diff options
| author | mo khan <mo@mokhan.ca> | 2025-04-25 11:08:58 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-04-25 11:08:58 -0600 |
| commit | 2b1e14690ea6426a67c0faaaddcfb8aa7360dce7 (patch) | |
| tree | 7f764225e3e3a26bbd7532e72ab99a54e465be92 /app/middleware/id_token_test.go | |
| parent | 0053db0d265af313dd281db5cf1e73236cde30c6 (diff) | |
refactor: move db and mountable to app
Diffstat (limited to 'app/middleware/id_token_test.go')
| -rw-r--r-- | app/middleware/id_token_test.go | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go new file mode 100644 index 0000000..4f26cdf --- /dev/null +++ b/app/middleware/id_token_test.go @@ -0,0 +1,101 @@ +package middleware + +import ( + "context" + "net/http" + "os" + "testing" + "time" + + "github.com/oauth2-proxy/mockoidc" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/x" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/key" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie" + "golang.org/x/oauth2" +) + +func TestIDToken(t *testing.T) { + srv := test.NewOIDCServer(t) + defer srv.Close() + + client := &http.Client{Transport: &web.Transport{Logger: log.New(os.Stdout, log.Fields{})}} + cfg := srv.MockOIDC.Config() + ctx := context.WithValue(t.Context(), oauth2.HTTPClient, client) + openID, err := oidc.New( + ctx, + srv.Issuer(), + cfg.ClientID, + cfg.ClientSecret, + "https://example.com/oauth/callback", + ) + require.NoError(t, err) + + middleware := IDToken(openID) + + t.Run("when an active session cookie is provided", func(t *testing.T) { + t.Run("attaches the token to the request context", func(t *testing.T) { + user := mockoidc.DefaultUser() + + token, rawIDToken := srv.CreateTokensFor(user) + tokens := &oidc.Tokens{Token: token, IDToken: oidc.RawToken(rawIDToken)} + encoded := x.Must(tokens.ToBase64String()) + + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + token := key.IDToken.From(r.Context()) + require.NotNil(t, token) + assert.Equal(t, user.Subject, token.Subject) + + w.WriteHeader(http.StatusTeapot) + })) + + r, w := test.RequestResponse( + "GET", + "/example", + test.WithCookie(cookie.New("session", encoded, time.Now().Add(1*time.Hour))), + ) + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) + }) + + t.Run("when an invalid session cookie is provided", func(t *testing.T) { + t.Run("forwards the request", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + require.Nil(t, key.IDToken.From(r.Context())) + + w.WriteHeader(http.StatusTeapot) + })) + + r, w := test.RequestResponse( + "GET", + "/example", + test.WithCookie(cookie.New("session", "invalid", time.Now().Add(1*time.Hour))), + ) + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) + }) + + t.Run("when no cookies are provided", func(t *testing.T) { + t.Run("forwards the request", func(t *testing.T) { + server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + require.Nil(t, key.IDToken.From(r.Context())) + + w.WriteHeader(http.StatusTeapot) + })) + + r, w := test.RequestResponse("GET", "/example") + server.ServeHTTP(w, r) + + assert.Equal(t, http.StatusTeapot, w.Code) + }) + }) +} |