142 lines
7 KiB
Go
142 lines
7 KiB
Go
package kekskurseauth
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestNewAuthWithConfig(t *testing.T) {
|
|
clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"}
|
|
config := AuthConfig{}
|
|
config.TokenEndpoint = "http://localhost/something"
|
|
client, err := NewAuthWithConfig(clientConfig, config)
|
|
assert.Equal(t, nil, err, "should return no error while creating Auth")
|
|
assert.Equal(t, "http://localhost/something", client.authConfig.TokenEndpoint, "should have currect config")
|
|
assert.Equal(t, "abc", client.clientConfig.ClientID, "should have stored currect clientid")
|
|
assert.Equal(t, "def", client.clientConfig.ClientSecret, "should have stored currect client secret")
|
|
}
|
|
|
|
func TestNewAuthWithConfigurationURL(t *testing.T) {
|
|
clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"}
|
|
client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration")
|
|
assert.Nil(t, err, "should create client without any error")
|
|
assert.Equal(t, "https://auth.keks.cloud/application/o/token/", client.authConfig.TokenEndpoint, "token endpoint should match")
|
|
assert.Equal(t, "abc", client.clientConfig.ClientID, "should have stored currect clientid")
|
|
assert.Equal(t, "def", client.clientConfig.ClientSecret, "should have stored currect client secret")
|
|
}
|
|
|
|
func TestGetAuthorizationUrl(t *testing.T) {
|
|
tts := []struct {
|
|
name string
|
|
config AuthConfig
|
|
redirectURL string
|
|
scops []string
|
|
state string
|
|
exptUrl string
|
|
exptError error
|
|
}{
|
|
{
|
|
name: "error-config-has-no-url",
|
|
exptError: ErrCantGetAuthorizationURL,
|
|
},
|
|
{
|
|
name: "plain-url",
|
|
config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
|
|
exptUrl: "http://localhost/something?client_id=abc&response_type=code",
|
|
},
|
|
{
|
|
name: "url-with-redirect-and-state",
|
|
config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
|
|
exptUrl: "http://localhost/something?client_id=abc&redirect_uri=https%3A%2F%2Fexample.com&response_type=code&state=randomStateStringWith%C3%A4and%C3%B6ok",
|
|
redirectURL: "https://example.com",
|
|
state: "randomStateStringWithäandöok",
|
|
},
|
|
{
|
|
name: "url-with-scopes",
|
|
config: AuthConfig{AuthorizationEndpoint: "http://localhost/something"},
|
|
scops: []string{"some", "söäüöäüßcopes"},
|
|
exptUrl: "http://localhost/something?client_id=abc&response_type=code&scope=some%2Bs%C3%B6%C3%A4%C3%BC%C3%B6%C3%A4%C3%BC%C3%9Fcopes",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tts {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
config := ClientConfig{ClientID: "abc", ClientSecret: "def", Scope: tt.scops, RedirectURL: tt.redirectURL}
|
|
|
|
client, err := NewAuthWithConfig(config, tt.config)
|
|
assert.Nil(t, err, "should be able to create client without error")
|
|
|
|
url, err := client.GetAuthorizationURL(tt.state)
|
|
if tt.exptError == nil {
|
|
assert.Nil(t, err, "should get link without error")
|
|
} else {
|
|
assert.ErrorIs(t, err, tt.exptError, "should return right error")
|
|
}
|
|
assert.Equal(t, tt.exptUrl, url, "should return right url")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestUseCodeToGetToken(t *testing.T) {
|
|
tts := []struct {
|
|
name string
|
|
tokenURL string
|
|
token string
|
|
ExptError error
|
|
ExptErrorString string
|
|
ExptAccessToken string
|
|
}{
|
|
{
|
|
name: "token-to-old",
|
|
tokenURL: "http://localhost:8084//token/wrong-code",
|
|
ExptError: ErrWrongResponseFromServer,
|
|
ExptErrorString: "cant get access token from server: The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
|
|
},
|
|
{
|
|
name: "valide-token",
|
|
tokenURL: "http://localhost:8084//token/valide-access-token.json",
|
|
ExptAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M",
|
|
},
|
|
{
|
|
name: "server-retrun-500-error",
|
|
tokenURL: "http://localhost:8084//token/invalide-response",
|
|
ExptError: ErrWrongResponseFromServer,
|
|
ExptErrorString: "cant get access token from server: somethings was really wrong",
|
|
},
|
|
}
|
|
|
|
for _, tt := range tts {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
ClientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def", RedirectURL: "http://localhost/something"}
|
|
AuthConfig := AuthConfig{TokenEndpoint: tt.tokenURL}
|
|
client, err := NewAuthWithConfig(ClientConfig, AuthConfig)
|
|
assert.Nil(t, err, "should be abel to create client without error")
|
|
|
|
token, err := client.GetTokenFromCode("abc")
|
|
if tt.ExptError != nil {
|
|
assert.ErrorIs(t, err, tt.ExptError, "should return right error")
|
|
assert.Equal(t, tt.ExptErrorString, err.Error(), "should return currect error string")
|
|
return
|
|
}
|
|
assert.Nil(t, err, "should be abled to get token without error")
|
|
|
|
assert.Equal(t, tt.ExptAccessToken, token.AccessToken, "should return access token")
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAuthenticLogin(t *testing.T) {
|
|
t.Skip("dev test")
|
|
clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "abc", RedirectURL: "http://localhost/somethingelse"}
|
|
client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration")
|
|
assert.Nil(t, err, "should be able to create client without error")
|
|
url, err := client.GetAuthorizationURL("")
|
|
assert.Nil(t, err, "should be able to create url without error")
|
|
fmt.Println(url)
|
|
|
|
token, err := client.GetTokenFromCode("9aa96340040342e5a7df969834d9e278")
|
|
assert.Nil(t, err, "should be able to get code without error")
|
|
fmt.Println(token)
|
|
}
|