refactor: rename middleware

author: mo khan <mo@mokhan.ca> 2025-04-21 12:17:58 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-21 12:17:58 -0600
commit: cb4144edda6d64cd0f3defdadfdbec57de28c27e (patch)
tree: 385a01739ee00e17b1fa42f1cfaba56d1d70a757 /pkg/web/middleware/id_token_test.go
parent: ffd47fe8d481e0f5b9f891dcb5636a4028d20c58 (diff)
1 files changed, 101 insertions, 0 deletions
diff --git a/pkg/web/middleware/id_token_test.go b/pkg/web/middleware/id_token_test.go
new file mode 100644
index 0000000..4f26cdf
--- /dev/null
+++ b/pkg/web/middleware/id_token_test.go
@@ -0,0 +1,101 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/oauth2-proxy/mockoidc"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/xlgmokha/x/pkg/log"
+	"github.com/xlgmokha/x/pkg/x"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/key"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie"
+	"golang.org/x/oauth2"
+)
+
+func TestIDToken(t *testing.T) {
+	srv := test.NewOIDCServer(t)
+	defer srv.Close()
+
+	client := &http.Client{Transport: &web.Transport{Logger: log.New(os.Stdout, log.Fields{})}}
+	cfg := srv.MockOIDC.Config()
+	ctx := context.WithValue(t.Context(), oauth2.HTTPClient, client)
+	openID, err := oidc.New(
+		ctx,
+		srv.Issuer(),
+		cfg.ClientID,
+		cfg.ClientSecret,
+		"https://example.com/oauth/callback",
+	)
+	require.NoError(t, err)
+
+	middleware := IDToken(openID)
+
+	t.Run("when an active session cookie is provided", func(t *testing.T) {
+		t.Run("attaches the token to the request context", func(t *testing.T) {
+			user := mockoidc.DefaultUser()
+
+			token, rawIDToken := srv.CreateTokensFor(user)
+			tokens := &oidc.Tokens{Token: token, IDToken: oidc.RawToken(rawIDToken)}
+			encoded := x.Must(tokens.ToBase64String())
+
+			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				token := key.IDToken.From(r.Context())
+				require.NotNil(t, token)
+				assert.Equal(t, user.Subject, token.Subject)
+
+				w.WriteHeader(http.StatusTeapot)
+			}))
+
+			r, w := test.RequestResponse(
+				"GET",
+				"/example",
+				test.WithCookie(cookie.New("session", encoded, time.Now().Add(1*time.Hour))),
+			)
+			server.ServeHTTP(w, r)
+
+			assert.Equal(t, http.StatusTeapot, w.Code)
+		})
+	})
+
+	t.Run("when an invalid session cookie is provided", func(t *testing.T) {
+		t.Run("forwards the request", func(t *testing.T) {
+			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				require.Nil(t, key.IDToken.From(r.Context()))
+
+				w.WriteHeader(http.StatusTeapot)
+			}))
+
+			r, w := test.RequestResponse(
+				"GET",
+				"/example",
+				test.WithCookie(cookie.New("session", "invalid", time.Now().Add(1*time.Hour))),
+			)
+			server.ServeHTTP(w, r)
+
+			assert.Equal(t, http.StatusTeapot, w.Code)
+		})
+	})
+
+	t.Run("when no cookies are provided", func(t *testing.T) {
+		t.Run("forwards the request", func(t *testing.T) {
+			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				require.Nil(t, key.IDToken.From(r.Context()))
+
+				w.WriteHeader(http.StatusTeapot)
+			}))
+
+			r, w := test.RequestResponse("GET", "/example")
+			server.ServeHTTP(w, r)
+
+			assert.Equal(t, http.StatusTeapot, w.Code)
+		})
+	})
+}
author	mo khan <mo@mokhan.ca>	2025-04-21 12:17:58 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-21 12:17:58 -0600
commit	cb4144edda6d64cd0f3defdadfdbec57de28c27e (patch)
tree	385a01739ee00e17b1fa42f1cfaba56d1d70a757 /pkg/web/middleware/id_token_test.go
parent	ffd47fe8d481e0f5b9f891dcb5636a4028d20c58 (diff)