zitadel/internal/idp/providers/github/session_test.go

package github

import (
	"context"
	"errors"
	"net/http"
	"testing"
	"time"

	"github.com/h2non/gock"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/zitadel/oidc/v2/pkg/oidc"
	"golang.org/x/oauth2"
	"golang.org/x/text/language"

	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/idp"
	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
)

func TestSession_FetchUser(t *testing.T) {
	type fields struct {
		clientID     string
		clientSecret string
		redirectURI  string
		httpMock     func()
		authURL      string
		code         string
		tokens       *oidc.Tokens[*oidc.IDTokenClaims]
		scopes       []string
		options      []oauth.ProviderOpts
	}
	type args struct {
		session idp.Session
	}
	type want struct {
		err               func(error) bool
		user              idp.User
		id                string
		firstName         string
		lastName          string
		displayName       string
		nickName          string
		preferredUsername string
		email             string
		isEmailVerified   bool
		phone             string
		isPhoneVerified   bool
		preferredLanguage language.Tag
		avatarURL         string
		profile           string
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		want   want
	}{
		{
			name: "unauthenticated session, error",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				httpMock: func() {
					gock.New("https://api.github.com").
						Get("/user").
						Reply(200).
						JSON(userinfo())
				},
				authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",
				tokens:  nil,
			},
			args: args{
				&oauth.Session{},
			},
			want: want{
				err: func(err error) bool {
					return errors.Is(err, oauth.ErrCodeMissing)
				},
			},
		},
		{
			name: "user error",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				httpMock: func() {
					gock.New("https://api.github.com").
						Get("/user").
						Reply(http.StatusInternalServerError)
				},
				authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",
				tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
					Token: &oauth2.Token{
						AccessToken: "accessToken",
						TokenType:   oidc.BearerToken,
					},
				},
			},
			args: args{
				&oauth.Session{},
			},
			want: want{
				err: func(err error) bool {
					return err.Error() == "http status not ok: 500 Internal Server Error "
				},
			},
		},
		{
			name: "successful fetch",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				httpMock: func() {
					gock.New("https://api.github.com").
						Get("/user").
						Reply(200).
						JSON(userinfo())
				},
				authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",
				tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
					Token: &oauth2.Token{
						AccessToken: "accessToken",
						TokenType:   oidc.BearerToken,
					},
				},
			},
			args: args{
				&oauth.Session{},
			},
			want: want{
				user: &User{
					Login:      "login",
					ID:         1,
					AvatarUrl:  "avatarURL",
					GravatarId: "gravatarID",
					Name:       "name",
					Email:      "email",
					HtmlUrl:    "htmlURL",
					CreatedAt:  time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),
					UpdatedAt:  time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),
				},
				id:                "1",
				firstName:         "",
				lastName:          "",
				displayName:       "name",
				nickName:          "login",
				preferredUsername: "login",
				email:             "email",
				isEmailVerified:   true,
				phone:             "",
				isPhoneVerified:   false,
				preferredLanguage: language.Und,
				avatarURL:         "avatarURL",
				profile:           "htmlURL",
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			defer gock.Off()
			tt.fields.httpMock()
			a := assert.New(t)

			provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)
			require.NoError(t, err)

			session := &oauth.Session{
				AuthURL:  tt.fields.authURL,
				Code:     tt.fields.code,
				Tokens:   tt.fields.tokens,
				Provider: provider.Provider,
			}

			user, err := session.FetchUser(context.Background())
			if tt.want.err != nil && !tt.want.err(err) {
				a.Fail("invalid error", err)
			}
			if tt.want.err == nil {
				a.NoError(err)
				a.Equal(tt.want.user, user)
				a.Equal(tt.want.id, user.GetID())
				a.Equal(tt.want.firstName, user.GetFirstName())
				a.Equal(tt.want.lastName, user.GetLastName())
				a.Equal(tt.want.displayName, user.GetDisplayName())
				a.Equal(tt.want.nickName, user.GetNickname())
				a.Equal(tt.want.preferredUsername, user.GetPreferredUsername())
				a.Equal(domain.EmailAddress(tt.want.email), user.GetEmail())
				a.Equal(tt.want.isEmailVerified, user.IsEmailVerified())
				a.Equal(domain.PhoneNumber(tt.want.phone), user.GetPhone())
				a.Equal(tt.want.isPhoneVerified, user.IsPhoneVerified())
				a.Equal(tt.want.preferredLanguage, user.GetPreferredLanguage())
				a.Equal(tt.want.avatarURL, user.GetAvatarURL())
				a.Equal(tt.want.profile, user.GetProfile())
			}
		})
	}
}

func userinfo() *User {
	return &User{
		Login:      "login",
		ID:         1,
		AvatarUrl:  "avatarURL",
		GravatarId: "gravatarID",
		Name:       "name",
		Email:      "email",
		HtmlUrl:    "htmlURL",
		CreatedAt:  time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),
		UpdatedAt:  time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),
	}
}
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`package github`

			`import (`
			`"context"`
			`"errors"`
			`"net/http"`
			`"testing"`
			`"time"`

			`"github.com/h2non/gock"`
			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`"github.com/zitadel/oidc/v2/pkg/oidc"`
			`"golang.org/x/oauth2"`
			`"golang.org/x/text/language"`

fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`"github.com/zitadel/zitadel/internal/idp"`
			`"github.com/zitadel/zitadel/internal/idp/providers/oauth"`
			`)`

			`func TestSession_FetchUser(t *testing.T) {`
			`type fields struct {`
			`clientID string`
			`clientSecret string`
			`redirectURI string`
			`httpMock func()`
			`authURL string`
			`code string`
chore: upgrade to oidc v2 release (#5437) * chore: upgrade to oidc v2 release * fix tests * fix build errors after rebase * pin oidc v2.1.0 * pin oidc v2.1.1 (include bugfix) * pin oidc v2.1.2 (include bugfix) * pin oidc v2.2.1 (bugfix) include fix zitadel/oidc#349 * fix: refresh token handling * simplify cognitive complexity * fix: handle error --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-03-28 11:28:56 +00:00			`tokens oidc.Tokens[oidc.IDTokenClaims]`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`scopes []string`
			`options []oauth.ProviderOpts`
			`}`
			`type args struct {`
			`session idp.Session`
			`}`
			`type want struct {`
			`err func(error) bool`
			`user idp.User`
			`id string`
			`firstName string`
			`lastName string`
			`displayName string`
			`nickName string`
			`preferredUsername string`
			`email string`
			`isEmailVerified bool`
			`phone string`
			`isPhoneVerified bool`
			`preferredLanguage language.Tag`
			`avatarURL string`
			`profile string`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`want want`
			`}{`
			`{`
			`name: "unauthenticated session, error",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`httpMock: func() {`
			`gock.New("https://api.github.com").`
			`Get("/user").`
			`Reply(200).`
			`JSON(userinfo())`
			`},`
			`authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",`
			`tokens: nil,`
			`},`
			`args: args{`
			`&oauth.Session{},`
			`},`
			`want: want{`
			`err: func(err error) bool {`
			`return errors.Is(err, oauth.ErrCodeMissing)`
			`},`
			`},`
			`},`
			`{`
			`name: "user error",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`httpMock: func() {`
			`gock.New("https://api.github.com").`
			`Get("/user").`
			`Reply(http.StatusInternalServerError)`
			`},`
			`authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",`
chore: upgrade to oidc v2 release (#5437) * chore: upgrade to oidc v2 release * fix tests * fix build errors after rebase * pin oidc v2.1.0 * pin oidc v2.1.1 (include bugfix) * pin oidc v2.1.2 (include bugfix) * pin oidc v2.2.1 (bugfix) include fix zitadel/oidc#349 * fix: refresh token handling * simplify cognitive complexity * fix: handle error --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-03-28 11:28:56 +00:00			`tokens: &oidc.Tokens[*oidc.IDTokenClaims]{`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`Token: &oauth2.Token{`
			`AccessToken: "accessToken",`
			`TokenType: oidc.BearerToken,`
			`},`
			`},`
			`},`
			`args: args{`
			`&oauth.Session{},`
			`},`
			`want: want{`
			`err: func(err error) bool {`
			`return err.Error() == "http status not ok: 500 Internal Server Error "`
			`},`
			`},`
			`},`
			`{`
			`name: "successful fetch",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`httpMock: func() {`
			`gock.New("https://api.github.com").`
			`Get("/user").`
			`Reply(200).`
			`JSON(userinfo())`
			`},`
			`authURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState",`
chore: upgrade to oidc v2 release (#5437) * chore: upgrade to oidc v2 release * fix tests * fix build errors after rebase * pin oidc v2.1.0 * pin oidc v2.1.1 (include bugfix) * pin oidc v2.1.2 (include bugfix) * pin oidc v2.2.1 (bugfix) include fix zitadel/oidc#349 * fix: refresh token handling * simplify cognitive complexity * fix: handle error --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-03-28 11:28:56 +00:00			`tokens: &oidc.Tokens[*oidc.IDTokenClaims]{`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`Token: &oauth2.Token{`
			`AccessToken: "accessToken",`
			`TokenType: oidc.BearerToken,`
			`},`
			`},`
			`},`
			`args: args{`
			`&oauth.Session{},`
			`},`
			`want: want{`
			`user: &User{`
			`Login: "login",`
			`ID: 1,`
			`AvatarUrl: "avatarURL",`
			`GravatarId: "gravatarID",`
			`Name: "name",`
			`Email: "email",`
			`HtmlUrl: "htmlURL",`
			`CreatedAt: time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),`
			`UpdatedAt: time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),`
			`},`
			`id: "1",`
			`firstName: "",`
			`lastName: "",`
			`displayName: "name",`
			`nickName: "login",`
			`preferredUsername: "login",`
			`email: "email",`
			`isEmailVerified: true,`
			`phone: "",`
			`isPhoneVerified: false,`
			`preferredLanguage: language.Und,`
			`avatarURL: "avatarURL",`
			`profile: "htmlURL",`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`defer gock.Off()`
			`tt.fields.httpMock()`
			`a := assert.New(t)`

			`provider, err := New(tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)`
			`require.NoError(t, err)`

			`session := &oauth.Session{`
			`AuthURL: tt.fields.authURL,`
			`Code: tt.fields.code,`
			`Tokens: tt.fields.tokens,`
			`Provider: provider.Provider,`
			`}`

			`user, err := session.FetchUser(context.Background())`
			`if tt.want.err != nil && !tt.want.err(err) {`
			`a.Fail("invalid error", err)`
			`}`
			`if tt.want.err == nil {`
			`a.NoError(err)`
			`a.Equal(tt.want.user, user)`
			`a.Equal(tt.want.id, user.GetID())`
			`a.Equal(tt.want.firstName, user.GetFirstName())`
			`a.Equal(tt.want.lastName, user.GetLastName())`
			`a.Equal(tt.want.displayName, user.GetDisplayName())`
			`a.Equal(tt.want.nickName, user.GetNickname())`
			`a.Equal(tt.want.preferredUsername, user.GetPreferredUsername())`
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`a.Equal(domain.EmailAddress(tt.want.email), user.GetEmail())`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`a.Equal(tt.want.isEmailVerified, user.IsEmailVerified())`
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`a.Equal(domain.PhoneNumber(tt.want.phone), user.GetPhone())`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 07:11:40 +00:00			`a.Equal(tt.want.isPhoneVerified, user.IsPhoneVerified())`
			`a.Equal(tt.want.preferredLanguage, user.GetPreferredLanguage())`
			`a.Equal(tt.want.avatarURL, user.GetAvatarURL())`
			`a.Equal(tt.want.profile, user.GetProfile())`
			`}`
			`})`
			`}`
			`}`

			`func userinfo() *User {`
			`return &User{`
			`Login: "login",`
			`ID: 1,`
			`AvatarUrl: "avatarURL",`
			`GravatarId: "gravatarID",`
			`Name: "name",`
			`Email: "email",`
			`HtmlUrl: "htmlURL",`
			`CreatedAt: time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),`
			`UpdatedAt: time.Date(2023, 01, 10, 11, 10, 35, 0, time.UTC),`
			`}`
			`}`