Example #1
0
func newServer(c *Context, e *empire.Empire) http.Handler {
	var opts server.Options
	opts.GitHub.Webhooks.Secret = c.String(FlagGithubWebhooksSecret)
	opts.GitHub.Deployments.Environments = strings.Split(c.String(FlagGithubDeploymentsEnvironments), ",")
	opts.GitHub.Deployments.ImageBuilder = newImageBuilder(c)
	opts.GitHub.Deployments.TugboatURL = c.String(FlagGithubDeploymentsTugboatURL)

	s := server.New(e, opts)
	s.URL = c.URL(FlagURL)
	s.Heroku.Auth = newAuth(c, e)
	s.Heroku.Secret = []byte(c.String(FlagSecret))

	sp, err := c.SAMLServiceProvider()
	if err != nil {
		panic(err)
	}

	if sp != nil {
		s.ServiceProvider = sp
		s.Heroku.Unauthorized = heroku.SAMLUnauthorized(c.String(FlagURL) + "/saml/login")
	}

	h := middleware.Common(s)
	return middleware.Handler(c, h)
}
Example #2
0
func TestLoginSAML(t *testing.T) {
	cli := newCLI(t)
	defer cli.Close()

	loginURL := fmt.Sprintf("%s/saml/login", cli.Server.URL())
	cli.Server.Heroku.Unauthorized = heroku.SAMLUnauthorized(loginURL)

	idp := empiretest.NewIdentityProvider()
	defer idp.Close()
	cli.Server.ServiceProvider = idp.AddServiceProvider(cli.Server.URL())

	cli.Start()

	cli.RunCommands(t, []Command{
		{
			"apps",
			fmt.Errorf("error: Request not authenticated, API token is missing, invalid or expired. Login at %s", loginURL),
		},
	})

	// Get an API token via a SAML service provider initiated login. This
	// simulates the user clicking the link returned above.
	token, err := serviceProviderLogin(loginURL)
	if err != nil {
		t.Fatal(err)
	}

	if err := cli.Authorize("dummy", token); err != nil {
		t.Fatal(err)
	}

	// CLI should not be authenticated.
	cli.RunCommands(t, []Command{
		{
			"apps",
			"",
		},
	})
}