From 9c337a59b112af1faad6552c986711c103666eda Mon Sep 17 00:00:00 2001 From: Jonas Hungershausen Date: Tue, 14 Oct 2025 18:19:24 -0400 Subject: [PATCH] chore: remove asserts on ory.sh GitOrigin-RevId: 60b1132d0ad8235f7f225d4a3befba96c82e4025 --- selfservice/flow/login/handler_test.go | 29 ++++++++++--------- selfservice/flow/recovery/handler_test.go | 8 +++-- selfservice/flow/registration/handler_test.go | 10 ++++--- selfservice/strategy/code/strategy_test.go | 4 +-- selfservice/strategy/link/strategy_test.go | 4 +-- selfservice/strategy/totp/login_test.go | 10 +++---- x/tests.go | 2 ++ 7 files changed, 37 insertions(+), 30 deletions(-) diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go index 5d03b50f3..0ae0c929f 100644 --- a/selfservice/flow/login/handler_test.go +++ b/selfservice/flow/login/handler_test.go @@ -53,8 +53,9 @@ func TestFlowLifecycle(t *testing.T) { ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin(reg)) loginTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) + returnToTS := testhelpers.NewRedirTS(t, "return_to", conf) errorTS := testhelpers.NewErrorTestServer(t, reg) - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "default", URL: "file://./stub/password.schema.json"}, @@ -209,7 +210,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=reset the session when refresh is true but identity is different", func(t *testing.T) { testhelpers.NewRedirSessionEchoTS(t, reg) t.Cleanup(func() { - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) }) run := func(t *testing.T, tt flow.Type) (string, string) { @@ -270,7 +271,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=changed kratos session identifiers when refresh is true", func(t *testing.T) { t.Cleanup(func() { - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) }) t.Run("type=browser", func(t *testing.T) { @@ -360,7 +361,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("type=browser", func(t *testing.T) { _, res := run(t, flow.TypeBrowser, url.Values{"method": {"password"}}) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) }) @@ -420,7 +421,7 @@ func TestFlowLifecycle(t *testing.T) { conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, config.HighestAvailableAAL) conf.MustSet(ctx, config.ViperKeySessionWhoAmIAAL, config.HighestAvailableAAL) testhelpers.StrategyEnable(t, conf, identity.CredentialsTypeTOTP.String(), true) - conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToTS.URL}) t.Cleanup(func() { conf.MustSet(ctx, config.ViperKeySelfServiceSettingsRequiredAAL, string(identity.AuthenticatorAssuranceLevel1)) @@ -467,7 +468,7 @@ func TestFlowLifecycle(t *testing.T) { testhelpers.MockHydrateCookieClient(t, client, ts.URL+"/mock-session") - settingsURL := ts.URL + settings.RouteInitBrowserFlow + "?return_to=https://www.ory.sh" + settingsURL := ts.URL + settings.RouteInitBrowserFlow + "?return_to=" + url.QueryEscape(returnToTS.URL) req, err := http.NewRequest("GET", settingsURL, nil) require.NoError(t, err) @@ -592,7 +593,7 @@ func TestFlowLifecycle(t *testing.T) { }) t.Run("case=returns session exchange code with any truthy value", func(t *testing.T) { - conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh", "https://example.com"}) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToTS.URL, "https://example.com"}) parameters := []string{"true", "True", "1"} for _, param := range parameters { @@ -705,7 +706,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=redirects if aal2 is requested and set up already without refresh", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"aal": {"aal2"}, "set_aal": {"aal2"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=can not request aal2 on unauthenticated request", func(t *testing.T) { @@ -716,7 +717,7 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=ignores aal1 if session has aal1 already", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"aal": {"aal1"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=aal0 is not a valid value", func(t *testing.T) { @@ -745,12 +746,12 @@ func TestFlowLifecycle(t *testing.T) { t.Run("case=does not set forced flag on authenticated request without refresh=true", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=does not set forced flag on authenticated request with refresh=false", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, url.Values{"refresh": {"false"}}, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=does set forced flag on authenticated request with refresh=true", func(t *testing.T) { @@ -851,7 +852,7 @@ func TestGetFlow(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) public, _ := testhelpers.NewKratosServerWithCSRF(t, reg) _ = testhelpers.NewErrorTestServer(t, reg) - _ = testhelpers.NewRedirTS(t, "", conf) + returnToTS := testhelpers.NewRedirTS(t, "", conf) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/password.schema.json") conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ @@ -868,7 +869,7 @@ func TestGetFlow(t *testing.T) { require.NoError(t, err) })) conf.MustSet(ctx, config.ViperKeySelfServiceLoginUI, ts.URL) - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) t.Cleanup(ts.Close) return ts } @@ -916,7 +917,7 @@ func TestGetFlow(t *testing.T) { }) t.Run("case=expired with return_to and schema_id", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := returnToTS.URL conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) diff --git a/selfservice/flow/recovery/handler_test.go b/selfservice/flow/recovery/handler_test.go index 607164735..cc674050b 100644 --- a/selfservice/flow/recovery/handler_test.go +++ b/selfservice/flow/recovery/handler_test.go @@ -75,8 +75,9 @@ func TestInitFlow(t *testing.T) { router := x.NewRouterPublic(reg) publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin(reg)) recoveryTS := testhelpers.NewRecoveryUIFlowEchoServer(t, reg) + returnToTS := testhelpers.NewRedirTS(t, "", conf) - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") assertion := func(body []byte, isForced, isApi bool) { @@ -169,7 +170,7 @@ func TestInitFlow(t *testing.T) { t.Run("case=fails on authenticated request", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, false, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=relative redirect when self-service recovery ui is a relative URL", func(t *testing.T) { @@ -211,6 +212,7 @@ func TestGetFlow(t *testing.T) { map[string]interface{}{"enabled": true}) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") + returnToTS := testhelpers.NewRedirTS(t, "", conf) public, _ := testhelpers.NewKratosServerWithCSRF(t, reg) _ = testhelpers.NewErrorTestServer(t, reg) _ = testhelpers.NewRedirTS(t, "", conf) @@ -261,7 +263,7 @@ func TestGetFlow(t *testing.T) { }) t.Run("case=expired with return_to", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := returnToTS.URL conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) setupRecoveryTS(t, client) diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go index 63b7bb12c..0458c2aee 100644 --- a/selfservice/flow/registration/handler_test.go +++ b/selfservice/flow/registration/handler_test.go @@ -116,9 +116,10 @@ func TestInitFlow(t *testing.T) { router := x.NewRouterPublic(reg) publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin(reg)) registrationTS := testhelpers.NewRegistrationUIFlowEchoServer(t, reg) + returnToTS := testhelpers.NewRedirTS(t, "return_to", conf) conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) - conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") + conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToTS.URL) conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "default", URL: "file://./stub/registration.schema.json"}, @@ -277,12 +278,12 @@ func TestInitFlow(t *testing.T) { t.Run("case=redirects when already authenticated", func(t *testing.T) { res, _ := initAuthenticatedFlow(t, false, false) - assert.Contains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) }) t.Run("case=responds with error if already authenticated and SPA", func(t *testing.T) { res, body := initAuthenticatedFlow(t, false, true) - assert.NotContains(t, res.Request.URL.String(), "https://www.ory.sh") + assert.NotContains(t, res.Request.URL.String(), returnToTS.URL) assert.Equal(t, http.StatusBadRequest, res.StatusCode) assertx.EqualAsJSON(t, registration.ErrAlreadyLoggedIn, json.RawMessage(gjson.GetBytes(body, "error").Raw), "%s", body) }) @@ -378,6 +379,7 @@ func TestGetFlow(t *testing.T) { ctx := context.Background() conf, reg := internal.NewFastRegistryWithMocks(t) conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) + returnToTS := testhelpers.NewRedirTS(t, "return_to", conf) conf.MustSet(ctx, config.ViperKeyIdentitySchemas, config.Schemas{ {ID: "email", URL: "file://./stub/registration.schema.json", SelfserviceSelectable: true}, @@ -440,7 +442,7 @@ func TestGetFlow(t *testing.T) { }) t.Run("case=expired with return_to and identity_schema", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := returnToTS.URL conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnTo}) client := testhelpers.NewClientWithCookies(t) diff --git a/selfservice/strategy/code/strategy_test.go b/selfservice/strategy/code/strategy_test.go index ac325af26..720ae011f 100644 --- a/selfservice/strategy/code/strategy_test.go +++ b/selfservice/strategy/code/strategy_test.go @@ -22,8 +22,8 @@ import ( func initViper(t *testing.T, ctx context.Context, c *config.Config) { testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json") - c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") - c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) + c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.com") + c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.com"}) c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true) c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(recovery.RecoveryStrategyCode)+".enabled", true) c.MustSet(ctx, config.ViperKeySelfServiceRecoveryEnabled, true) diff --git a/selfservice/strategy/link/strategy_test.go b/selfservice/strategy/link/strategy_test.go index ce09f285e..d9abda437 100644 --- a/selfservice/strategy/link/strategy_test.go +++ b/selfservice/strategy/link/strategy_test.go @@ -17,8 +17,8 @@ import ( func initViper(t *testing.T, c *config.Config) { ctx := context.Background() testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json") - c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh") - c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) + c.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.com") + c.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.com"}) c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true) c.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(recovery.RecoveryStrategyLink)+".enabled", true) c.MustSet(ctx, config.ViperKeySelfServiceRecoveryUse, "link") diff --git a/selfservice/strategy/totp/login_test.go b/selfservice/strategy/totp/login_test.go index a2036a942..a6471b3a8 100644 --- a/selfservice/strategy/totp/login_test.go +++ b/selfservice/strategy/totp/login_test.go @@ -92,14 +92,14 @@ func TestCompleteLogin(t *testing.T) { conf, reg := internal.NewFastRegistryWithMocks(t) conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true}) conf.MustSet(ctx, config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true}) - conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"}) + redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{redirTS.URL + "/return-to-wherever"}) router := x.NewRouterPublic(reg) publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin(reg)) errTS := testhelpers.NewErrorTestServer(t, reg) uiTS := testhelpers.NewLoginUIFlowEchoServer(t, reg) - redirTS := testhelpers.NewRedirSessionEchoTS(t, reg) // Overwrite these two to make it more explicit when tests fail conf.MustSet(ctx, config.ViperKeySelfServiceErrorUI, errTS.URL+"/error-ts") @@ -347,7 +347,7 @@ func TestCompleteLogin(t *testing.T) { }) t.Run("type=browser set return_to", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := redirTS.URL + "/return-to-wherever" body, res := doBrowserFlow(t, false, payload, id, returnTo) t.Log(res.Request.URL.String()) assert.Contains(t, res.Request.URL.String(), returnTo) @@ -362,7 +362,7 @@ func TestCompleteLogin(t *testing.T) { }) t.Run("type=spa set return_to", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := redirTS.URL + "/return-to-wherever" body, res := doBrowserFlow(t, true, payload, id, returnTo) check(t, false, body, res) assert.EqualValues(t, flow.ContinueWithActionRedirectBrowserToString, gjson.Get(body, "continue_with.0.action").String(), "%s", body) @@ -430,7 +430,7 @@ func TestCompleteLogin(t *testing.T) { id, pwd, _ := createIdentity(t, reg) t.Run("type=browser", func(t *testing.T) { - returnTo := "https://www.ory.sh" + returnTo := redirTS.URL + "/return-to-wherever" browserClient := testhelpers.NewClientWithCookies(t) f := testhelpers.InitializeLoginFlowViaBrowser(t, browserClient, publicTS, false, false, false, false, testhelpers.InitFlowWithReturnTo(returnTo)) diff --git a/x/tests.go b/x/tests.go index 6bfd86db6..8657b4f81 100644 --- a/x/tests.go +++ b/x/tests.go @@ -16,3 +16,5 @@ func MustEncodeJSON(t *testing.T, in interface{}) string { require.NoError(t, json.NewEncoder(&b).Encode(in)) return b.String() } + +const HostedHttpBin = "https://ory-network-httpbin-ijakee5waq-ez.a.run.app"