zitadel/internal/idp/providers/jwt/jwt_test.go

package jwt

import (
	"context"
	"errors"
	"testing"

	"github.com/golang/mock/gomock"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/idp"
)

func TestProvider_BeginAuth(t *testing.T) {
	type fields struct {
		name          string
		issuer        string
		jwtEndpoint   string
		keysEndpoint  string
		headerName    string
		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
	}
	type args struct {
		params []any
	}
	type want struct {
		session idp.Session
		err     func(error) bool
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		want   want
	}{
		{
			name: "missing userAgentID error",
			fields: fields{
				issuer:       "https://jwt.com",
				jwtEndpoint:  "https://auth.com/jwt",
				keysEndpoint: "https://jwt.com/keys",
				headerName:   "jwt-header",
				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
				},
			},
			args: args{
				params: nil,
			},
			want: want{
				err: func(err error) bool {
					return errors.Is(err, ErrMissingUserAgentID)
				},
			},
		},
		{
			name: "invalid userAgentID error",
			fields: fields{
				issuer:       "https://jwt.com",
				jwtEndpoint:  "https://auth.com/jwt",
				keysEndpoint: "https://jwt.com/keys",
				headerName:   "jwt-header",
				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
				},
			},
			args: args{
				params: []any{
					0,
				},
			},
			want: want{
				err: func(err error) bool {
					return errors.Is(err, ErrMissingUserAgentID)
				},
			},
		},
		{
			name: "successful auth",
			fields: fields{
				issuer:       "https://jwt.com",
				jwtEndpoint:  "https://auth.com/jwt",
				keysEndpoint: "https://jwt.com/keys",
				headerName:   "jwt-header",
				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
				},
			},
			args: args{
				params: []any{
					"agent",
				},
			},
			want: want{
				session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=YWdlbnQ"},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			a := assert.New(t)

			provider, err := New(
				tt.fields.name,
				tt.fields.issuer,
				tt.fields.jwtEndpoint,
				tt.fields.keysEndpoint,
				tt.fields.headerName,
				tt.fields.encryptionAlg(t),
			)
			require.NoError(t, err)

			session, err := provider.BeginAuth(context.Background(), "testState", tt.args.params...)
			if tt.want.err != nil && !tt.want.err(err) {
				a.Fail("invalid error", err)
			}
			if tt.want.err == nil {
				a.NoError(err)
				a.Equal(tt.want.session.GetAuthURL(), session.GetAuthURL())
			}
		})
	}
}

func TestProvider_Options(t *testing.T) {
	type fields struct {
		name          string
		issuer        string
		jwtEndpoint   string
		keysEndpoint  string
		headerName    string
		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
		opts          []ProviderOpts
	}
	type want struct {
		name            string
		linkingAllowed  bool
		creationAllowed bool
		autoCreation    bool
		autoUpdate      bool
		pkce            bool
	}
	tests := []struct {
		name   string
		fields fields
		want   want
	}{
		{
			name: "default",
			fields: fields{
				name:         "jwt",
				issuer:       "https://jwt.com",
				jwtEndpoint:  "https://auth.com/jwt",
				keysEndpoint: "https://jwt.com/keys",
				headerName:   "jwt-header",
				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
				},
				opts: nil,
			},
			want: want{
				name:            "jwt",
				linkingAllowed:  false,
				creationAllowed: false,
				autoCreation:    false,
				autoUpdate:      false,
				pkce:            false,
			},
		},
		{
			name: "all true",
			fields: fields{
				name:         "jwt",
				issuer:       "https://jwt.com",
				jwtEndpoint:  "https://auth.com/jwt",
				keysEndpoint: "https://jwt.com/keys",
				headerName:   "jwt-header",
				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
				},
				opts: []ProviderOpts{
					WithLinkingAllowed(),
					WithCreationAllowed(),
					WithAutoCreation(),
					WithAutoUpdate(),
				},
			},
			want: want{
				name:            "jwt",
				linkingAllowed:  true,
				creationAllowed: true,
				autoCreation:    true,
				autoUpdate:      true,
				pkce:            true,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			a := assert.New(t)

			provider, err := New(
				tt.fields.name,
				tt.fields.issuer,
				tt.fields.jwtEndpoint,
				tt.fields.keysEndpoint,
				tt.fields.headerName,
				tt.fields.encryptionAlg(t),
				tt.fields.opts...,
			)
			require.NoError(t, err)

			a.Equal(tt.want.name, provider.Name())
			a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
			a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
			a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
			a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
		})
	}
}
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`package jwt`

			`import (`
			`"context"`
			`"errors"`
			`"testing"`

			`"github.com/golang/mock/gomock"`
			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`

			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/idp"`
			`)`

			`func TestProvider_BeginAuth(t *testing.T) {`
			`type fields struct {`
			`name string`
			`issuer string`
			`jwtEndpoint string`
			`keysEndpoint string`
			`headerName string`
			`encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm`
			`}`
			`type args struct {`
			`params []any`
			`}`
			`type want struct {`
			`session idp.Session`
			`err func(error) bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`want want`
			`}{`
			`{`
			`name: "missing userAgentID error",`
			`fields: fields{`
			`issuer: "https://jwt.com",`
			`jwtEndpoint: "https://auth.com/jwt",`
			`keysEndpoint: "https://jwt.com/keys",`
			`headerName: "jwt-header",`
			`encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {`
			`return crypto.CreateMockEncryptionAlg(gomock.NewController(t))`
			`},`
			`},`
			`args: args{`
			`params: nil,`
			`},`
			`want: want{`
			`err: func(err error) bool {`
			`return errors.Is(err, ErrMissingUserAgentID)`
			`},`
			`},`
			`},`
			`{`
			`name: "invalid userAgentID error",`
			`fields: fields{`
			`issuer: "https://jwt.com",`
			`jwtEndpoint: "https://auth.com/jwt",`
			`keysEndpoint: "https://jwt.com/keys",`
			`headerName: "jwt-header",`
			`encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {`
			`return crypto.CreateMockEncryptionAlg(gomock.NewController(t))`
			`},`
			`},`
			`args: args{`
			`params: []any{`
			`0,`
			`},`
			`},`
			`want: want{`
			`err: func(err error) bool {`
			`return errors.Is(err, ErrMissingUserAgentID)`
			`},`
			`},`
			`},`
			`{`
			`name: "successful auth",`
			`fields: fields{`
			`issuer: "https://jwt.com",`
			`jwtEndpoint: "https://auth.com/jwt",`
			`keysEndpoint: "https://jwt.com/keys",`
			`headerName: "jwt-header",`
			`encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {`
			`return crypto.CreateMockEncryptionAlg(gomock.NewController(t))`
			`},`
			`},`
			`args: args{`
			`params: []any{`
			`"agent",`
			`},`
			`},`
			`want: want{`
			`session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=YWdlbnQ"},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`a := assert.New(t)`

			`provider, err := New(`
			`tt.fields.name,`
			`tt.fields.issuer,`
			`tt.fields.jwtEndpoint,`
			`tt.fields.keysEndpoint,`
			`tt.fields.headerName,`
			`tt.fields.encryptionAlg(t),`
			`)`
			`require.NoError(t, err)`

			`session, err := provider.BeginAuth(context.Background(), "testState", tt.args.params...)`
			`if tt.want.err != nil && !tt.want.err(err) {`
			`a.Fail("invalid error", err)`
			`}`
			`if tt.want.err == nil {`
			`a.NoError(err)`
			`a.Equal(tt.want.session.GetAuthURL(), session.GetAuthURL())`
			`}`
			`})`
			`}`
			`}`

			`func TestProvider_Options(t *testing.T) {`
			`type fields struct {`
			`name string`
			`issuer string`
			`jwtEndpoint string`
			`keysEndpoint string`
			`headerName string`
			`encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm`
			`opts []ProviderOpts`
			`}`
			`type want struct {`
			`name string`
			`linkingAllowed bool`
			`creationAllowed bool`
			`autoCreation bool`
			`autoUpdate bool`
			`pkce bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`want want`
			`}{`
			`{`
			`name: "default",`
			`fields: fields{`
			`name: "jwt",`
			`issuer: "https://jwt.com",`
			`jwtEndpoint: "https://auth.com/jwt",`
			`keysEndpoint: "https://jwt.com/keys",`
			`headerName: "jwt-header",`
			`encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {`
			`return crypto.CreateMockEncryptionAlg(gomock.NewController(t))`
			`},`
			`opts: nil,`
			`},`
			`want: want{`
			`name: "jwt",`
			`linkingAllowed: false,`
			`creationAllowed: false,`
			`autoCreation: false,`
			`autoUpdate: false,`
			`pkce: false,`
			`},`
			`},`
			`{`
			`name: "all true",`
			`fields: fields{`
			`name: "jwt",`
			`issuer: "https://jwt.com",`
			`jwtEndpoint: "https://auth.com/jwt",`
			`keysEndpoint: "https://jwt.com/keys",`
			`headerName: "jwt-header",`
			`encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {`
			`return crypto.CreateMockEncryptionAlg(gomock.NewController(t))`
			`},`
			`opts: []ProviderOpts{`
			`WithLinkingAllowed(),`
			`WithCreationAllowed(),`
			`WithAutoCreation(),`
			`WithAutoUpdate(),`
			`},`
			`},`
			`want: want{`
			`name: "jwt",`
			`linkingAllowed: true,`
			`creationAllowed: true,`
			`autoCreation: true,`
			`autoUpdate: true,`
			`pkce: true,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`a := assert.New(t)`

			`provider, err := New(`
			`tt.fields.name,`
			`tt.fields.issuer,`
			`tt.fields.jwtEndpoint,`
			`tt.fields.keysEndpoint,`
			`tt.fields.headerName,`
			`tt.fields.encryptionAlg(t),`
			`tt.fields.opts...,`
			`)`
			`require.NoError(t, err)`

			`a.Equal(tt.want.name, provider.Name())`
			`a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())`
			`a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())`
			`a.Equal(tt.want.autoCreation, provider.IsAutoCreation())`
			`a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())`
			`})`
			`}`
			`}`