package auth import ( "fmt" "testing" "github.com/stretchr/testify/assert" ) func TestNewAuthWithConfig(t *testing.T) { clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"} config := AuthConfig{} config.TokenEndpoint = "http://localhost/something" client, err := NewAuthWithConfig(clientConfig, config) assert.Equal(t, nil, err, "should return no error while creating Auth") assert.Equal(t, "http://localhost/something", client.authConfig.TokenEndpoint, "should have currect config") assert.Equal(t, "abc", client.clientConfig.ClientID, "should have stored currect clientid") assert.Equal(t, "def", client.clientConfig.ClientSecret, "should have stored currect client secret") } func TestNewAuthWithConfigurationURL(t *testing.T) { clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"} client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration") assert.Nil(t, err, "should create client without any error") assert.Equal(t, "https://auth.keks.cloud/application/o/token/", client.authConfig.TokenEndpoint, "token endpoint should match") assert.Equal(t, "abc", client.clientConfig.ClientID, "should have stored currect clientid") assert.Equal(t, "def", client.clientConfig.ClientSecret, "should have stored currect client secret") } func TestGetAuthorizationUrl(t *testing.T) { tts := []struct { name string config AuthConfig redirectURL string scops []string state string exptUrl string exptError error }{ { name: "error-config-has-no-url", exptError: ErrCantGetAuthorizationURL, }, { name: "plain-url", config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"}, exptUrl: "http://localhost/something?client_id=abc&response_type=code", }, { name: "url-with-redirect-and-state", config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"}, exptUrl: "http://localhost/something?client_id=abc&redirect_uri=https%3A%2F%2Fexample.com&response_type=code&state=randomStateStringWith%C3%A4and%C3%B6ok", redirectURL: "https://example.com", state: "randomStateStringWithäandöok", }, { name: "url-with-scopes", config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"}, scops: []string{"some", "söäüöäüßcopes"}, exptUrl: "http://localhost/something?client_id=abc&response_type=code&scope=some%2Bs%C3%B6%C3%A4%C3%BC%C3%B6%C3%A4%C3%BC%C3%9Fcopes", }, } for _, tt := range tts { t.Run(tt.name, func(t *testing.T) { config := ClientConfig{ClientID: "abc", ClientSecret: "def", Scope: tt.scops, RedirectURL: tt.redirectURL} client, err := NewAuthWithConfig(config, tt.config) assert.Nil(t, err, "should be able to create client without error") url, err := client.GetAuthorizationURL(tt.state) if tt.exptError == nil { assert.Nil(t, err, "should get link without error") } else { assert.ErrorIs(t, err, tt.exptError, "should return right error") } assert.Equal(t, tt.exptUrl, url, "should return right url") }) } } func TestUseCodeToGetToken(t *testing.T) { tts := []struct { name string tokenURL string token string ExptError error ExptErrorString string ExptAccessToken string }{ { name: "token-to-old", tokenURL: "http://localhost:8084//token/wrong-code", ExptError: ErrWrongResponseFromServer, ExptErrorString: "cant get access token from server: The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client", }, { name: "valide-token", tokenURL: "http://localhost:8084//token/valide-access-token.json", ExptAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M", }, { name: "server-retrun-500-error", tokenURL: "http://localhost:8084//token/invalide-response", ExptError: ErrWrongResponseFromServer, ExptErrorString: "cant get access token from server: somethings was really wrong", }, } for _, tt := range tts { t.Run(tt.name, func(t *testing.T) { ClientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def", RedirectURL: "http://localhost/something"} AuthConfig := AuthConfig{TokenEndpoint: tt.tokenURL} client, err := NewAuthWithConfig(ClientConfig, AuthConfig) assert.Nil(t, err, "should be abel to create client without error") token, err := client.GetTokenFromCode("abc") if tt.ExptError != nil { assert.ErrorIs(t, err, tt.ExptError, "should return right error") assert.Equal(t, tt.ExptErrorString, err.Error(), "should return currect error string") return } assert.Nil(t, err, "should be abled to get token without error") assert.Equal(t, tt.ExptAccessToken, token.AccessToken, "should return access token") }) } } func TestGetUserInfo(t *testing.T) { tts := []struct { name string accessToken string userInfoUrl string exptError error exptErrorMsg string exptUsername string exptNickname string }{ { name: "token-invalide", accessToken: "abc", userInfoUrl: "http://localhost:8084/userinfo/authentik-success.json", exptUsername: "exampleusername", exptNickname: "mynickname", }, { name: "token-invalide", accessToken: "abc", userInfoUrl: "http://localhost:8084/userinfo/authentik-error.json", exptErrorMsg: "cant get user info: server response with nuon 200 status code (400)", exptError: ErrCantGetUserInfo, }, } for _, tt := range tts { t.Run(tt.name, func(t *testing.T) { ClientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def", RedirectURL: "http://localhost/something"} AuthConfig := AuthConfig{UserinfoEndpoint: tt.userInfoUrl} client, err := NewAuthWithConfig(ClientConfig, AuthConfig) assert.Nil(t, err, "should be abel to create client without error") u := AuthentikUser{} err = client.GetUserInfo(tt.accessToken, &u) assert.ErrorIs(t, err, tt.exptError, "should return right error") if tt.exptErrorMsg != "" { assert.Equal(t, tt.exptErrorMsg, err.Error(), "should return right error string") } assert.Equal(t, tt.exptUsername, u.PreferredUsername, "should have right user") assert.Equal(t, tt.exptNickname, u.Nickname, "should have right nickname") }) } } func TestAuthenticLogin(t *testing.T) { t.Skip("dev") clientConfig := ClientConfig{ClientID: "hTqEFr0CyS3XVWYC0folnZlU34JdjpRQmjpyhrQR", ClientSecret: "T6CcDWGWMshSLYbRCJ6yfYEphAVUEeeDii9k9o8uECY2ZRPovf2gPiC486W1DSKxIvOcyk2Y0iorBZRO4sbjNEvkfhbMYuEJAKAUk7mD3C7SPAb1MHl79PcZdMn2rdrp", RedirectURL: "http://localhost/somethingelse"} client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration") assert.Nil(t, err, "should be able to create client without error") url, err := client.GetAuthorizationURL("") assert.Nil(t, err, "should be able to create url without error") fmt.Println(url) token, err := client.GetTokenFromCode("0126cbf9d9034fdfbc7b03cff191dc5d") assert.Nil(t, err, "should be able to get code without error") fmt.Println(token.AccessToken) u := User{} client.GetUserInfo("eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYzMDY3MjgsImlhdCI6MTcyNjMwNjQyOCwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoiazhVUkFXdmpoNnlCSUdIN1JNUWNXZXpVZmF1OWFQRHZGa2tRVXd0SiJ9.il3HHGcVXL260sx1D9D8zvoSF7aIqbBKQVllTs7Giqej_3PBdFID9LQFRt9i0-izTw0M3RVnJ19xLNUZVSXyaRq1CPhuqUxA0fM3DJXfOxesD6pfhW9P92-U8fj_M4VxUwl_XAuWRB_5ynBii5HL4cdia89v4KyY2gohRUoUGvMLMN3qCT1WvS8RPQ--3MsHBi322C2NaPd2QX1TNXnYSaKRT0OQTUDRUopsp7R0KSNppngU813x9oiKL62UxGJ5ZRZ3OPTv0S_rV3Y9Ql9z8nmgcEW5ohckLFiTcb9v1HVr8XoKTU63g0REBkA3ZGh1RNDC99m0P3D_bDqni-fT3rSOOEW2x9gUOjX2SjKv2p4gRU9iHYSO1SCPk68ICTyogtwtHlM7IgGqdwoz10hGijkrOtq6cwWRwWZx6qYRV6TtEwbkEubKeanXOIF_eipUiemc5A-0xFKKC4BTJHrMVXWhKLZoPHYaog8MBMxzm8Hrf4cjfqCfFt1504J2ywUTHERRFr3031QNtICAjOYqrD59KcnCNdU0KztHa0trDfypkk-X_0Cxe0kG2CZX0fc21fQFBLewoTZ1FkOglMu6Yj_Wn7AjtBFQ1dGeWbxi6UJh0B9o2AiSrrOy392D5OTlwvD_Zmy-1c4Ijq5lDd7RbBhEr-pA7Eaz4PagyoAUCnk", &u) }