mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 12:27:59 +00:00
598a4d2d4b
add basic structure and implement first providers for IDP templates to be able to manage and use them in the future
223 lines
5.2 KiB
Go
223 lines
5.2 KiB
Go
package jwt
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"testing"
|
|
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/idp"
|
|
)
|
|
|
|
func TestProvider_BeginAuth(t *testing.T) {
|
|
type fields struct {
|
|
name string
|
|
issuer string
|
|
jwtEndpoint string
|
|
keysEndpoint string
|
|
headerName string
|
|
encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
|
|
}
|
|
type args struct {
|
|
params []any
|
|
}
|
|
type want struct {
|
|
session idp.Session
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
want want
|
|
}{
|
|
{
|
|
name: "missing userAgentID error",
|
|
fields: fields{
|
|
issuer: "https://jwt.com",
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
headerName: "jwt-header",
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
},
|
|
},
|
|
args: args{
|
|
params: nil,
|
|
},
|
|
want: want{
|
|
err: func(err error) bool {
|
|
return errors.Is(err, ErrMissingUserAgentID)
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid userAgentID error",
|
|
fields: fields{
|
|
issuer: "https://jwt.com",
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
headerName: "jwt-header",
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
},
|
|
},
|
|
args: args{
|
|
params: []any{
|
|
0,
|
|
},
|
|
},
|
|
want: want{
|
|
err: func(err error) bool {
|
|
return errors.Is(err, ErrMissingUserAgentID)
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "successful auth",
|
|
fields: fields{
|
|
issuer: "https://jwt.com",
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
headerName: "jwt-header",
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
},
|
|
},
|
|
args: args{
|
|
params: []any{
|
|
"agent",
|
|
},
|
|
},
|
|
want: want{
|
|
session: &Session{AuthURL: "https://auth.com/jwt?authRequestID=testState&userAgentID=YWdlbnQ"},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := assert.New(t)
|
|
|
|
provider, err := New(
|
|
tt.fields.name,
|
|
tt.fields.issuer,
|
|
tt.fields.jwtEndpoint,
|
|
tt.fields.keysEndpoint,
|
|
tt.fields.headerName,
|
|
tt.fields.encryptionAlg(t),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
session, err := provider.BeginAuth(context.Background(), "testState", tt.args.params...)
|
|
if tt.want.err != nil && !tt.want.err(err) {
|
|
a.Fail("invalid error", err)
|
|
}
|
|
if tt.want.err == nil {
|
|
a.NoError(err)
|
|
a.Equal(tt.want.session.GetAuthURL(), session.GetAuthURL())
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestProvider_Options(t *testing.T) {
|
|
type fields struct {
|
|
name string
|
|
issuer string
|
|
jwtEndpoint string
|
|
keysEndpoint string
|
|
headerName string
|
|
encryptionAlg func(t *testing.T) crypto.EncryptionAlgorithm
|
|
opts []ProviderOpts
|
|
}
|
|
type want struct {
|
|
name string
|
|
linkingAllowed bool
|
|
creationAllowed bool
|
|
autoCreation bool
|
|
autoUpdate bool
|
|
pkce bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
want want
|
|
}{
|
|
{
|
|
name: "default",
|
|
fields: fields{
|
|
name: "jwt",
|
|
issuer: "https://jwt.com",
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
headerName: "jwt-header",
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
},
|
|
opts: nil,
|
|
},
|
|
want: want{
|
|
name: "jwt",
|
|
linkingAllowed: false,
|
|
creationAllowed: false,
|
|
autoCreation: false,
|
|
autoUpdate: false,
|
|
pkce: false,
|
|
},
|
|
},
|
|
{
|
|
name: "all true",
|
|
fields: fields{
|
|
name: "jwt",
|
|
issuer: "https://jwt.com",
|
|
jwtEndpoint: "https://auth.com/jwt",
|
|
keysEndpoint: "https://jwt.com/keys",
|
|
headerName: "jwt-header",
|
|
encryptionAlg: func(t *testing.T) crypto.EncryptionAlgorithm {
|
|
return crypto.CreateMockEncryptionAlg(gomock.NewController(t))
|
|
},
|
|
opts: []ProviderOpts{
|
|
WithLinkingAllowed(),
|
|
WithCreationAllowed(),
|
|
WithAutoCreation(),
|
|
WithAutoUpdate(),
|
|
},
|
|
},
|
|
want: want{
|
|
name: "jwt",
|
|
linkingAllowed: true,
|
|
creationAllowed: true,
|
|
autoCreation: true,
|
|
autoUpdate: true,
|
|
pkce: true,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
a := assert.New(t)
|
|
|
|
provider, err := New(
|
|
tt.fields.name,
|
|
tt.fields.issuer,
|
|
tt.fields.jwtEndpoint,
|
|
tt.fields.keysEndpoint,
|
|
tt.fields.headerName,
|
|
tt.fields.encryptionAlg(t),
|
|
tt.fields.opts...,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
a.Equal(tt.want.name, provider.Name())
|
|
a.Equal(tt.want.linkingAllowed, provider.IsLinkingAllowed())
|
|
a.Equal(tt.want.creationAllowed, provider.IsCreationAllowed())
|
|
a.Equal(tt.want.autoCreation, provider.IsAutoCreation())
|
|
a.Equal(tt.want.autoUpdate, provider.IsAutoUpdate())
|
|
})
|
|
}
|
|
}
|