feat: add basic structure of idp templates (#5053)

add basic structure and implement first providers for IDP templates to be able to manage and use them in the future
2025-08-12 00:57:33 +00:00 · 2023-01-23 08:11:40 +01:00
parent 7b5135e637
commit 598a4d2d4b
29 changed files with 3907 additions and 54 deletions
--- a/internal/idp/providers/jwt/jwt_test.go
+++ b/internal/idp/providers/jwt/jwt_test.go
@@ -0,0 +1,222 @@
+package jwt
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/idp"
+)
+
+func TestProvider_BeginAuth(t *testing.T) {
+	type fields struct {
+		name          string
+		issuer        string
+		jwtEndpoint   string
+		keysEndpoint  string
+		headerName    string
+		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
+	}
+	type args struct {
+		params []any
+	}
+	type want struct {
+		session idp.Session
+		err     func(error) bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   want
+	}{
+		{
+			name: "missing userAgentID error",
+			fields: fields{
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+			},
+			args: args{
+				params: nil,
+			},
+			want: want{
+				err: func(err error) bool {
+					return errors.Is(err, ErrMissingUserAgentID)
+				},
+			},
+		},
+		{
+			name: "invalid userAgentID error",
+			fields: fields{
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+			},
+			args: args{
+				params: []any{
+					0,
+				},
+			},
+			want: want{
+				err: func(err error) bool {
+					return errors.Is(err, ErrMissingUserAgentID)
+				},
+			},
+		},
+		{
+			name: "successful auth",
+			fields: fields{
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+			},
+			args: args{
+				params: []any{
+					"agent",
+				},
+			},
+			want: want{
+				session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=YWdlbnQ"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := assert.New(t)
+
+			provider, err := New(
+				tt.fields.name,
+				tt.fields.issuer,
+				tt.fields.jwtEndpoint,
+				tt.fields.keysEndpoint,
+				tt.fields.headerName,
+				tt.fields.encryptionAlg(t),
+			)
+			require.NoError(t, err)
+
+			session, err := provider.BeginAuth(context.Background(), "testState", tt.args.params...)
+			if tt.want.err != nil && !tt.want.err(err) {
+				a.Fail("invalid error", err)
+			}
+			if tt.want.err == nil {
+				a.NoError(err)
+				a.Equal(tt.want.session.GetAuthURL(), session.GetAuthURL())
+			}
+		})
+	}
+}
+
+func TestProvider_Options(t *testing.T) {
+	type fields struct {
+		name          string
+		issuer        string
+		jwtEndpoint   string
+		keysEndpoint  string
+		headerName    string
+		encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
+		opts          []ProviderOpts
+	}
+	type want struct {
+		name            string
+		linkingAllowed  bool
+		creationAllowed bool
+		autoCreation    bool
+		autoUpdate      bool
+		pkce            bool
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   want
+	}{
+		{
+			name: "default",
+			fields: fields{
+				name:         "jwt",
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+				opts: nil,
+			},
+			want: want{
+				name:            "jwt",
+				linkingAllowed:  false,
+				creationAllowed: false,
+				autoCreation:    false,
+				autoUpdate:      false,
+				pkce:            false,
+			},
+		},
+		{
+			name: "all true",
+			fields: fields{
+				name:         "jwt",
+				issuer:       "https://jwt.com",
+				jwtEndpoint:  "https://auth.com/jwt",
+				keysEndpoint: "https://jwt.com/keys",
+				headerName:   "jwt-header",
+				encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
+					return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
+				},
+				opts: []ProviderOpts{
+					WithLinkingAllowed(),
+					WithCreationAllowed(),
+					WithAutoCreation(),
+					WithAutoUpdate(),
+				},
+			},
+			want: want{
+				name:            "jwt",
+				linkingAllowed:  true,
+				creationAllowed: true,
+				autoCreation:    true,
+				autoUpdate:      true,
+				pkce:            true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := assert.New(t)
+
+			provider, err := New(
+				tt.fields.name,
+				tt.fields.issuer,
+				tt.fields.jwtEndpoint,
+				tt.fields.keysEndpoint,
+				tt.fields.headerName,
+				tt.fields.encryptionAlg(t),
+				tt.fields.opts...,
+			)
+			require.NoError(t, err)
+
+			a.Equal(tt.want.name, provider.Name())
+			a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
+			a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
+			a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
+			a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
+		})
+	}
+}