func newServer(c *Context, e *empire.Empire) http.Handler { var opts server.Options opts.GitHub.Webhooks.Secret = c.String(FlagGithubWebhooksSecret) opts.GitHub.Deployments.Environments = strings.Split(c.String(FlagGithubDeploymentsEnvironments), ",") opts.GitHub.Deployments.ImageBuilder = newImageBuilder(c) opts.GitHub.Deployments.TugboatURL = c.String(FlagGithubDeploymentsTugboatURL) s := server.New(e, opts) s.URL = c.URL(FlagURL) s.Heroku.Auth = newAuth(c, e) s.Heroku.Secret = []byte(c.String(FlagSecret)) sp, err := c.SAMLServiceProvider() if err != nil { panic(err) } if sp != nil { s.ServiceProvider = sp s.Heroku.Unauthorized = heroku.SAMLUnauthorized(c.String(FlagURL) + "/saml/login") } h := middleware.Common(s) return middleware.Handler(c, h) }
func TestLoginSAML(t *testing.T) { cli := newCLI(t) defer cli.Close() loginURL := fmt.Sprintf("%s/saml/login", cli.Server.URL()) cli.Server.Heroku.Unauthorized = heroku.SAMLUnauthorized(loginURL) idp := empiretest.NewIdentityProvider() defer idp.Close() cli.Server.ServiceProvider = idp.AddServiceProvider(cli.Server.URL()) cli.Start() cli.RunCommands(t, []Command{ { "apps", fmt.Errorf("error: Request not authenticated, API token is missing, invalid or expired. Login at %s", loginURL), }, }) // Get an API token via a SAML service provider initiated login. This // simulates the user clicking the link returned above. token, err := serviceProviderLogin(loginURL) if err != nil { t.Fatal(err) } if err := cli.Authorize("dummy", token); err != nil { t.Fatal(err) } // CLI should not be authenticated. cli.RunCommands(t, []Command{ { "apps", "", }, }) }