2023-01-23 08:11:40 +01:00
|
|
|
package jwt
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"errors"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/golang/mock/gomock"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
|
|
"github.com/zitadel/zitadel/internal/idp"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestProvider_BeginAuth(t *testing.T) {
|
|
|
|
type fields struct {
|
|
|
|
name string
|
|
|
|
issuer string
|
|
|
|
jwtEndpoint string
|
|
|
|
keysEndpoint string
|
|
|
|
headerName string
|
|
|
|
encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
|
|
|
|
}
|
|
|
|
type args struct {
|
|
|
|
params []any
|
|
|
|
}
|
|
|
|
type want struct {
|
|
|
|
session idp.Session
|
|
|
|
err func(error) bool
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
fields fields
|
|
|
|
args args
|
|
|
|
want want
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "missing userAgentID error",
|
|
|
|
fields: fields{
|
|
|
|
issuer: "https://jwt.com",
|
|
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
|
|
headerName: "jwt-header",
|
|
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
|
|
},
|
|
|
|
},
|
|
|
|
args: args{
|
|
|
|
params: nil,
|
|
|
|
},
|
|
|
|
want: want{
|
|
|
|
err: func(err error) bool {
|
|
|
|
return errors.Is(err, ErrMissingUserAgentID)
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "invalid userAgentID error",
|
|
|
|
fields: fields{
|
|
|
|
issuer: "https://jwt.com",
|
|
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
|
|
headerName: "jwt-header",
|
|
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
|
|
},
|
|
|
|
},
|
|
|
|
args: args{
|
|
|
|
params: []any{
|
|
|
|
0,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: want{
|
|
|
|
err: func(err error) bool {
|
|
|
|
return errors.Is(err, ErrMissingUserAgentID)
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "successful auth",
|
|
|
|
fields: fields{
|
|
|
|
issuer: "https://jwt.com",
|
|
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
|
|
headerName: "jwt-header",
|
|
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
|
|
},
|
|
|
|
},
|
|
|
|
args: args{
|
|
|
|
params: []any{
|
|
|
|
"agent",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: want{
|
|
|
|
session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=YWdlbnQ"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
a := assert.New(t)
|
|
|
|
|
|
|
|
provider, err := New(
|
|
|
|
tt.fields.name,
|
|
|
|
tt.fields.issuer,
|
|
|
|
tt.fields.jwtEndpoint,
|
|
|
|
tt.fields.keysEndpoint,
|
|
|
|
tt.fields.headerName,
|
|
|
|
tt.fields.encryptionAlg(t),
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2023-09-29 11:26:14 +02:00
|
|
|
ctx := context.Background()
|
|
|
|
session, err := provider.BeginAuth(ctx, "testState", tt.args.params...)
|
2023-01-23 08:11:40 +01:00
|
|
|
if tt.want.err != nil && !tt.want.err(err) {
|
|
|
|
a.Fail("invalid error", err)
|
|
|
|
}
|
|
|
|
if tt.want.err == nil {
|
|
|
|
a.NoError(err)
|
2023-09-29 11:26:14 +02:00
|
|
|
wantHeaders, wantContent := tt.want.session.GetAuth(ctx)
|
|
|
|
gotHeaders, gotContent := session.GetAuth(ctx)
|
|
|
|
a.Equal(wantHeaders, gotHeaders)
|
|
|
|
a.Equal(wantContent, gotContent)
|
2023-01-23 08:11:40 +01:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestProvider_Options(t *testing.T) {
|
|
|
|
type fields struct {
|
|
|
|
name string
|
|
|
|
issuer string
|
|
|
|
jwtEndpoint string
|
|
|
|
keysEndpoint string
|
|
|
|
headerName string
|
|
|
|
encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
|
|
|
|
opts []ProviderOpts
|
|
|
|
}
|
|
|
|
type want struct {
|
|
|
|
name string
|
|
|
|
linkingAllowed bool
|
|
|
|
creationAllowed bool
|
|
|
|
autoCreation bool
|
|
|
|
autoUpdate bool
|
|
|
|
pkce bool
|
|
|
|
}
|
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
fields fields
|
|
|
|
want want
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "default",
|
|
|
|
fields: fields{
|
|
|
|
name: "jwt",
|
|
|
|
issuer: "https://jwt.com",
|
|
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
|
|
headerName: "jwt-header",
|
|
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
|
|
},
|
|
|
|
opts: nil,
|
|
|
|
},
|
|
|
|
want: want{
|
|
|
|
name: "jwt",
|
|
|
|
linkingAllowed: false,
|
|
|
|
creationAllowed: false,
|
|
|
|
autoCreation: false,
|
|
|
|
autoUpdate: false,
|
|
|
|
pkce: false,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "all true",
|
|
|
|
fields: fields{
|
|
|
|
name: "jwt",
|
|
|
|
issuer: "https://jwt.com",
|
|
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
|
|
headerName: "jwt-header",
|
|
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
|
|
},
|
|
|
|
opts: []ProviderOpts{
|
|
|
|
WithLinkingAllowed(),
|
|
|
|
WithCreationAllowed(),
|
|
|
|
WithAutoCreation(),
|
|
|
|
WithAutoUpdate(),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
want: want{
|
|
|
|
name: "jwt",
|
|
|
|
linkingAllowed: true,
|
|
|
|
creationAllowed: true,
|
|
|
|
autoCreation: true,
|
|
|
|
autoUpdate: true,
|
|
|
|
pkce: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
|
|
a := assert.New(t)
|
|
|
|
|
|
|
|
provider, err := New(
|
|
|
|
tt.fields.name,
|
|
|
|
tt.fields.issuer,
|
|
|
|
tt.fields.jwtEndpoint,
|
|
|
|
tt.fields.keysEndpoint,
|
|
|
|
tt.fields.headerName,
|
|
|
|
tt.fields.encryptionAlg(t),
|
|
|
|
tt.fields.opts...,
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
a.Equal(tt.want.name, provider.Name())
|
|
|
|
a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
|
|
|
|
a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
|
|
|
|
a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
|
|
|
|
a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|