diff options
Diffstat (limited to 'pkg/oidc')
| -rw-r--r-- | pkg/oidc/oidc_test.go | 3 | ||||
| -rw-r--r-- | pkg/oidc/test_server.go | 87 |
2 files changed, 88 insertions, 2 deletions
diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go index 3318f18..47a58ba 100644 --- a/pkg/oidc/oidc_test.go +++ b/pkg/oidc/oidc_test.go @@ -6,11 +6,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test" ) func TestOpenID(t *testing.T) { - srv := test.NewOIDCServer(t) + srv := NewTestServer(t) defer srv.Close() t.Run("GET /.well-known/openid-configuration", func(t *testing.T) { diff --git a/pkg/oidc/test_server.go b/pkg/oidc/test_server.go new file mode 100644 index 0000000..5a25549 --- /dev/null +++ b/pkg/oidc/test_server.go @@ -0,0 +1,87 @@ +package oidc + +import ( + "net/http" + "strconv" + "testing" + "time" + + "github.com/coreos/go-oidc/v3/oidc" + "github.com/oauth2-proxy/mockoidc" + "github.com/stretchr/testify/require" + "golang.org/x/oauth2" +) + +type TestServer struct { + *mockoidc.MockOIDC + *oauth2.Config + *oidc.Provider + *testing.T +} + +func NewTestServer(t *testing.T) *TestServer { + srv, err := mockoidc.Run() + require.NoError(t, err) + + srv.AddMiddleware(func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Logf("%v %v %v\n", r.Method, r.URL.Path, r.URL.Query()) + next.ServeHTTP(w, r) + }) + }) + + provider, err := oidc.NewProvider(t.Context(), srv.Issuer()) + require.NoError(t, err) + + config := &oauth2.Config{ + ClientID: srv.Config().ClientID, + ClientSecret: srv.Config().ClientSecret, + RedirectURL: "https://example.com/oauth/callback", + Endpoint: provider.Endpoint(), + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, + } + + return &TestServer{ + srv, + config, + provider, + t, + } +} + +func (srv *TestServer) CreateAuthorizationCodeFor(user mockoidc.User) string { + code := strconv.FormatInt(time.Now().Unix(), 10) + srv.QueueUser(user) + srv.QueueCode(code) + + http.Get(srv.AuthCodeURL("state")) + + return code +} + +func (srv *TestServer) CreateTokenFor(user mockoidc.User) *oauth2.Token { + code := srv.CreateAuthorizationCodeFor(user) + token, err := srv.Exchange(srv.Context(), code) + require.NoError(srv, err) + return token +} + +func (srv *TestServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) { + token := srv.CreateTokenFor(user) + rawIDToken, ok := token.Extra("id_token").(string) + require.True(srv, ok) + return token, rawIDToken +} + +func (srv *TestServer) Verify(rawIDToken string) *oidc.IDToken { + idToken, err := srv. + Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}). + Verify(srv.Context(), rawIDToken) + require.NoError(srv, err) + + return idToken +} + +func (s *TestServer) Close() { + s.Shutdown() +} |