||||
return
|
||||
}
|
||||
if req.WeChatConnectAppSecret == "" {
|
||||
if previousSettings.WeChatConnectAppSecret == "" {
|
||||
response.BadRequest(c, "WeChat App Secret is required when enabled")
|
||||
return
|
||||
}
|
||||
req.WeChatConnectAppSecret = previousSettings.WeChatConnectAppSecret
|
||||
}
|
||||
if req.WeChatConnectMode == "" {
|
||||
req.WeChatConnectMode = "open"
|
||||
}
|
||||
switch req.WeChatConnectMode {
|
||||
case "open", "mp":
|
||||
default:
|
||||
response.BadRequest(c, "WeChat mode must be open or mp")
|
||||
return
|
||||
}
|
||||
if req.WeChatConnectScopes == "" {
|
||||
req.WeChatConnectScopes = service.DefaultWeChatConnectScopesForMode(req.WeChatConnectMode)
|
||||
}
|
||||
if req.WeChatConnectRedirectURL == "" {
|
||||
response.BadRequest(c, "WeChat Redirect URL is required when enabled")
|
||||
return
|
||||
}
|
||||
if err := config.ValidateAbsoluteHTTPURL(req.WeChatConnectRedirectURL); err != nil {
|
||||
response.BadRequest(c, "WeChat Redirect URL must be an absolute http(s) URL")
|
||||
return
|
||||
}
|
||||
if req.WeChatConnectFrontendRedirectURL == "" {
|
||||
req.WeChatConnectFrontendRedirectURL = "/auth/wechat/callback"
|
||||
}
|
||||
if err := config.ValidateFrontendRedirectURL(req.WeChatConnectFrontendRedirectURL); err != nil {
|
||||
response.BadRequest(c, "WeChat Frontend Redirect URL is invalid")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Generic OIDC 参数验证
|
||||
if req.OIDCConnectEnabled {
|
||||
req.OIDCConnectProviderName = strings.TrimSpace(req.OIDCConnectProviderName)
|
||||
@@ -857,6 +921,13 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
||||
LinuxDoConnectClientID: req.LinuxDoConnectClientID,
|
||||
LinuxDoConnectClientSecret: req.LinuxDoConnectClientSecret,
|
||||
LinuxDoConnectRedirectURL: req.LinuxDoConnectRedirectURL,
|
||||
WeChatConnectEnabled: req.WeChatConnectEnabled,
|
||||
WeChatConnectAppID: req.WeChatConnectAppID,
|
||||
WeChatConnectAppSecret: req.WeChatConnectAppSecret,
|
||||
WeChatConnectMode: req.WeChatConnectMode,
|
||||
WeChatConnectScopes: req.WeChatConnectScopes,
|
||||
WeChatConnectRedirectURL: req.WeChatConnectRedirectURL,
|
||||
WeChatConnectFrontendRedirectURL: req.WeChatConnectFrontendRedirectURL,
|
||||
OIDCConnectEnabled: req.OIDCConnectEnabled,
|
||||
OIDCConnectProviderName: req.OIDCConnectProviderName,
|
||||
OIDCConnectClientID: req.OIDCConnectClientID,
|
||||
@@ -1136,6 +1207,13 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
||||
LinuxDoConnectClientID: updatedSettings.LinuxDoConnectClientID,
|
||||
LinuxDoConnectClientSecretConfigured: updatedSettings.LinuxDoConnectClientSecretConfigured,
|
||||
LinuxDoConnectRedirectURL: updatedSettings.LinuxDoConnectRedirectURL,
|
||||
WeChatConnectEnabled: updatedSettings.WeChatConnectEnabled,
|
||||
WeChatConnectAppID: updatedSettings.WeChatConnectAppID,
|
||||
WeChatConnectAppSecretConfigured: updatedSettings.WeChatConnectAppSecretConfigured,
|
||||
WeChatConnectMode: updatedSettings.WeChatConnectMode,
|
||||
WeChatConnectScopes: updatedSettings.WeChatConnectScopes,
|
||||
WeChatConnectRedirectURL: updatedSettings.WeChatConnectRedirectURL,
|
||||
WeChatConnectFrontendRedirectURL: updatedSettings.WeChatConnectFrontendRedirectURL,
|
||||
OIDCConnectEnabled: updatedSettings.OIDCConnectEnabled,
|
||||
OIDCConnectProviderName: updatedSettings.OIDCConnectProviderName,
|
||||
OIDCConnectClientID: updatedSettings.OIDCConnectClientID,
|
||||
@@ -1329,6 +1407,27 @@ func diffSettings(before *service.SystemSettings, after *service.SystemSettings,
|
||||
if before.LinuxDoConnectRedirectURL != after.LinuxDoConnectRedirectURL {
|
||||
changed = append(changed, "linuxdo_connect_redirect_url")
|
||||
}
|
||||
if before.WeChatConnectEnabled != after.WeChatConnectEnabled {
|
||||
changed = append(changed, "wechat_connect_enabled")
|
||||
}
|
||||
if before.WeChatConnectAppID != after.WeChatConnectAppID {
|
||||
changed = append(changed, "wechat_connect_app_id")
|
||||
}
|
||||
if req.WeChatConnectAppSecret != "" {
|
||||
changed = append(changed, "wechat_connect_app_secret")
|
||||
}
|
||||
if before.WeChatConnectMode != after.WeChatConnectMode {
|
||||
changed = append(changed, "wechat_connect_mode")
|
||||
}
|
||||
if before.WeChatConnectScopes != after.WeChatConnectScopes {
|
||||
changed = append(changed, "wechat_connect_scopes")
|
||||
}
|
||||
if before.WeChatConnectRedirectURL != after.WeChatConnectRedirectURL {
|
||||
changed = append(changed, "wechat_connect_redirect_url")
|
||||
}
|
||||
if before.WeChatConnectFrontendRedirectURL != after.WeChatConnectFrontendRedirectURL {
|
||||
changed = append(changed, "wechat_connect_frontend_redirect_url")
|
||||
}
|
||||
if before.OIDCConnectEnabled != after.OIDCConnectEnabled {
|
||||
changed = append(changed, "oidc_connect_enabled")
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -149,7 +148,7 @@ func (h *AuthHandler) WeChatOAuthStart(c *gin.Context) {
|
||||
// WeChatOAuthCallback exchanges the code with WeChat, resolves openid/unionid,
|
||||
// and stores the result in the unified pending-auth flow.
|
||||
func (h *AuthHandler) WeChatOAuthCallback(c *gin.Context) {
|
||||
frontendCallback := wechatOAuthFrontendCallback()
|
||||
frontendCallback := h.wechatOAuthFrontendCallback(c.Request.Context())
|
||||
|
||||
if providerErr := strings.TrimSpace(c.Query("error")); providerErr != "" {
|
||||
redirectOAuthError(c, frontendCallback, "provider_error", providerErr, c.Query("error_description"))
|
||||
@@ -859,6 +858,10 @@ func (h *AuthHandler) getWeChatOAuthConfig(ctx context.Context, rawMode string,
|
||||
return wechatOAuthConfig{}, err
|
||||
}
|
||||
|
||||
if h == nil || h.settingSvc == nil {
|
||||
return wechatOAuthConfig{}, infraerrors.ServiceUnavailable("CONFIG_NOT_READY", "wechat oauth settings service not ready")
|
||||
}
|
||||
|
||||
apiBaseURL := ""
|
||||
if h != nil && h.settingSvc != nil {
|
||||
settings, err := h.settingSvc.GetAllSettings(ctx)
|
||||
@@ -867,27 +870,28 @@ func (h *AuthHandler) getWeChatOAuthConfig(ctx context.Context, rawMode string,
|
||||
}
|
||||
}
|
||||
|
||||
effective, err := h.settingSvc.GetWeChatConnectOAuthConfig(ctx)
|
||||
if err != nil {
|
||||
return wechatOAuthConfig{}, err
|
||||
}
|
||||
if effective.Mode != mode {
|
||||
return wechatOAuthConfig{}, infraerrors.NotFound("OAUTH_DISABLED", "wechat oauth is disabled")
|
||||
}
|
||||
|
||||
cfg := wechatOAuthConfig{
|
||||
mode: mode,
|
||||
redirectURI: resolveWeChatOAuthAbsoluteURL(apiBaseURL, c, "/api/v1/auth/oauth/wechat/callback"),
|
||||
frontendCallback: wechatOAuthFrontendCallback(),
|
||||
appID: strings.TrimSpace(effective.AppID),
|
||||
appSecret: strings.TrimSpace(effective.AppSecret),
|
||||
redirectURI: firstNonEmpty(strings.TrimSpace(effective.RedirectURL), resolveWeChatOAuthAbsoluteURL(apiBaseURL, c, "/api/v1/auth/oauth/wechat/callback")),
|
||||
frontendCallback: firstNonEmpty(strings.TrimSpace(effective.FrontendRedirectURL), wechatOAuthDefaultFrontendCB),
|
||||
scope: firstNonEmpty(strings.TrimSpace(effective.Scopes), service.DefaultWeChatConnectScopesForMode(mode)),
|
||||
}
|
||||
|
||||
switch mode {
|
||||
case "mp":
|
||||
cfg.appID = strings.TrimSpace(os.Getenv("WECHAT_OAUTH_MP_APP_ID"))
|
||||
cfg.appSecret = strings.TrimSpace(os.Getenv("WECHAT_OAUTH_MP_APP_SECRET"))
|
||||
cfg.authorizeURL = "https://open.weixin.qq.com/connect/oauth2/authorize"
|
||||
cfg.scope = "snsapi_userinfo"
|
||||
default:
|
||||
cfg.appID = strings.TrimSpace(os.Getenv("WECHAT_OAUTH_OPEN_APP_ID"))
|
||||
cfg.appSecret = strings.TrimSpace(os.Getenv("WECHAT_OAUTH_OPEN_APP_SECRET"))
|
||||
cfg.authorizeURL = "https://open.weixin.qq.com/connect/qrconnect"
|
||||
cfg.scope = "snsapi_login"
|
||||
}
|
||||
|
||||
if cfg.appID == "" || cfg.appSecret == "" {
|
||||
return wechatOAuthConfig{}, infraerrors.NotFound("OAUTH_DISABLED", "wechat oauth is disabled")
|
||||
}
|
||||
if strings.TrimSpace(cfg.redirectURI) == "" {
|
||||
return wechatOAuthConfig{}, infraerrors.InternalServer("OAUTH_CONFIG_INVALID", "wechat oauth redirect url not configured")
|
||||
@@ -896,8 +900,14 @@ func (h *AuthHandler) getWeChatOAuthConfig(ctx context.Context, rawMode string,
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
func wechatOAuthFrontendCallback() string {
|
||||
return firstNonEmpty(strings.TrimSpace(os.Getenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL")), wechatOAuthDefaultFrontendCB)
|
||||
func (h *AuthHandler) wechatOAuthFrontendCallback(ctx context.Context) string {
|
||||
if h != nil && h.settingSvc != nil {
|
||||
cfg, err := h.settingSvc.GetWeChatConnectOAuthConfig(ctx)
|
||||
if err == nil && strings.TrimSpace(cfg.FrontendRedirectURL) != "" {
|
||||
return strings.TrimSpace(cfg.FrontendRedirectURL)
|
||||
}
|
||||
}
|
||||
return wechatOAuthDefaultFrontendCB
|
||||
}
|
||||
|
||||
func resolveWeChatOAuthMode(rawMode string, c *gin.Context) (string, error) {
|
||||
|
||||
@@ -33,16 +33,22 @@ import (
|
||||
)
|
||||
|
||||
func TestWeChatOAuthStartRedirectsAndSetsPendingCookies(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
|
||||
gin.SetMode(gin.TestMode)
|
||||
handler, client := newWeChatOAuthTestHandlerWithSettings(t, false, map[string]string{
|
||||
service.SettingKeyWeChatConnectEnabled: "true",
|
||||
service.SettingKeyWeChatConnectAppID: "wx-open-app",
|
||||
service.SettingKeyWeChatConnectAppSecret: "wx-open-secret",
|
||||
service.SettingKeyWeChatConnectMode: "open",
|
||||
service.SettingKeyWeChatConnectScopes: "snsapi_login",
|
||||
service.SettingKeyWeChatConnectRedirectURL: "https://api.example.com/api/v1/auth/oauth/wechat/callback",
|
||||
service.SettingKeyWeChatConnectFrontendRedirectURL: "/auth/wechat/callback",
|
||||
})
|
||||
defer client.Close()
|
||||
recorder := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(recorder)
|
||||
c.Request = httptest.NewRequest(http.MethodGet, "/api/v1/auth/oauth/wechat/start?mode=open&redirect=/billing", nil)
|
||||
c.Request.Host = "api.example.com"
|
||||
|
||||
handler := &AuthHandler{}
|
||||
handler.WeChatOAuthStart(c)
|
||||
|
||||
require.Equal(t, http.StatusFound, recorder.Code)
|
||||
@@ -60,10 +66,6 @@ func TestWeChatOAuthStartRedirectsAndSetsPendingCookies(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackCreatesPendingSessionForUnifiedFlow(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -124,10 +126,6 @@ func TestWeChatOAuthCallbackCreatesPendingSessionForUnifiedFlow(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackRejectsMissingUnionID(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "https://app.example.com/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -151,7 +149,7 @@ func TestWeChatOAuthCallbackRejectsMissingUnionID(t *testing.T) {
|
||||
wechatOAuthAccessTokenURL = upstream.URL + "/sns/oauth2/access_token"
|
||||
wechatOAuthUserInfoURL = upstream.URL + "/sns/userinfo"
|
||||
|
||||
handler, client := newWeChatOAuthTestHandler(t, false)
|
||||
handler, client := newWeChatOAuthTestHandlerWithSettings(t, false, wechatOAuthTestSettings("open", "wx-open-app", "wx-open-secret", "https://app.example.com/auth/wechat/callback"))
|
||||
defer client.Close()
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
@@ -177,9 +175,6 @@ func TestWeChatOAuthCallbackRejectsMissingUnionID(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestWeChatPaymentOAuthCallbackRedirectsWithOpaqueResumeToken(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_MP_APP_ID", "wx-mp-app")
|
||||
t.Setenv("WECHAT_OAUTH_MP_APP_SECRET", "wx-mp-secret")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
t.Cleanup(func() {
|
||||
wechatOAuthAccessTokenURL = originalAccessTokenURL
|
||||
@@ -196,7 +191,7 @@ func TestWeChatPaymentOAuthCallbackRedirectsWithOpaqueResumeToken(t *testing.T)
|
||||
defer upstream.Close()
|
||||
wechatOAuthAccessTokenURL = upstream.URL + "/sns/oauth2/access_token"
|
||||
|
||||
handler, client := newWeChatOAuthTestHandler(t, false)
|
||||
handler, client := newWeChatOAuthTestHandlerWithSettings(t, false, wechatOAuthTestSettings("mp", "wx-mp-app", "wx-mp-secret", "/auth/wechat/callback"))
|
||||
defer client.Close()
|
||||
handler.cfg.Totp.EncryptionKey = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
|
||||
|
||||
@@ -240,7 +235,6 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
testCases := []struct {
|
||||
name string
|
||||
mode string
|
||||
appIDEnv string
|
||||
appID string
|
||||
appSecret string
|
||||
openID string
|
||||
@@ -248,7 +242,6 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
{
|
||||
name: "open",
|
||||
mode: "open",
|
||||
appIDEnv: "WECHAT_OAUTH_OPEN_APP_ID",
|
||||
appID: "wx-open-app",
|
||||
appSecret: "wx-open-secret",
|
||||
openID: "openid-open-123",
|
||||
@@ -256,7 +249,6 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
{
|
||||
name: "mp",
|
||||
mode: "mp",
|
||||
appIDEnv: "WECHAT_OAUTH_MP_APP_ID",
|
||||
appID: "wx-mp-app",
|
||||
appSecret: "wx-mp-secret",
|
||||
openID: "openid-mp-123",
|
||||
@@ -265,15 +257,6 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
t.Setenv(tc.appIDEnv, tc.appID)
|
||||
switch tc.mode {
|
||||
case "open":
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", tc.appSecret)
|
||||
case "mp":
|
||||
t.Setenv("WECHAT_OAUTH_MP_APP_SECRET", tc.appSecret)
|
||||
}
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -297,7 +280,7 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
wechatOAuthAccessTokenURL = upstream.URL + "/sns/oauth2/access_token"
|
||||
wechatOAuthUserInfoURL = upstream.URL + "/sns/userinfo"
|
||||
|
||||
handler, client := newWeChatOAuthTestHandler(t, false)
|
||||
handler, client := newWeChatOAuthTestHandlerWithSettings(t, false, wechatOAuthTestSettings(tc.mode, tc.appID, tc.appSecret, "/auth/wechat/callback"))
|
||||
defer client.Close()
|
||||
|
||||
currentUser, err := client.User.Create().
|
||||
@@ -354,10 +337,6 @@ func TestWeChatOAuthCallbackBindUsesUnionCanonicalIdentityAcrossChannels(t *test
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackBindRejectsCanonicalOwnershipConflict(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -436,10 +415,6 @@ func TestWeChatOAuthCallbackBindRejectsCanonicalOwnershipConflict(t *testing.T)
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackBindRejectsChannelOwnershipConflict(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -529,10 +504,6 @@ func TestWeChatOAuthCallbackBindRejectsChannelOwnershipConflict(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackBindRejectsLegacyProviderKeyOwnershipConflict(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -611,10 +582,6 @@ func TestWeChatOAuthCallbackBindRejectsLegacyProviderKeyOwnershipConflict(t *tes
|
||||
}
|
||||
|
||||
func TestCompleteWeChatOAuthRegistrationAfterInvitationPendingSession(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -737,10 +704,6 @@ func TestCompleteWeChatOAuthRegistrationAfterInvitationPendingSession(t *testing
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackRepairsLegacyOpenIDOnlyIdentity(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -900,10 +863,6 @@ func TestCompleteWeChatOAuthRegistrationRejectsAdoptExistingUserSession(t *testi
|
||||
}
|
||||
|
||||
func TestWeChatOAuthCallbackRepairsLegacyProviderKeyCanonicalIdentity(t *testing.T) {
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_FRONTEND_REDIRECT_URL", "/auth/wechat/callback")
|
||||
|
||||
originalAccessTokenURL := wechatOAuthAccessTokenURL
|
||||
originalUserInfoURL := wechatOAuthUserInfoURL
|
||||
t.Cleanup(func() {
|
||||
@@ -1010,6 +969,22 @@ func TestWeChatOAuthCallbackRepairsLegacyProviderKeyCanonicalIdentity(t *testing
|
||||
}
|
||||
|
||||
func newWeChatOAuthTestHandler(t *testing.T, invitationEnabled bool) (*AuthHandler, *dbent.Client) {
|
||||
return newWeChatOAuthTestHandlerWithSettings(t, invitationEnabled, nil)
|
||||
}
|
||||
|
||||
func wechatOAuthTestSettings(mode, appID, secret, frontendRedirect string) map[string]string {
|
||||
return map[string]string{
|
||||
service.SettingKeyWeChatConnectEnabled: "true",
|
||||
service.SettingKeyWeChatConnectAppID: appID,
|
||||
service.SettingKeyWeChatConnectAppSecret: secret,
|
||||
service.SettingKeyWeChatConnectMode: mode,
|
||||
service.SettingKeyWeChatConnectScopes: service.DefaultWeChatConnectScopesForMode(mode),
|
||||
service.SettingKeyWeChatConnectRedirectURL: "https://api.example.com/api/v1/auth/oauth/wechat/callback",
|
||||
service.SettingKeyWeChatConnectFrontendRedirectURL: frontendRedirect,
|
||||
}
|
||||
}
|
||||
|
||||
func newWeChatOAuthTestHandlerWithSettings(t *testing.T, invitationEnabled bool, extraSettings map[string]string) (*AuthHandler, *dbent.Client) {
|
||||
t.Helper()
|
||||
|
||||
db, err := sql.Open("sqlite", "file:auth_wechat_oauth?mode=memory&cache=shared")
|
||||
@@ -1036,12 +1011,17 @@ func newWeChatOAuthTestHandler(t *testing.T, invitationEnabled bool) (*AuthHandl
|
||||
UserConcurrency: 1,
|
||||
},
|
||||
}
|
||||
settingSvc := service.NewSettingService(&wechatOAuthSettingRepoStub{
|
||||
values: map[string]string{
|
||||
service.SettingKeyRegistrationEnabled: "true",
|
||||
service.SettingKeyInvitationCodeEnabled: boolSettingValue(invitationEnabled),
|
||||
},
|
||||
}, cfg)
|
||||
values := map[string]string{
|
||||
service.SettingKeyRegistrationEnabled: "true",
|
||||
service.SettingKeyInvitationCodeEnabled: boolSettingValue(invitationEnabled),
|
||||
}
|
||||
for key, value := range wechatOAuthTestSettings("open", "wx-open-app", "wx-open-secret", "/auth/wechat/callback") {
|
||||
values[key] = value
|
||||
}
|
||||
for key, value := range extraSettings {
|
||||
values[key] = value
|
||||
}
|
||||
settingSvc := service.NewSettingService(&wechatOAuthSettingRepoStub{values: values}, cfg)
|
||||
|
||||
authSvc := service.NewAuthService(
|
||||
client,
|
||||
|
||||
@@ -51,6 +51,14 @@ type SystemSettings struct {
|
||||
LinuxDoConnectClientSecretConfigured bool `json:"linuxdo_connect_client_secret_configured"`
|
||||
LinuxDoConnectRedirectURL string `json:"linuxdo_connect_redirect_url"`
|
||||
|
||||
WeChatConnectEnabled bool `json:"wechat_connect_enabled"`
|
||||
WeChatConnectAppID string `json:"wechat_connect_app_id"`
|
||||
WeChatConnectAppSecretConfigured bool `json:"wechat_connect_app_secret_configured"`
|
||||
WeChatConnectMode string `json:"wechat_connect_mode"`
|
||||
WeChatConnectScopes string `json:"wechat_connect_scopes"`
|
||||
WeChatConnectRedirectURL string `json:"wechat_connect_redirect_url"`
|
||||
WeChatConnectFrontendRedirectURL string `json:"wechat_connect_frontend_redirect_url"`
|
||||
|
||||
OIDCConnectEnabled bool `json:"oidc_connect_enabled"`
|
||||
OIDCConnectProviderName string `json:"oidc_connect_provider_name"`
|
||||
OIDCConnectClientID string `json:"oidc_connect_client_id"`
|
||||
|
||||
@@ -84,12 +84,17 @@ func TestSettingHandler_GetPublicSettings_ExposesForceEmailOnThirdPartySignup(t
|
||||
|
||||
func TestSettingHandler_GetPublicSettings_ExposesWeChatOAuthModeCapabilities(t *testing.T) {
|
||||
gin.SetMode(gin.TestMode)
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_ID", "wx-open-app")
|
||||
t.Setenv("WECHAT_OAUTH_OPEN_APP_SECRET", "wx-open-secret")
|
||||
t.Setenv("WECHAT_OAUTH_MP_APP_ID", "")
|
||||
t.Setenv("WECHAT_OAUTH_MP_APP_SECRET", "")
|
||||
|
||||
h := NewSettingHandler(service.NewSettingService(&settingHandlerPublicRepoStub{}, &config.Config{}), "test-version")
|
||||
h := NewSettingHandler(service.NewSettingService(&settingHandlerPublicRepoStub{
|
||||
values: map[string]string{
|
||||
service.SettingKeyWeChatConnectEnabled: "true",
|
||||
service.SettingKeyWeChatConnectAppID: "wx-mp-app",
|
||||
service.SettingKeyWeChatConnectAppSecret: "wx-mp-secret",
|
||||
service.SettingKeyWeChatConnectMode: "mp",
|
||||
service.SettingKeyWeChatConnectScopes: "snsapi_base",
|
||||
service.SettingKeyWeChatConnectRedirectURL: "https://api.example.com/api/v1/auth/oauth/wechat/callback",
|
||||
service.SettingKeyWeChatConnectFrontendRedirectURL: "/auth/wechat/callback",
|
||||
},
|
||||
}, &config.Config{}), "test-version")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(recorder)
|
||||
@@ -110,6 +115,6 @@ func TestSettingHandler_GetPublicSettings_ExposesWeChatOAuthModeCapabilities(t *
|
||||
require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &resp))
|
||||
require.Equal(t, 0, resp.Code)
|
||||
require.True(t, resp.Data.WeChatOAuthEnabled)
|
||||
require.True(t, resp.Data.WeChatOAuthOpenEnabled)
|
||||
require.False(t, resp.Data.WeChatOAuthMPEnabled)
|
||||
require.False(t, resp.Data.WeChatOAuthOpenEnabled)
|
||||
require.True(t, resp.Data.WeChatOAuthMPEnabled)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user