func newServer(c *Context, e *empire.Empire) http.Handler {
var opts server.Options
opts.GitHub.Webhooks.Secret = c.String(FlagGithubWebhooksSecret)
opts.GitHub.Deployments.Environments = strings.Split(c.String(FlagGithubDeploymentsEnvironments), ",")
opts.GitHub.Deployments.ImageBuilder = newImageBuilder(c)
opts.GitHub.Deployments.TugboatURL = c.String(FlagGithubDeploymentsTugboatURL)
s := server.New(e, opts)
s.URL = c.URL(FlagURL)
s.Heroku.Auth = newAuth(c, e)
s.Heroku.Secret = []byte(c.String(FlagSecret))
sp, err := c.SAMLServiceProvider()
if err != nil {
panic(err)
}
if sp != nil {
s.ServiceProvider = sp
s.Heroku.Unauthorized = heroku.SAMLUnauthorized(c.String(FlagURL) + "/saml/login")
}
h := middleware.Common(s)
return middleware.Handler(c, h)
}
func TestLoginSAML(t *testing.T) {
cli := newCLI(t)
defer cli.Close()
loginURL := fmt.Sprintf("%s/saml/login", cli.Server.URL())
cli.Server.Heroku.Unauthorized = heroku.SAMLUnauthorized(loginURL)
idp := empiretest.NewIdentityProvider()
defer idp.Close()
cli.Server.ServiceProvider = idp.AddServiceProvider(cli.Server.URL())
cli.Start()
cli.RunCommands(t, []Command{
{
"apps",
fmt.Errorf("error: Request not authenticated, API token is missing, invalid or expired. Login at %s", loginURL),
},
})
// Get an API token via a SAML service provider initiated login. This
// simulates the user clicking the link returned above.
token, err := serviceProviderLogin(loginURL)
if err != nil {
t.Fatal(err)
}
if err := cli.Authorize("dummy", token); err != nil {
t.Fatal(err)
}
// CLI should not be authenticated.
cli.RunCommands(t, []Command{
{
"apps",
"",
},
})
}