improve test coverage

ory · Jul 2, 2024 · 6c8f8a1 · 6c8f8a1
1 parent 265bd01
commit 6c8f8a1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 10 deletions.
diff --git a/selfservice/hook/password_migration_hook.go b/selfservice/hook/password_migration_hook.go
@@ -75,15 +75,6 @@ func (p *PasswordMigration) Execute(ctx context.Context, data *PasswordMigration
 
 	resp, err := httpClient.Do(req)
 	if err != nil {
-		if isTimeoutError(err) {
-			return herodot.DefaultError{
-				CodeField:     http.StatusGatewayTimeout,
-				StatusField:   http.StatusText(http.StatusGatewayTimeout),
-				GRPCCodeField: grpccodes.DeadlineExceeded,
-				ReasonField:   "A third-party upstream service could not be reached. Please try again later.",
-				ErrorField:    "calling the password migration hook failed",
-			}.WithWrap(errors.WithStack(err))
-		}
 		return herodot.DefaultError{
 			CodeField:     http.StatusBadGateway,
 			StatusField:   http.StatusText(http.StatusBadGateway),

diff --git a/selfservice/strategy/password/login.go b/selfservice/strategy/password/login.go
@@ -86,7 +86,6 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
 	if o.ShouldUsePasswordMigrationHook() {
 		pwHook := s.d.Config().PasswordMigrationHook(r.Context())
 		if !pwHook.Enabled {
-			// TODO: How can we make sure this does not trigger on-call?
 			return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Password migration hook is not enabled but password migration is requested."))
 		}
 

diff --git a/selfservice/strategy/password/login_test.go b/selfservice/strategy/password/login_test.go
@@ -882,6 +882,9 @@ func TestCompleteLogin(t *testing.T) {
 				_, _ = io.WriteString(w, `{"status":"password_match"}`)
 
 			// Set up diverse fake passwords to trigger special response status codes:
+			case "timeout":
+				// We'll just block until the request gets cancelled
+				<-r.Context().Done()
 			case "500":
 				w.WriteHeader(http.StatusInternalServerError)
 			case "201":
@@ -905,6 +908,7 @@ func TestCompleteLogin(t *testing.T) {
 		for _, tc := range []struct {
 			name              string
 			addPassword       func(identifier, password string)
+			setupFn           func() func()
 			credentialsConfig string
 			expectSuccess     bool
 		}{{
@@ -937,9 +941,25 @@ func TestCompleteLogin(t *testing.T) {
 			credentialsConfig: `{"use_password_migration_hook": true, "hashed_password":"hash"}`,
 			addPassword:       func(identifier, password string) { passwordDB[identifier] = password },
 			expectSuccess:     false,
+		}, {
+			name:              "should not call migration hook if disabled",
+			credentialsConfig: `{"use_password_migration_hook": true}`,
+			addPassword:       func(identifier, password string) { passwordDB[identifier] = password },
+			setupFn: func() func() {
+				require.NoError(t, reg.Config().Set(ctx, config.ViperKeyPasswordMigrationHook+".enabled", false))
+				return func() {
+					require.NoError(t, reg.Config().Set(ctx, config.ViperKeyPasswordMigrationHook+".enabled", true))
+				}
+			},
+			expectSuccess: false,
 		}} {
 
 			t.Run("case="+tc.name, func(t *testing.T) {
+				if tc.setupFn != nil {
+					cleanup := tc.setupFn()
+					t.Cleanup(cleanup)
+				}
+
 				identifier := x.NewUUID().String()
 				password := x.NewUUID().String()
 				if tc.addPassword != nil {