Merge branch 'envoy-jwt-authn' into 'main'

Add External Authorization Service with Envoy Integration

See merge request gitlab-org/software-supply-chain-security/authorization/sparkled!9

1 files changed, 25 insertions, 8 deletions

diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go
index aed3582..7653684 100644
--- a/app/middleware/user_test.go
+++ b/app/middleware/user_test.go
@@ -61,16 +61,33 @@ func TestUser(t *testing.T) {
 	})
 
 	t.Run("when ID Token is not provided", func(t *testing.T) {
-		server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			user := cfg.CurrentUser.From(r.Context())
-			require.Nil(t, user)
+		t.Run("without custom headers", func(t *testing.T) {
+			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				user := cfg.CurrentUser.From(r.Context())
+				require.Nil(t, user)
+
+				w.WriteHeader(http.StatusTeapot)
+			}))
 
-			w.WriteHeader(http.StatusTeapot)
-		}))
+			r, w := test.RequestResponse("GET", "/example")
+			server.ServeHTTP(w, r)
 
-		r, w := test.RequestResponse("GET", "/example")
-		server.ServeHTTP(w, r)
+			assert.Equal(t, http.StatusTeapot, w.Code)
+		})
 
-		assert.Equal(t, http.StatusTeapot, w.Code)
+		t.Run("with x-jwt-claim-sub header", func(t *testing.T) {
+			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				user := cfg.CurrentUser.From(r.Context())
+				require.NotNil(t, user)
+				require.Equal(t, knownUser.ID, user.ID)
+
+				w.WriteHeader(http.StatusTeapot)
+			}))
+
+			r, w := test.RequestResponse("GET", "/example", test.WithRequestHeader("x-jwt-claim-sub", knownUser.ID.String()))
+			server.ServeHTTP(w, r)
+
+			assert.Equal(t, http.StatusTeapot, w.Code)
+		})
 	})
 }