-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_test.go
144 lines (113 loc) · 6.24 KB
/
auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package ginkeycloak
import (
"net/http"
"net/url"
"testing"
"github.com/jarcoal/httpmock"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/suite"
"github.com/everactive/ginkeycloak/mocks"
)
type AuthTestSuite struct {
suite.Suite
}
const (
expectedClientID = "client-id-123"
expectedClientSecret = "abc-123-def-4567-zxcv-9"
expectedHost = "auth.example.com"
expectedPort = "9000"
expectedScheme = "http"
expectedScope = "this-is-the-required-scope"
expectedTokenIntrospectPath = "/some/path/to/token/introspect/path"
expectedToken = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfeUFpTTc0UmFUZVBjT094QW0wT0Q5b0VyMHR3LXZ5MHhFaHQ3NG10ZmNnIn0.eyJleHAiOjE2NDIwMTYwMDAsImlhdCI6MTY0MjAxNTcwMCwianRpIjoiNDgwOGMzNzktMzI4OC00NzNiLTg3NDUtZjU3YWIzNTczMDI4IiwiaXNzIjoiaHR0cDovLzE5Mi4xNjguNTAuMjEwOjMwODAwL2F1dGgvcmVhbG1zL2RtcyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI5ZDhhYjZmNi0zMzA5LTRiYzUtYjc2My0zYzkyMGEwZWI4ZWYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJtYW5hZ2VtZW50IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWRtcyIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iLCJpZGVudGl0eS1jbGllbnQiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgaWRlbnRpdHktY2xpZW50IGVtYWlsIiwiY2xpZW50SG9zdCI6IjE5Mi4xNjguNTAuMjEwIiwiY2xpZW50SWQiOiJtYW5hZ2VtZW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtbWFuYWdlbWVudCIsImNsaWVudEFkZHJlc3MiOiIxOTIuMTY4LjUwLjIxMCJ9.fUOETo3b7OK8YnaWqnvg60syzuvJceHnfaZ8baFIorbVPcQbzIDkCKRMX5wtYBTIcWi8CwY53T1OI-Mt2TIfHHJb_YiucZz6i88paHP3LBTnY63xPagcMPZVkFohh7QMbjDNF9N52J9XDEjeLy5sbqCIxi2ndtOKJuSXQWahDK9xx_LSjXRYop1Jha05vuL36HigSsvH4dCoe2lTFm_OpgOAaeLxZvRdmV1ufdjeQFLfs7eDbsv3Npbb8o6zZ38A66OXtVW1yASQ64waw-PYox87AhkXUJWnnW4DYFn79f4968XuA2pH7ocDc5WSeEQG1h4E3JSMFpXLR3oyZ4m5qw"
)
func (s *AuthTestSuite) TestAuth_NewWithNoPortOrScheme() {
a := New(expectedClientID, expectedClientSecret, expectedHost, "", "",
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
s.Assert().NotNil(a)
s.Assert().Equal("443", a.port)
s.Assert().Equal("https", a.scheme)
s.Assert().Equal(expectedClientID, a.clientID)
s.Assert().Equal(expectedClientSecret, a.clientSecret)
s.Assert().Equal(expectedHost, a.host)
s.Assert().Equal(expectedScope, a.scope)
s.Assert().Equal(expectedTokenIntrospectPath, a.tokenIntrospectPath)
s.Assert().Equal(logrus.StandardLogger(), a.log)
}
func (s *AuthTestSuite) TestAuth_NewWithPortAndScheme() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
s.Assert().NotNil(a)
s.Assert().Equal(expectedPort, a.port)
s.Assert().Equal(expectedScheme, a.scheme)
s.Assert().Equal(expectedClientID, a.clientID)
s.Assert().Equal(expectedClientSecret, a.clientSecret)
s.Assert().Equal(expectedHost, a.host)
s.Assert().Equal(expectedScope, a.scope)
s.Assert().Equal(expectedTokenIntrospectPath, a.tokenIntrospectPath)
s.Assert().Equal(logrus.StandardLogger(), a.log)
}
func (s *AuthTestSuite) TestAuth_GetRawTokenWrongLength() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
token, err := a.getRawToken("Bearer 123-456-789 extra-token-bit")
s.Assert().Equal("", token)
s.Assert().NotNil(err)
s.Assert().Equal(errorAuthHeaderIncorrectOrInvalid, err)
}
func (s *AuthTestSuite) TestAuth_GetRawTokenWrongFirstToken() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
token, err := a.getRawToken("Apple 123-456-789")
s.Assert().Equal("", token)
s.Assert().NotNil(err)
s.Assert().Equal(errorAuthHeaderIncorrectOrInvalid, err)
}
func (s *AuthTestSuite) TestAuth_GetRawToken() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
token, err := a.getRawToken("Bearer " + expectedToken)
s.Assert().Equal(expectedToken, token)
s.Assert().Nil(err)
}
func (s *AuthTestSuite) TestAuth_ValidToken() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
mockedRequestContext := mocks.RequestContext{}
mockedRequestContext.On("GetHeader", "Authorization").Return("Bearer " + expectedToken)
mockedRequestContext.On("Next").Return()
httpmock.ActivateNonDefault(a.restyClient.GetClient())
defer httpmock.DeactivateAndReset()
urlVar := url.URL{
Scheme: a.scheme,
Host: expectedHost + ":" + expectedPort,
Path: a.tokenIntrospectPath,
}
httpmock.RegisterResponder("POST", urlVar.String(),
httpmock.NewStringResponder(200, `{ "active": true, "scope": "`+expectedScope+`", "clientId": "`+expectedClientID+`" }`))
a.handleFuncInternal(&mockedRequestContext)
// As long as Next is called on our RequestContext the auth check succeeded (as expected)
mockedRequestContext.AssertExpectations(s.T())
}
func (s *AuthTestSuite) TestAuth_InactiveOrInvalidToken() {
a := New(expectedClientID, expectedClientSecret, expectedHost, expectedPort, expectedScheme,
expectedScope, expectedTokenIntrospectPath, logrus.StandardLogger())
mockedRequestContext := mocks.RequestContext{}
mockedRequestContext.On("GetHeader", "Authorization").Return("Bearer " + expectedToken)
mockedRequestContext.On("AbortWithStatusJSON", http.StatusInternalServerError, ginUnknownErrorReturn)
httpmock.ActivateNonDefault(a.restyClient.GetClient())
defer httpmock.DeactivateAndReset()
urlVar := url.URL{
Scheme: a.scheme,
Host: expectedHost + ":" + expectedPort,
Path: a.tokenIntrospectPath,
}
httpmock.RegisterResponder("POST", urlVar.String(),
httpmock.NewStringResponder(200, `{ "active": false }`))
a.handleFuncInternal(&mockedRequestContext)
// As long as AbortWithStatusJSON is called on our RequestContext the auth check failed (as expected)
mockedRequestContext.AssertExpectations(s.T())
}
func TestAuthTestSuite(t *testing.T) {
suite.Run(t, new(AuthTestSuite))
}