refactor: parse headers injected by envoy

author: mo khan <mo@mokhan.ca> 2025-05-28 12:14:11 -0600
committer: mo khan <mo@mokhan.ca> 2025-05-28 12:14:11 -0600
commit: 591f293c8bcf464ed62701321d3f27de31ceb621 (patch)
tree: 6b9c8c303f9816a3faf7abb9a75c3c59b6a5808a /app/middleware/user_test.go
parent: f76542bc846bc77e825055a1a6ea7cd0cb178844 (diff)
1 files changed, 27 insertions, 67 deletions
diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go
index 7653684..c5fa7ed 100644
--- a/app/middleware/user_test.go
+++ b/app/middleware/user_test.go
@@ -4,90 +4,50 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/xlgmokha/x/pkg/test"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
-	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
-	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
 )
 
 func TestUser(t *testing.T) {
-	repository := db.NewRepository[*domain.User]()
-	middleware := User(repository)
+	middleware := User()
 
-	knownUser := &domain.User{ID: domain.ID(pls.GenerateULID())}
-	require.NoError(t, repository.Save(t.Context(), knownUser))
+	t.Run("when x-jwt-claim-* headers are not provided", func(t *testing.T) {
+		server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			require.Nil(t, cfg.CurrentUser.From(r.Context()))
 
-	t.Run("when ID Token is provided", func(t *testing.T) {
-		t.Run("when user is known", func(t *testing.T) {
-			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				user := cfg.CurrentUser.From(r.Context())
-				require.NotNil(t, user)
-				assert.Equal(t, knownUser.ID, user.ID)
+			w.WriteHeader(http.StatusTeapot)
+		}))
 
-				w.WriteHeader(http.StatusTeapot)
-			}))
+		r, w := test.RequestResponse("GET", "/example")
+		server.ServeHTTP(w, r)
 
-			ctx := cfg.IDToken.With(t.Context(), &oidc.IDToken{Subject: knownUser.ID.String()})
-
-			r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx))
-			server.ServeHTTP(w, r)
-
-			assert.Equal(t, http.StatusTeapot, w.Code)
-		})
-
-		t.Run("when user is unknown", func(t *testing.T) {
-			unknownID := pls.GenerateULID()
-
-			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				user := cfg.CurrentUser.From(r.Context())
-				require.NotNil(t, user)
-				assert.Equal(t, domain.ID(unknownID), user.ID)
-
-				w.WriteHeader(http.StatusTeapot)
-			}))
-
-			ctx := cfg.IDToken.With(t.Context(), &oidc.IDToken{Subject: unknownID})
-
-			r, w := test.RequestResponse("GET", "/example", test.WithContext(ctx))
-			server.ServeHTTP(w, r)
-
-			assert.Equal(t, http.StatusTeapot, w.Code)
-			require.NotNil(t, repository.Find(t.Context(), domain.ID(unknownID)))
-		})
+		assert.Equal(t, http.StatusTeapot, w.Code)
 	})
 
-	t.Run("when ID Token is not provided", func(t *testing.T) {
-		t.Run("without custom headers", func(t *testing.T) {
-			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				user := cfg.CurrentUser.From(r.Context())
-				require.Nil(t, user)
-
-				w.WriteHeader(http.StatusTeapot)
-			}))
-
-			r, w := test.RequestResponse("GET", "/example")
-			server.ServeHTTP(w, r)
-
-			assert.Equal(t, http.StatusTeapot, w.Code)
-		})
+	t.Run("when x-jwt-claim-* headers are provided", func(t *testing.T) {
+		server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			user := cfg.CurrentUser.From(r.Context())
+			require.NotNil(t, user)
 
-		t.Run("with x-jwt-claim-sub header", func(t *testing.T) {
-			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				user := cfg.CurrentUser.From(r.Context())
-				require.NotNil(t, user)
-				require.Equal(t, knownUser.ID, user.ID)
+			assert.Equal(t, domain.ID("1"), user.ID)
+			assert.Equal(t, "root", user.Username)
+			assert.Equal(t, "https://gitlab.com/tanuki", user.ProfileURL)
+			assert.Equal(t, "https://example.com/profile.png", user.Picture)
 
-				w.WriteHeader(http.StatusTeapot)
-			}))
+			w.WriteHeader(http.StatusTeapot)
+		}))
 
-			r, w := test.RequestResponse("GET", "/example", test.WithRequestHeader("x-jwt-claim-sub", knownUser.ID.String()))
-			server.ServeHTTP(w, r)
+		r, w := test.RequestResponse("GET", "/",
+			test.WithRequestHeader("x-jwt-claim-sub", "1"),
+			test.WithRequestHeader("x-jwt-claim-username", "root"),
+			test.WithRequestHeader("x-jwt-claim-profile-url", "https://gitlab.com/tanuki"),
+			test.WithRequestHeader("x-jwt-claim-picture-url", "https://example.com/profile.png"),
+		)
+		server.ServeHTTP(w, r)
 
-			assert.Equal(t, http.StatusTeapot, w.Code)
-		})
+		assert.Equal(t, http.StatusTeapot, w.Code)
 	})
 }
author	mo khan <mo@mokhan.ca>	2025-05-28 12:14:11 -0600
committer	mo khan <mo@mokhan.ca>	2025-05-28 12:14:11 -0600
commit	591f293c8bcf464ed62701321d3f27de31ceb621 (patch)
tree	6b9c8c303f9816a3faf7abb9a75c3c59b6a5808a /app/middleware/user_test.go
parent	f76542bc846bc77e825055a1a6ea7cd0cb178844 (diff)