2 files changed, 76 insertions, 6 deletions
diff --git a/pkg/web/middleware/unpack_token_test.go b/pkg/web/middleware/unpack_token_test.go
index 285c8a9..9a34a35 100644
--- a/pkg/web/middleware/unpack_token_test.go
+++ b/pkg/web/middleware/unpack_token_test.go
@@ -3,36 +3,73 @@ package middleware
 import (
 	"context"
 	"net/http"
+	"os"
 	"testing"
 	"time"
 
+	"github.com/oauth2-proxy/mockoidc"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/xlgmokha/x/pkg/log"
 	"github.com/xlgmokha/x/pkg/x"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie"
+	"golang.org/x/oauth2"
 )
 
 func TestUnpackToken(t *testing.T) {
-	t.Skip()
-	srv := test.OIDCServer()
-	defer srv.Close()
+	srv, err := mockoidc.Run()
+	require.NoError(t, err)
+
+	srv.AddMiddleware(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			t.Logf("%v %v %v\n", r.Method, r.URL.Path, r.URL.Query())
+			next.ServeHTTP(w, r)
+		})
+	})
 
-	openID, err := oidc.New(context.Background(), srv.URL, "client_id", "client_secret", "https://example.com/oauth/callback")
+	defer srv.Shutdown()
+
+	client := &http.Client{Transport: &web.Transport{Logger: log.New(os.Stdout, log.Fields{})}}
+	cfg := srv.Config()
+	ctx := context.WithValue(t.Context(), oauth2.HTTPClient, client)
+	openID, err := oidc.New(
+		ctx,
+		srv.Issuer(),
+		cfg.ClientID,
+		cfg.ClientSecret,
+		"https://example.com/oauth/callback",
+	)
 	require.NoError(t, err)
 
 	middleware := UnpackToken(openID)
 
 	t.Run("when an active session cookie is provided", func(t *testing.T) {
 		t.Run("attaches the token to the request context", func(t *testing.T) {
-			tokens := &oidc.Tokens{IDToken: "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"}
+			user := mockoidc.DefaultUser()
+			code := "12345"
+			srv.QueueUser(user)
+			srv.QueueCode(code)
+
+			url := openID.Config.AuthCodeURL("state")
+			response, err := client.Get(url)
+			require.NoError(t, err)
+			t.Logf("%v\n", response)
+
+			token, err := openID.Config.Exchange(ctx, code)
+			require.NoError(t, err)
+			rawIDToken, ok := token.Extra("id_token").(string)
+			require.True(t, ok)
+
+			tokens := &oidc.Tokens{Token: token, IDToken: rawIDToken}
 			encoded := x.Must(tokens.ToBase64String())
 
 			server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				token := oidc.IDTokenKey.From(r.Context())
 				require.NotNil(t, token)
-				assert.Equal(t, "root", token.Issuer)
+				assert.Equal(t, user.Subject, token.Subject)
 
 				w.WriteHeader(http.StatusTeapot)
 			}))
diff --git a/pkg/web/transport.go b/pkg/web/transport.go
new file mode 100644
index 0000000..b8d728a
--- /dev/null
+++ b/pkg/web/transport.go
@@ -0,0 +1,33 @@
+package web
+
+import (
+	"net/http"
+
+	"github.com/rs/zerolog"
+	"github.com/xlgmokha/x/pkg/log"
+	"github.com/xlgmokha/x/pkg/mapper"
+)
+
+type Transport struct {
+	Logger *zerolog.Logger
+}
+
+func (r *Transport) RoundTrip(request *http.Request) (*http.Response, error) {
+	ctx := r.Logger.WithContext(request.Context())
+
+	defer func() {
+		log.WithFields(ctx, mapper.MapFrom[*http.Request, log.Fields](request))
+		zerolog.Ctx(ctx).Print()
+	}()
+
+	response, err := http.DefaultTransport.RoundTrip(request)
+	if err != nil {
+		r.Logger.Err(err)
+		return response, err
+	}
+
+	log.WithFields(ctx, log.Fields{
+		"status_code": response.StatusCode,
+	})
+	return response, nil
+}