diff options
| author | mo khan <mo@mokhan.ca> | 2025-04-28 17:15:29 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-04-28 17:15:29 -0600 |
| commit | 01eea6aa24b4754b6e81b3396980d713759d6370 (patch) | |
| tree | e4c64e28aa7a2c5d5d5110173489e47dbccdbf73 | |
| parent | 519400fa417fb6becb14654011ad15b9f5e5fa7c (diff) | |
test: add unit tests for the service
| -rw-r--r-- | app/controllers/sessions/service_test.go | 87 |
1 files changed, 86 insertions, 1 deletions
diff --git a/app/controllers/sessions/service_test.go b/app/controllers/sessions/service_test.go index 5f270f0..f85c9be 100644 --- a/app/controllers/sessions/service_test.go +++ b/app/controllers/sessions/service_test.go @@ -1,9 +1,94 @@ package sessions -import "testing" +import ( + "net/http" + "testing" + "time" + + "github.com/oauth2-proxy/mockoidc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" +) func TestService(t *testing.T) { + srv := test.NewOIDCServer(t) + defer srv.Close() + + clientID := srv.MockOIDC.Config().ClientID + clientSecret := srv.MockOIDC.Config().ClientSecret + cfg, err := oidc.New( + t.Context(), + srv.Issuer(), + clientID, + clientSecret, + "/session/callback", + ) + require.NoError(t, err) + svc := NewService(cfg, http.DefaultClient) + t.Run("Exchange", func(t *testing.T) { + t.Run("when the csrf token is missing", func(t *testing.T) { + r := test.Request("GET", "/session/callback") + tokens, err := svc.Exchange(r) + + require.Error(t, err) + assert.Nil(t, tokens) + }) + + t.Run("when the csrf token is invalid", func(t *testing.T) { + user := mockoidc.DefaultUser() + code := srv.CreateAuthorizationCodeFor(user) + nonce := pls.GenerateRandomHex(32) + + r := test.Request( + "GET", + "/session/callback?code="+code+"&state=invalid", + test.WithCookie(cookie.New("oauth_state", nonce, time.Now().Add(10*time.Minute))), + ) + tokens, err := svc.Exchange(r) + + require.Error(t, err) + assert.Nil(t, tokens) + }) + + t.Run("with an invalid authorization code grant", func(t *testing.T) { + nonce := pls.GenerateRandomHex(32) + + r := test.Request( + "GET", "/session/callback?code=invalid", + test.WithCookie(cookie.New("oauth_state", nonce, time.Now().Add(10*time.Minute))), + ) + + tokens, err := svc.Exchange(r) + + require.Error(t, err) + assert.Nil(t, tokens) + }) + + t.Run("with a valid grant", func(t *testing.T) { + user := mockoidc.DefaultUser() + code := srv.CreateAuthorizationCodeFor(user) + nonce := pls.GenerateRandomHex(32) + + r := test.Request( + "GET", + "/session/callback?code="+code+"&state="+nonce, + test.WithCookie(cookie.New("oauth_state", nonce, time.Now().Add(10*time.Minute))), + ) + + tokens, err := svc.Exchange(r) + require.NoError(t, err) + assert.NotNil(t, tokens) + assert.NotEmpty(t, tokens.AccessToken) + assert.NotEmpty(t, tokens.Expiry) + assert.NotEmpty(t, tokens.TokenType) + assert.NotEmpty(t, tokens.RefreshToken) + assert.NotEmpty(t, tokens.IDToken) + }) }) } |