internal: add tests to go flow executor (#9219)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

.github/workflows/repo-stale.yml

@@ -23,7 +23,7 @@ jobs:
           repo-token: ${{ steps.generate_token.outputs.token }}
           days-before-stale: 60
           days-before-close: 7
-          exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question
+          exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question,status/reviewing
           stale-issue-label: wontfix
           stale-issue-message: >
             This issue has been automatically marked as stale because it has not had

internal/outpost/flow/executor.go

@@ -86,7 +86,9 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config
 		Jar:       jar,
 		Transport: fe,
 	}
-	fe.token = strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1]
+	if authz, ok := refConfig.DefaultHeader["Authorization"]; ok {
+		fe.token = strings.Split(authz, " ")[1]
+	}
 	config.AddDefaultHeader(HeaderAuthentikOutpostToken, fe.token)
 	fe.api = api.NewAPIClient(config)
 	return fe

internal/outpost/flow/solvers_mfa_test.go

@@ -0,0 +1,68 @@
+package flow_test
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/gorilla/securecookie"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"
+	"goauthentik.io/api/v3"
+	"goauthentik.io/internal/outpost/flow"
+)
+
+func testSecret() string {
+	return base64.RawURLEncoding.EncodeToString(securecookie.GenerateRandomKey(32))
+}
+
+func TestFlowExecutor_SetSecrets_Plain(t *testing.T) {
+	fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{})
+	pw := testSecret()
+	fe.SetSecrets(pw, false)
+	assert.Equal(t, pw, fe.Answers[flow.StagePassword])
+	assert.Equal(t, pw, fe.Answers[flow.StageAuthenticatorValidate])
+}
+
+func TestFlowExecutor_SetSecrets_TOTP_6(t *testing.T) {
+	fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{})
+	pw := testSecret()
+	totp := 123456
+	formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp)
+	fe.SetSecrets(formatted, true)
+	assert.Equal(t, pw, fe.Answers[flow.StagePassword])
+	assert.Equal(t, strconv.Itoa(totp), fe.Answers[flow.StageAuthenticatorValidate])
+}
+
+func TestFlowExecutor_SetSecrets_TOTP_8(t *testing.T) {
+	fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{})
+	pw := testSecret()
+	totp := 12345678
+	formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp)
+	fe.SetSecrets(formatted, true)
+	assert.Equal(t, pw, fe.Answers[flow.StagePassword])
+	assert.Equal(t, strconv.Itoa(totp), fe.Answers[flow.StageAuthenticatorValidate])
+}
+
+func TestFlowExecutor_SetSecrets_TOTP_TooLong(t *testing.T) {
+	fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{})
+	pw := testSecret()
+	totp := 1234567890
+	formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp)
+	fe.SetSecrets(formatted, true)
+	assert.Equal(t, formatted, fe.Answers[flow.StagePassword])
+	assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate])
+}
+
+func TestFlowExecutor_SetSecrets_TOTP_NoCode(t *testing.T) {
+	fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{})
+	pw := testSecret()
+	fe.SetSecrets(pw, true)
+	assert.Equal(t, pw, fe.Answers[flow.StagePassword])
+	assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate])
+	fe.SetSecrets(pw+flow.CodePasswordSeparator, true)
+	assert.Equal(t, pw, fe.Answers[flow.StagePassword])
+	assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate])
+}