zitadel/internal/idp/providers/oidc/oidc_test.go

package oidc

import (
	"context"
	"testing"

	"github.com/h2non/gock"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/zitadel/oidc/v2/pkg/client/rp"
	"github.com/zitadel/oidc/v2/pkg/oidc"

	"github.com/zitadel/zitadel/internal/idp"
)

func TestProvider_BeginAuth(t *testing.T) {
	type fields struct {
		name         string
		issuer       string
		clientID     string
		clientSecret string
		redirectURI  string
		scopes       []string
		userMapper   func(info oidc.UserInfo) idp.User
		httpMock     func(issuer string)
		opts         []ProviderOpts
	}
	tests := []struct {
		name   string
		fields fields
		want   idp.Session
	}{
		{
			name: "successful auth",
			fields: fields{
				name:         "oidc",
				issuer:       "https://issuer.com",
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				scopes:       []string{"openid"},
				userMapper:   DefaultMapper,
				httpMock: func(issuer string) {
					gock.New(issuer).
						Get(oidc.DiscoveryEndpoint).
						Reply(200).
						JSON(&oidc.DiscoveryConfiguration{
							Issuer:                issuer,
							AuthorizationEndpoint: issuer + "/authorize",
							TokenEndpoint:         issuer + "/token",
							UserinfoEndpoint:      issuer + "/userinfo",
						})
				},
				opts: []ProviderOpts{WithSelectAccount()},
			},
			want: &Session{AuthURL: "https://issuer.com/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState"},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			defer gock.Off()
			tt.fields.httpMock(tt.fields.issuer)
			a := assert.New(t)
			r := require.New(t)

			provider, err := New(tt.fields.name, tt.fields.issuer, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.userMapper, tt.fields.opts...)
			r.NoError(err)

			session, err := provider.BeginAuth(context.Background(), "testState")
			r.NoError(err)

			a.Equal(tt.want.GetAuthURL(), session.GetAuthURL())
		})
	}
}

func TestProvider_Options(t *testing.T) {
	type fields struct {
		name         string
		issuer       string
		clientID     string
		clientSecret string
		redirectURI  string
		scopes       []string
		userMapper   func(info oidc.UserInfo) idp.User
		opts         []ProviderOpts
		httpMock     func(issuer string)
	}
	type want struct {
		name            string
		linkingAllowed  bool
		creationAllowed bool
		autoCreation    bool
		autoUpdate      bool
		pkce            bool
	}
	tests := []struct {
		name   string
		fields fields
		want   want
	}{
		{
			name: "default",
			fields: fields{
				name:         "oidc",
				issuer:       "https://issuer.com",
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				scopes:       []string{"openid"},
				userMapper:   DefaultMapper,
				opts:         nil,
				httpMock: func(issuer string) {
					gock.New(issuer).
						Get(oidc.DiscoveryEndpoint).
						Reply(200).
						JSON(&oidc.DiscoveryConfiguration{
							Issuer:                issuer,
							AuthorizationEndpoint: issuer + "/authorize",
							TokenEndpoint:         issuer + "/token",
							UserinfoEndpoint:      issuer + "/userinfo",
						})
				},
			},
			want: want{
				name:            "oidc",
				linkingAllowed:  false,
				creationAllowed: false,
				autoCreation:    false,
				autoUpdate:      false,
				pkce:            false,
			},
		},
		{
			name: "all true",
			fields: fields{
				name:         "oidc",
				issuer:       "https://issuer.com",
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				scopes:       []string{"openid"},
				userMapper:   DefaultMapper,
				opts: []ProviderOpts{
					WithLinkingAllowed(),
					WithCreationAllowed(),
					WithAutoCreation(),
					WithAutoUpdate(),
					WithRelyingPartyOption(rp.WithPKCE(nil)),
				},
				httpMock: func(issuer string) {
					gock.New(issuer).
						Get(oidc.DiscoveryEndpoint).
						Reply(200).
						JSON(&oidc.DiscoveryConfiguration{
							Issuer:                issuer,
							AuthorizationEndpoint: issuer + "/authorize",
							TokenEndpoint:         issuer + "/token",
							UserinfoEndpoint:      issuer + "/userinfo",
						})
				},
			},
			want: want{
				name:            "oidc",
				linkingAllowed:  true,
				creationAllowed: true,
				autoCreation:    true,
				autoUpdate:      true,
				pkce:            true,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			defer gock.Off()
			tt.fields.httpMock(tt.fields.issuer)
			a := assert.New(t)

			provider, err := New(tt.fields.name, tt.fields.issuer, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.userMapper, tt.fields.opts...)
			require.NoError(t, err)

			a.Equal(tt.want.name, provider.Name())
			a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
			a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
			a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
			a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
		})
	}
}
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`package oidc`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/h2non/gock"`
			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`"github.com/zitadel/oidc/v2/pkg/client/rp"`
			`"github.com/zitadel/oidc/v2/pkg/oidc"`

			`"github.com/zitadel/zitadel/internal/idp"`
			`)`

			`func TestProvider_BeginAuth(t *testing.T) {`
			`type fields struct {`
			`name string`
			`issuer string`
			`clientID string`
			`clientSecret string`
			`redirectURI string`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`scopes []string`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`userMapper func(info oidc.UserInfo) idp.User`
			`httpMock func(issuer string)`
feat: add gitlab provider templates (#5405) * feat(api): add google provider template * refactor reduce functions * handle removed event * linting * fix projection * feat(api): add generic oauth provider template * feat(api): add github provider templates * feat(api): add github provider templates * fixes * proto comment * fix filtering * requested changes * feat(api): add generic oauth provider template * remove wrongly committed message * increase budget for angular build * fix linting * fixes * fix merge * fix merge * fix projection * fix merge * updates from previous PRs * enable github providers in login * fix merge * fix test and add github styling in login * cleanup * feat(api): add gitlab provider templates * fix: merge * fix display of providers in login * implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it * fix merge * fix merge and add tests for command side * requested changes * requested changes * Update internal/query/idp_template.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix merge * requested changes --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-13 16:34:29 +00:00			`opts []ProviderOpts`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`want idp.Session`
			`}{`
			`{`
			`name: "successful auth",`
			`fields: fields{`
			`name: "oidc",`
			`issuer: "https://issuer.com",`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`scopes: []string{"openid"},`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`userMapper: DefaultMapper,`
			`httpMock: func(issuer string) {`
			`gock.New(issuer).`
			`Get(oidc.DiscoveryEndpoint).`
			`Reply(200).`
			`JSON(&oidc.DiscoveryConfiguration{`
			`Issuer: issuer,`
			`AuthorizationEndpoint: issuer + "/authorize",`
			`TokenEndpoint: issuer + "/token",`
			`UserinfoEndpoint: issuer + "/userinfo",`
			`})`
			`},`
feat: add gitlab provider templates (#5405) * feat(api): add google provider template * refactor reduce functions * handle removed event * linting * fix projection * feat(api): add generic oauth provider template * feat(api): add github provider templates * feat(api): add github provider templates * fixes * proto comment * fix filtering * requested changes * feat(api): add generic oauth provider template * remove wrongly committed message * increase budget for angular build * fix linting * fixes * fix merge * fix merge * fix projection * fix merge * updates from previous PRs * enable github providers in login * fix merge * fix test and add github styling in login * cleanup * feat(api): add gitlab provider templates * fix: merge * fix display of providers in login * implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it * fix merge * fix merge and add tests for command side * requested changes * requested changes * Update internal/query/idp_template.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix merge * requested changes --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-13 16:34:29 +00:00			`opts: []ProviderOpts{WithSelectAccount()},`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`},`
fix(providers): set prompt select_account again (#5329) 2023-03-01 07:17:51 +00:00			`want: &Session{AuthURL: "https://issuer.com/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState"},`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`defer gock.Off()`
			`tt.fields.httpMock(tt.fields.issuer)`
			`a := assert.New(t)`
			`r := require.New(t)`

feat: add gitlab provider templates (#5405) * feat(api): add google provider template * refactor reduce functions * handle removed event * linting * fix projection * feat(api): add generic oauth provider template * feat(api): add github provider templates * feat(api): add github provider templates * fixes * proto comment * fix filtering * requested changes * feat(api): add generic oauth provider template * remove wrongly committed message * increase budget for angular build * fix linting * fixes * fix merge * fix merge * fix projection * fix merge * updates from previous PRs * enable github providers in login * fix merge * fix test and add github styling in login * cleanup * feat(api): add gitlab provider templates * fix: merge * fix display of providers in login * implement gitlab in login and make prompt `select_account` optional since gitlab can't handle it * fix merge * fix merge and add tests for command side * requested changes * requested changes * Update internal/query/idp_template.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix merge * requested changes --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-13 16:34:29 +00:00			`provider, err := New(tt.fields.name, tt.fields.issuer, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.userMapper, tt.fields.opts...)`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`r.NoError(err)`

			`session, err := provider.BeginAuth(context.Background(), "testState")`
			`r.NoError(err)`

			`a.Equal(tt.want.GetAuthURL(), session.GetAuthURL())`
			`})`
			`}`
			`}`

			`func TestProvider_Options(t *testing.T) {`
			`type fields struct {`
			`name string`
			`issuer string`
			`clientID string`
			`clientSecret string`
			`redirectURI string`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`scopes []string`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`userMapper func(info oidc.UserInfo) idp.User`
			`opts []ProviderOpts`
			`httpMock func(issuer string)`
			`}`
			`type want struct {`
			`name string`
			`linkingAllowed bool`
			`creationAllowed bool`
			`autoCreation bool`
			`autoUpdate bool`
			`pkce bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`want want`
			`}{`
			`{`
			`name: "default",`
			`fields: fields{`
			`name: "oidc",`
			`issuer: "https://issuer.com",`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`scopes: []string{"openid"},`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`userMapper: DefaultMapper,`
			`opts: nil,`
			`httpMock: func(issuer string) {`
			`gock.New(issuer).`
			`Get(oidc.DiscoveryEndpoint).`
			`Reply(200).`
			`JSON(&oidc.DiscoveryConfiguration{`
			`Issuer: issuer,`
			`AuthorizationEndpoint: issuer + "/authorize",`
			`TokenEndpoint: issuer + "/token",`
			`UserinfoEndpoint: issuer + "/userinfo",`
			`})`
			`},`
			`},`
			`want: want{`
			`name: "oidc",`
			`linkingAllowed: false,`
			`creationAllowed: false,`
			`autoCreation: false,`
			`autoUpdate: false,`
			`pkce: false,`
			`},`
			`},`
			`{`
			`name: "all true",`
			`fields: fields{`
			`name: "oidc",`
			`issuer: "https://issuer.com",`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`scopes: []string{"openid"},`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`userMapper: DefaultMapper,`
			`opts: []ProviderOpts{`
			`WithLinkingAllowed(),`
			`WithCreationAllowed(),`
			`WithAutoCreation(),`
			`WithAutoUpdate(),`
			`WithRelyingPartyOption(rp.WithPKCE(nil)),`
			`},`
			`httpMock: func(issuer string) {`
			`gock.New(issuer).`
			`Get(oidc.DiscoveryEndpoint).`
			`Reply(200).`
			`JSON(&oidc.DiscoveryConfiguration{`
			`Issuer: issuer,`
			`AuthorizationEndpoint: issuer + "/authorize",`
			`TokenEndpoint: issuer + "/token",`
			`UserinfoEndpoint: issuer + "/userinfo",`
			`})`
			`},`
			`},`
			`want: want{`
			`name: "oidc",`
			`linkingAllowed: true,`
			`creationAllowed: true,`
			`autoCreation: true,`
			`autoUpdate: true,`
			`pkce: true,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`defer gock.Off()`
			`tt.fields.httpMock(tt.fields.issuer)`
			`a := assert.New(t)`

feat(login): use new IDP templates (#5315) The login uses the new template based IDPs with backwards compatibility for old IDPs 2023-02-28 20:20:58 +00:00			`provider, err := New(tt.fields.name, tt.fields.issuer, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.userMapper, tt.fields.opts...)`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`require.NoError(t, err)`

			`a.Equal(tt.want.name, provider.Name())`
			`a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())`
			`a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())`
			`a.Equal(tt.want.autoCreation, provider.IsAutoCreation())`
			`a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())`
			`})`
			`}`
			`}`