fix: remove shared mutable state between oidc tests

ethanndickson · ethanndickson · commit 509042e5b00a · 2025-04-01T02:16:02.000Z
diff --git a/coderd/userauth_test.go b/coderd/userauth_test.go
@@ -1988,30 +1988,36 @@ func TestUserLogout(t *testing.T) {
 func TestOIDCDomainErrorMessage(t *testing.T) {
 	t.Parallel()
 
-	fake := oidctest.NewFakeIDP(t, oidctest.WithServing())
-
 	allowedDomains := []string{"allowed1.com", "allowed2.org", "company.internal"}
-	cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) {
-		cfg.EmailDomain = allowedDomains
-		cfg.AllowSignups = true
-	})
 
-	server := coderdtest.New(t, &coderdtest.Options{
-		OIDCConfig: cfg,
-	})
+	setup := func() (*oidctest.FakeIDP, *codersdk.Client) {
+		fake := oidctest.NewFakeIDP(t, oidctest.WithServing())
+
+		cfg := fake.OIDCConfig(t, nil, func(cfg *coderd.OIDCConfig) {
+			cfg.EmailDomain = allowedDomains
+			cfg.AllowSignups = true
+		})
+
+		client := coderdtest.New(t, &coderdtest.Options{
+			OIDCConfig: cfg,
+		})
+		return fake, client
+	}
 
 	// Test case 1: Email domain not in allowed list
 	t.Run("ErrorMessageOmitsDomains", func(t *testing.T) {
 		t.Parallel()
 
+		fake, client := setup()
+
 		// Prepare claims with email from unauthorized domain
 		claims := jwt.MapClaims{
 			"email":          "user@unauthorized.com",
 			"email_verified": true,
 			"sub":            uuid.NewString(),
 		}
 
-		_, resp := fake.AttemptLogin(t, server, claims)
+		_, resp := fake.AttemptLogin(t, client, claims)
 		defer resp.Body.Close()
 
 		require.Equal(t, http.StatusForbidden, resp.StatusCode)
@@ -2031,14 +2037,16 @@ func TestOIDCDomainErrorMessage(t *testing.T) {
 	t.Run("MalformedEmailErrorOmitsDomains", func(t *testing.T) {
 		t.Parallel()
 
+		fake, client := setup()
+
 		// Prepare claims with an invalid email format (no @ symbol)
 		claims := jwt.MapClaims{
 			"email":          "invalid-email-without-domain",
 			"email_verified": true,
 			"sub":            uuid.NewString(),
 		}
 
-		_, resp := fake.AttemptLogin(t, server, claims)
+		_, resp := fake.AttemptLogin(t, client, claims)
 		defer resp.Body.Close()
 
 		require.Equal(t, http.StatusForbidden, resp.StatusCode)
