zitadel/internal/idp/providers/azuread/azuread_test.go

package azuread

import (
	"context"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/zitadel/oidc/v2/pkg/client/rp"
	openid "github.com/zitadel/oidc/v2/pkg/oidc"

	"github.com/zitadel/zitadel/internal/idp"
	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
	"github.com/zitadel/zitadel/internal/idp/providers/oidc"
)

func TestProvider_BeginAuth(t *testing.T) {
	type fields struct {
		name         string
		clientID     string
		clientSecret string
		redirectURI  string
		scopes       []string
		options      []ProviderOptions
	}
	tests := []struct {
		name   string
		fields fields
		want   idp.Session
	}{
		{
			name: "default common tenant",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
			},
			want: &oidc.Session{
				AuthURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email+phone+User.Read&state=testState",
			},
		},
		{
			name: "tenant",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				options: []ProviderOptions{
					WithTenant(ConsumersTenant),
				},
			},
			want: &oidc.Session{
				AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email+phone+User.Read&state=testState",
			},
		},
		{
			name: "custom scopes",
			fields: fields{
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				scopes:       []string{openid.ScopeOpenID, openid.ScopeProfile, "custom"},
				options: []ProviderOptions{
					WithTenant(ConsumersTenant),
				},
			},
			want: &oidc.Session{
				AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+custom+User.Read&state=testState",
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			a := assert.New(t)
			r := require.New(t)

			provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)
			r.NoError(err)

			ctx := context.Background()
			session, err := provider.BeginAuth(ctx, "testState")
			r.NoError(err)

			wantHeaders, wantContent := tt.want.GetAuth(ctx)
			gotHeaders, gotContent := session.GetAuth(ctx)
			a.Equal(wantHeaders, gotHeaders)
			a.Equal(wantContent, gotContent)
		})
	}
}

func TestProvider_Options(t *testing.T) {
	type fields struct {
		name         string
		clientID     string
		clientSecret string
		redirectURI  string
		scopes       []string
		options      []ProviderOptions
	}
	type want struct {
		name            string
		tenant          TenantType
		emailVerified   bool
		linkingAllowed  bool
		creationAllowed bool
		autoCreation    bool
		autoUpdate      bool
		pkce            bool
	}
	tests := []struct {
		name   string
		fields fields
		want   want
	}{
		{
			name: "default common tenant",
			fields: fields{
				name:         "default common tenant",
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				scopes:       nil,
				options:      nil,
			},
			want: want{
				name:            "default common tenant",
				tenant:          CommonTenant,
				emailVerified:   false,
				linkingAllowed:  false,
				creationAllowed: false,
				autoCreation:    false,
				autoUpdate:      false,
				pkce:            false,
			},
		},
		{
			name: "all set",
			fields: fields{
				name:         "custom tenant",
				clientID:     "clientID",
				clientSecret: "clientSecret",
				redirectURI:  "redirectURI",
				options: []ProviderOptions{
					WithTenant("tenant"),
					WithEmailVerified(),
					WithOAuthOptions(
						oauth.WithLinkingAllowed(),
						oauth.WithCreationAllowed(),
						oauth.WithAutoCreation(),
						oauth.WithAutoUpdate(),
						oauth.WithRelyingPartyOption(rp.WithPKCE(nil)),
					),
				},
			},
			want: want{
				name:            "custom tenant",
				tenant:          "tenant",
				emailVerified:   true,
				linkingAllowed:  true,
				creationAllowed: true,
				autoCreation:    true,
				autoUpdate:      true,
				pkce:            true,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			a := assert.New(t)

			provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)
			require.NoError(t, err)

			a.Equal(tt.want.name, provider.Name())
			a.Equal(tt.want.tenant, provider.tenant)
			a.Equal(tt.want.emailVerified, provider.emailVerified)
			a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
			a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
			a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
			a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
			a.Equal(tt.want.pkce, provider.RelyingParty.IsPKCE())
		})
	}
}
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`package azuread`

			`import (`
			`"context"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`"github.com/zitadel/oidc/v2/pkg/client/rp"`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`openid "github.com/zitadel/oidc/v2/pkg/oidc"`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00
			`"github.com/zitadel/zitadel/internal/idp"`
			`"github.com/zitadel/zitadel/internal/idp/providers/oauth"`
			`"github.com/zitadel/zitadel/internal/idp/providers/oidc"`
			`)`

			`func TestProvider_BeginAuth(t *testing.T) {`
			`type fields struct {`
			`name string`
			`clientID string`
			`clientSecret string`
			`redirectURI string`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`scopes []string`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`options []ProviderOptions`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`want idp.Session`
			`}{`
			`{`
			`name: "default common tenant",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`},`
			`want: &oidc.Session{`
fix: ensure minimal scope for azure ad (#5686) * fix: ensure minimal scope for azure ad * docs(idps): mention scopes which are always sent --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-17 09:02:16 +02:00			`AuthURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email+phone+User.Read&state=testState",`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`},`
			`},`
			`{`
			`name: "tenant",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`options: []ProviderOptions{`
			`WithTenant(ConsumersTenant),`
			`},`
			`},`
			`want: &oidc.Session{`
fix: ensure minimal scope for azure ad (#5686) * fix: ensure minimal scope for azure ad * docs(idps): mention scopes which are always sent --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-17 09:02:16 +02:00			`AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email+phone+User.Read&state=testState",`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`},`
			`},`
			`{`
			`name: "custom scopes",`
			`fields: fields{`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
fix: ensure minimal scope for azure ad (#5686) * fix: ensure minimal scope for azure ad * docs(idps): mention scopes which are always sent --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-17 09:02:16 +02:00			`scopes: []string{openid.ScopeOpenID, openid.ScopeProfile, "custom"},`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`options: []ProviderOptions{`
			`WithTenant(ConsumersTenant),`
			`},`
			`},`
			`want: &oidc.Session{`
fix: ensure minimal scope for azure ad (#5686) * fix: ensure minimal scope for azure ad * docs(idps): mention scopes which are always sent --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-17 09:02:16 +02:00			`AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+custom+User.Read&state=testState",`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`a := assert.New(t)`
			`r := require.New(t)`

feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`r.NoError(err)`

feat: add SAML as identity provider (#6454) * feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-09-29 11:26:14 +02:00			`ctx := context.Background()`
			`session, err := provider.BeginAuth(ctx, "testState")`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`r.NoError(err)`

feat: add SAML as identity provider (#6454) * feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-09-29 11:26:14 +02:00			`wantHeaders, wantContent := tt.want.GetAuth(ctx)`
			`gotHeaders, gotContent := session.GetAuth(ctx)`
			`a.Equal(wantHeaders, gotHeaders)`
			`a.Equal(wantContent, gotContent)`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`})`
			`}`
			`}`

			`func TestProvider_Options(t *testing.T) {`
			`type fields struct {`
			`name string`
			`clientID string`
			`clientSecret string`
			`redirectURI string`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`scopes []string`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`options []ProviderOptions`
			`}`
			`type want struct {`
			`name string`
			`tenant TenantType`
			`emailVerified bool`
			`linkingAllowed bool`
			`creationAllowed bool`
			`autoCreation bool`
			`autoUpdate bool`
			`pkce bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`want want`
			`}{`
			`{`
			`name: "default common tenant",`
			`fields: fields{`
			`name: "default common tenant",`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`scopes: nil,`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`options: nil,`
			`},`
			`want: want{`
			`name: "default common tenant",`
			`tenant: CommonTenant,`
			`emailVerified: false,`
			`linkingAllowed: false,`
			`creationAllowed: false,`
			`autoCreation: false,`
			`autoUpdate: false,`
			`pkce: false,`
			`},`
			`},`
			`{`
			`name: "all set",`
			`fields: fields{`
			`name: "custom tenant",`
			`clientID: "clientID",`
			`clientSecret: "clientSecret",`
			`redirectURI: "redirectURI",`
			`options: []ProviderOptions{`
			`WithTenant("tenant"),`
			`WithEmailVerified(),`
			`WithOAuthOptions(`
			`oauth.WithLinkingAllowed(),`
			`oauth.WithCreationAllowed(),`
			`oauth.WithAutoCreation(),`
			`oauth.WithAutoUpdate(),`
			`oauth.WithRelyingPartyOption(rp.WithPKCE(nil)),`
			`),`
			`},`
			`},`
			`want: want{`
			`name: "custom tenant",`
			`tenant: "tenant",`
			`emailVerified: true,`
			`linkingAllowed: true,`
			`creationAllowed: true,`
			`autoCreation: true,`
			`autoUpdate: true,`
			`pkce: true,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`a := assert.New(t)`

feat: add azure provider templates (#5441) Adds possibility to manage and use Microsoft Azure template based providers 2023-03-15 07:48:37 +01:00			`provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...)`
feat: add basic structure of idp templates (#5053) add basic structure and implement first providers for IDP templates to be able to manage and use them in the future 2023-01-23 08:11:40 +01:00			`require.NoError(t, err)`

			`a.Equal(tt.want.name, provider.Name())`
			`a.Equal(tt.want.tenant, provider.tenant)`
			`a.Equal(tt.want.emailVerified, provider.emailVerified)`
			`a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())`
			`a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())`
			`a.Equal(tt.want.autoCreation, provider.IsAutoCreation())`
			`a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())`
			`a.Equal(tt.want.pkce, provider.RelyingParty.IsPKCE())`
			`})`
			`}`
			`}`