zitadel/internal/api/authz/access_token_test.go

package authz

import (
	"context"
	"testing"

	"github.com/zitadel/zitadel/internal/zerrors"
)

func Test_extractBearerToken(t *testing.T) {

	type args struct {
		ctx      context.Context
		token    string
		verifier AccessTokenVerifier
	}
	tests := []struct {
		name    string
		args    args
		wantErr bool
	}{
		{
			name: "no auth header set",
			args: args{
				ctx:   context.Background(),
				token: "",
			},
			wantErr: true,
		},
		{
			name: "wrong auth header set",
			args: args{
				ctx:   context.Background(),
				token: "Basic sds",
			},
			wantErr: true,
		},
		{
			name: "auth header set",
			args: args{
				ctx:   context.Background(),
				token: "Bearer AUTH",
				verifier: AccessTokenVerifierFunc(func(context.Context, string) (string, string, string, string, string, error) {
					return "", "", "", "", "", nil
				}),
			},
			wantErr: false,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			_, err := extractBearerToken(tt.args.token)
			if tt.wantErr && err == nil {
				t.Errorf("got wrong result, should get err: actual: %v ", err)
			}

			if !tt.wantErr && err != nil {
				t.Errorf("got wrong result, should not get err: actual: %v ", err)
			}

			if tt.wantErr && !zerrors.IsUnauthenticated(err) {
				t.Errorf("got wrong err: %v ", err)
			}
		})
	}
}
feat: port reduction (#323) * move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto 2020-07-08 11:56:37 +00:00			`package authz`
feat: add some api packages 2020-03-23 06:01:59 +00:00
			`import (`
			`"context"`
			`"testing"`

refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`"github.com/zitadel/zitadel/internal/zerrors"`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`)`

feat: add SYSTEM_OWNER role (#6765) * define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch> 2023-10-25 15:10:45 +00:00			`func Test_extractBearerToken(t *testing.T) {`
feat: add some api packages 2020-03-23 06:01:59 +00:00
			`type args struct {`
			`ctx context.Context`
			`token string`
feat: add SYSTEM_OWNER role (#6765) * define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch> 2023-10-25 15:10:45 +00:00			`verifier AccessTokenVerifier`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`wantErr bool`
			`}{`
			`{`
			`name: "no auth header set",`
			`args: args{`
			`ctx: context.Background(),`
			`token: "",`
			`},`
			`wantErr: true,`
			`},`
			`{`
			`name: "wrong auth header set",`
			`args: args{`
			`ctx: context.Background(),`
			`token: "Basic sds",`
			`},`
			`wantErr: true,`
			`},`
			`{`
			`name: "auth header set",`
			`args: args{`
			`ctx: context.Background(),`
			`token: "Bearer AUTH",`
feat: add SYSTEM_OWNER role (#6765) * define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch> 2023-10-25 15:10:45 +00:00			`verifier: AccessTokenVerifierFunc(func(context.Context, string) (string, string, string, string, string, error) {`
			`return "", "", "", "", "", nil`
			`}),`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`},`
			`wantErr: false,`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
feat: add SYSTEM_OWNER role (#6765) * define roles and permissions * support system user memberships * don't limit system users * cleanup permissions * restrict memberships to aggregates * default to SYSTEM_OWNER * update unit tests * test: system user token test (#6778) * update unit tests * refactor: make authz testable * move session constants * cleanup * comment * comment * decode member type string to enum (#6780) * decode member type string to enum * handle all membership types * decode enums where necessary * decode member type in steps config * update system api docs * add technical advisory * tweak docs a bit * comment in comment * lint * extract token from Bearer header prefix * review changes * fix tests * fix: add fix for activityhandler * add isSystemUser * remove IsSystemUser from activity info * fix: add fix for activityhandler --------- Co-authored-by: Stefan Benz <stefan@caos.ch> 2023-10-25 15:10:45 +00:00			`_, err := extractBearerToken(tt.args.token)`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`if tt.wantErr && err == nil {`
			`t.Errorf("got wrong result, should get err: actual: %v ", err)`
			`}`

			`if !tt.wantErr && err != nil {`
			`t.Errorf("got wrong result, should not get err: actual: %v ", err)`
			`}`

refactor: rename package errors to zerrors (#7039) * chore: rename package errors to zerrors * rename package errors to gerrors * fix error related linting issues * fix zitadel error assertion * fix gosimple linting issues * fix deprecated linting issues * resolve gci linting issues * fix import structure --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2023-12-08 14:30:55 +00:00			`if tt.wantErr && !zerrors.IsUnauthenticated(err) {`
feat: add some api packages 2020-03-23 06:01:59 +00:00			`t.Errorf("got wrong err: %v ", err)`
			`}`
			`})`
			`}`
			`}`