zitadel/internal/api/oidc/server_test.go

package oidc

import (
	"context"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/zitadel/oidc/v3/pkg/oidc"
	"github.com/zitadel/oidc/v3/pkg/op"
	"golang.org/x/text/language"
)

func TestServer_createDiscoveryConfig(t *testing.T) {
	type fields struct {
		LegacyServer        *op.LegacyServer
		signingKeyAlgorithm string
	}
	type args struct {
		ctx                context.Context
		supportedUILocales []language.Tag
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		want   *oidc.DiscoveryConfiguration
	}{
		{
			"config",
			fields{
				LegacyServer: op.NewLegacyServer(
					func() *op.Provider {
						provider, _ := op.NewForwardedOpenIDProvider("path",
							&op.Config{
								CodeMethodS256:          true,
								AuthMethodPost:          true,
								AuthMethodPrivateKeyJWT: true,
								GrantTypeRefreshToken:   true,
								RequestObjectSupported:  true,
							},
							nil,
						)
						return provider
					}(),
					op.Endpoints{
						Authorization:       op.NewEndpoint("auth"),
						Token:               op.NewEndpoint("token"),
						Introspection:       op.NewEndpoint("introspect"),
						Userinfo:            op.NewEndpoint("userinfo"),
						Revocation:          op.NewEndpoint("revoke"),
						EndSession:          op.NewEndpoint("logout"),
						JwksURI:             op.NewEndpoint("keys"),
						DeviceAuthorization: op.NewEndpoint("device"),
					},
				),
				signingKeyAlgorithm: "RS256",
			},
			args{
				ctx:                op.ContextWithIssuer(context.Background(), "https://issuer.com"),
				supportedUILocales: []language.Tag{language.English, language.German},
			},
			&oidc.DiscoveryConfiguration{
				Issuer:                                             "https://issuer.com",
				AuthorizationEndpoint:                              "https://issuer.com/auth",
				TokenEndpoint:                                      "https://issuer.com/token",
				IntrospectionEndpoint:                              "https://issuer.com/introspect",
				UserinfoEndpoint:                                   "https://issuer.com/userinfo",
				RevocationEndpoint:                                 "https://issuer.com/revoke",
				EndSessionEndpoint:                                 "https://issuer.com/logout",
				DeviceAuthorizationEndpoint:                        "https://issuer.com/device",
				CheckSessionIframe:                                 "",
				JwksURI:                                            "https://issuer.com/keys",
				RegistrationEndpoint:                               "",
				ScopesSupported:                                    []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopePhone, oidc.ScopeAddress, oidc.ScopeOfflineAccess},
				ResponseTypesSupported:                             []string{string(oidc.ResponseTypeCode), string(oidc.ResponseTypeIDTokenOnly), string(oidc.ResponseTypeIDToken)},
				ResponseModesSupported:                             nil,
				GrantTypesSupported:                                []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeImplicit, oidc.GrantTypeRefreshToken, oidc.GrantTypeBearer},
				ACRValuesSupported:                                 nil,
				SubjectTypesSupported:                              []string{"public"},
				IDTokenSigningAlgValuesSupported:                   []string{"RS256"},
				IDTokenEncryptionAlgValuesSupported:                nil,
				IDTokenEncryptionEncValuesSupported:                nil,
				UserinfoSigningAlgValuesSupported:                  nil,
				UserinfoEncryptionAlgValuesSupported:               nil,
				UserinfoEncryptionEncValuesSupported:               nil,
				RequestObjectSigningAlgValuesSupported:             []string{"RS256"},
				RequestObjectEncryptionAlgValuesSupported:          nil,
				RequestObjectEncryptionEncValuesSupported:          nil,
				TokenEndpointAuthMethodsSupported:                  []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},
				TokenEndpointAuthSigningAlgValuesSupported:         []string{"RS256"},
				RevocationEndpointAuthMethodsSupported:             []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},
				RevocationEndpointAuthSigningAlgValuesSupported:    []string{"RS256"},
				IntrospectionEndpointAuthMethodsSupported:          []oidc.AuthMethod{oidc.AuthMethodBasic, oidc.AuthMethodPrivateKeyJWT},
				IntrospectionEndpointAuthSigningAlgValuesSupported: []string{"RS256"},
				DisplayValuesSupported:                             nil,
				ClaimTypesSupported:                                nil,
				ClaimsSupported:                                    []string{"sub", "aud", "exp", "iat", "iss", "auth_time", "nonce", "acr", "amr", "c_hash", "at_hash", "act", "scopes", "client_id", "azp", "preferred_username", "name", "family_name", "given_name", "locale", "email", "email_verified", "phone_number", "phone_number_verified"},
				ClaimsParameterSupported:                           false,
				CodeChallengeMethodsSupported:                      []oidc.CodeChallengeMethod{"S256"},
				ServiceDocumentation:                               "",
				ClaimsLocalesSupported:                             nil,
				UILocalesSupported:                                 []language.Tag{language.English, language.German},
				RequestParameterSupported:                          true,
				RequestURIParameterSupported:                       false,
				RequireRequestURIRegistration:                      false,
				OPPolicyURI:                                        "",
				OPTermsOfServiceURI:                                "",
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			s := &Server{
				LegacyServer:        tt.fields.LegacyServer,
				signingKeyAlgorithm: tt.fields.signingKeyAlgorithm,
			}
			assert.Equalf(t, tt.want, s.createDiscoveryConfig(tt.args.ctx, tt.args.supportedUILocales), "createDiscoveryConfig(%v)", tt.args.ctx)
		})
	}
}
perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00			`package oidc`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/zitadel/oidc/v3/pkg/oidc"`
			`"github.com/zitadel/oidc/v3/pkg/op"`
			`"golang.org/x/text/language"`
			`)`

			`func TestServer_createDiscoveryConfig(t *testing.T) {`
			`type fields struct {`
			`LegacyServer *op.LegacyServer`
			`signingKeyAlgorithm string`
			`}`
			`type args struct {`
feat: restrict languages (#6931) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions 2023-12-05 11:12:01 +00:00			`ctx context.Context`
			`supportedUILocales []language.Tag`
perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`want *oidc.DiscoveryConfiguration`
			`}{`
			`{`
			`"config",`
			`fields{`
			`LegacyServer: op.NewLegacyServer(`
			`func() *op.Provider {`
			`provider, _ := op.NewForwardedOpenIDProvider("path",`
			`&op.Config{`
			`CodeMethodS256: true,`
			`AuthMethodPost: true,`
			`AuthMethodPrivateKeyJWT: true,`
			`GrantTypeRefreshToken: true,`
			`RequestObjectSupported: true,`
			`},`
			`nil,`
			`)`
			`return provider`
			`}(),`
			`op.Endpoints{`
			`Authorization: op.NewEndpoint("auth"),`
			`Token: op.NewEndpoint("token"),`
			`Introspection: op.NewEndpoint("introspect"),`
			`Userinfo: op.NewEndpoint("userinfo"),`
			`Revocation: op.NewEndpoint("revoke"),`
			`EndSession: op.NewEndpoint("logout"),`
			`JwksURI: op.NewEndpoint("keys"),`
			`DeviceAuthorization: op.NewEndpoint("device"),`
			`},`
			`),`
			`signingKeyAlgorithm: "RS256",`
			`},`
			`args{`
feat: restrict languages (#6931) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions 2023-12-05 11:12:01 +00:00			`ctx: op.ContextWithIssuer(context.Background(), "https://issuer.com"),`
			`supportedUILocales: []language.Tag{language.English, language.German},`
perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00			`},`
			`&oidc.DiscoveryConfiguration{`
			`Issuer: "https://issuer.com",`
			`AuthorizationEndpoint: "https://issuer.com/auth",`
			`TokenEndpoint: "https://issuer.com/token",`
			`IntrospectionEndpoint: "https://issuer.com/introspect",`
			`UserinfoEndpoint: "https://issuer.com/userinfo",`
			`RevocationEndpoint: "https://issuer.com/revoke",`
			`EndSessionEndpoint: "https://issuer.com/logout",`
			`DeviceAuthorizationEndpoint: "https://issuer.com/device",`
			`CheckSessionIframe: "",`
			`JwksURI: "https://issuer.com/keys",`
			`RegistrationEndpoint: "",`
			`ScopesSupported: []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopePhone, oidc.ScopeAddress, oidc.ScopeOfflineAccess},`
			`ResponseTypesSupported: []string{string(oidc.ResponseTypeCode), string(oidc.ResponseTypeIDTokenOnly), string(oidc.ResponseTypeIDToken)},`
			`ResponseModesSupported: nil,`
			`GrantTypesSupported: []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeImplicit, oidc.GrantTypeRefreshToken, oidc.GrantTypeBearer},`
			`ACRValuesSupported: nil,`
			`SubjectTypesSupported: []string{"public"},`
			`IDTokenSigningAlgValuesSupported: []string{"RS256"},`
			`IDTokenEncryptionAlgValuesSupported: nil,`
			`IDTokenEncryptionEncValuesSupported: nil,`
			`UserinfoSigningAlgValuesSupported: nil,`
			`UserinfoEncryptionAlgValuesSupported: nil,`
			`UserinfoEncryptionEncValuesSupported: nil,`
			`RequestObjectSigningAlgValuesSupported: []string{"RS256"},`
			`RequestObjectEncryptionAlgValuesSupported: nil,`
			`RequestObjectEncryptionEncValuesSupported: nil,`
			`TokenEndpointAuthMethodsSupported: []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},`
			`TokenEndpointAuthSigningAlgValuesSupported: []string{"RS256"},`
			`RevocationEndpointAuthMethodsSupported: []oidc.AuthMethod{oidc.AuthMethodNone, oidc.AuthMethodBasic, oidc.AuthMethodPost, oidc.AuthMethodPrivateKeyJWT},`
			`RevocationEndpointAuthSigningAlgValuesSupported: []string{"RS256"},`
			`IntrospectionEndpointAuthMethodsSupported: []oidc.AuthMethod{oidc.AuthMethodBasic, oidc.AuthMethodPrivateKeyJWT},`
			`IntrospectionEndpointAuthSigningAlgValuesSupported: []string{"RS256"},`
			`DisplayValuesSupported: nil,`
			`ClaimTypesSupported: nil,`
			`ClaimsSupported: []string{"sub", "aud", "exp", "iat", "iss", "auth_time", "nonce", "acr", "amr", "c_hash", "at_hash", "act", "scopes", "client_id", "azp", "preferred_username", "name", "family_name", "given_name", "locale", "email", "email_verified", "phone_number", "phone_number_verified"},`
			`ClaimsParameterSupported: false,`
			`CodeChallengeMethodsSupported: []oidc.CodeChallengeMethod{"S256"},`
			`ServiceDocumentation: "",`
			`ClaimsLocalesSupported: nil,`
			`UILocalesSupported: []language.Tag{language.English, language.German},`
			`RequestParameterSupported: true,`
			`RequestURIParameterSupported: false,`
			`RequireRequestURIRegistration: false,`
			`OPPolicyURI: "",`
			`OPTermsOfServiceURI: "",`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`s := &Server{`
			`LegacyServer: tt.fields.LegacyServer,`
			`signingKeyAlgorithm: tt.fields.signingKeyAlgorithm,`
			`}`
feat: restrict languages (#6931) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions 2023-12-05 11:12:01 +00:00			`assert.Equalf(t, tt.want, s.createDiscoveryConfig(tt.args.ctx, tt.args.supportedUILocales), "createDiscoveryConfig(%v)", tt.args.ctx)`
perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00			`})`
			`}`
			`}`