feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-12-10 07:12:41 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/internal/api/authz/token_test.go
+++ b/internal/api/authz/token_test.go
@@ -0,0 +1,75 @@
+package authz
+
+import (
+	"context"
+	"sync"
+	"testing"
+
+	"github.com/caos/zitadel/internal/errors"
+)
+
+func Test_VerifyAccessToken(t *testing.T) {
+
+	type args struct {
+		ctx      context.Context
+		token    string
+		verifier *TokenVerifier
+		method   string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "no auth header set",
+			args: args{
+				ctx:   context.Background(),
+				token: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "wrong auth header set",
+			args: args{
+				ctx:   context.Background(),
+				token: "Basic sds",
+			},
+			wantErr: true,
+		},
+		{
+			name: "auth header set",
+			args: args{
+				ctx:   context.Background(),
+				token: "Bearer AUTH",
+				verifier: &TokenVerifier{
+					authZRepo: &testVerifier{grant: &Grant{}},
+					clients: func() sync.Map {
+						m := sync.Map{}
+						m.Store("service", &client{name: "name"})
+						return m
+					}(),
+					authMethods: MethodMapping{"/service/method": Option{Permission: "authenticated"}},
+				},
+				method: "/service/method",
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, _, _, err := verifyAccessToken(tt.args.ctx, tt.args.token, tt.args.verifier, tt.args.method)
+			if tt.wantErr && err == nil {
+				t.Errorf("got wrong result, should get err: actual: %v ", err)
+			}
+
+			if !tt.wantErr && err != nil {
+				t.Errorf("got wrong result, should not get err: actual: %v ", err)
+			}
+
+			if tt.wantErr && !errors.IsUnauthenticated(err) {
+				t.Errorf("got wrong err: %v ", err)
+			}
+		})
+	}
+}