diff --git a/nixos/tests/dex-oidc.nix b/nixos/tests/dex-oidc.nix index e54ae18ca937..d3baa4fbf245 100644 --- a/nixos/tests/dex-oidc.nix +++ b/nixos/tests/dex-oidc.nix @@ -57,15 +57,16 @@ import ./make-test-python.nix ({ lib, ... }: { testScript = '' with subtest("Web server gets ready"): - machine.wait_for_unit("dex.service") + machine.wait_for_unit("dex.service", timeout=120) # Wait until server accepts connections - machine.wait_until_succeeds("curl -fs 'localhost:8080/dex/auth/mock?client_id=oidcclient&response_type=code&redirect_uri=https://example.com/callback&scope=openid'") + machine.wait_until_succeeds("curl -fs 'localhost:8080/dex/auth/mock?client_id=oidcclient&response_type=code&redirect_uri=https://example.com/callback&scope=openid'", timeout=120) with subtest("Login"): state = machine.succeed("curl -fs 'localhost:8080/dex/auth/mock?client_id=oidcclient&response_type=code&redirect_uri=https://example.com/callback&scope=openid' | sed -n 's/.*state=\\(.*\\)\">.*/\\1/p'").strip() print(f"Got state {state}") - machine.succeed(f"curl -fs 'localhost:8080/dex/auth/mock/login?back=&state={state}' -d 'login=admin&password=password'") - code = machine.succeed(f"curl -fs localhost:8080/dex/approval?req={state} | sed -n 's/.*code=\\(.*\\)&.*/\\1/p'").strip() + # Login request returns 303 with redirect_url that has code as query parameter: + # https://example.com/callback?code=kibsamwdupuy2iwqnlbqei3u6&state= + code = machine.succeed(f"curl -fs 'localhost:8080/dex/auth/mock/login?back=&state={state}' -d 'login=admin&password=password' -w '%{{redirect_url}}' | sed -n 's/.*code=\\(.*\\)&.*/\\1/p'") print(f"Got approval code {code}") bearer = machine.succeed(f"curl -fs localhost:8080/dex/token -u oidcclient:oidcclientsecret -d 'grant_type=authorization_code&redirect_uri=https://example.com/callback&code={code}' | jq .access_token -r").strip() print(f"Got access token {bearer}")