1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
package middleware
import (
"net/http"
"testing"
xoidc "github.com/coreos/go-oidc/v3/oidc"
"github.com/oauth2-proxy/mockoidc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/xlgmokha/x/pkg/test"
xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
"golang.org/x/oauth2"
)
func TestIDToken(t *testing.T) {
srv := oidc.NewTestServer(t)
defer srv.Close()
config := &oauth2.Config{
ClientID: srv.MockOIDC.ClientID,
ClientSecret: srv.MockOIDC.ClientSecret,
RedirectURL: "https://example.com/oauth/callback",
Endpoint: srv.Provider.Endpoint(),
Scopes: []string{xoidc.ScopeOpenID, "profile", "email"},
}
openID := oidc.New(srv.Provider, config)
middleware := IDToken(openID, IDTokenFromSessionCookie)
t.Run("when an active session cookie is provided", func(t *testing.T) {
t.Run("attaches the token to the request context", func(t *testing.T) {
user := mockoidc.DefaultUser()
_, rawIDToken := srv.CreateTokensFor(user)
server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
token := xcfg.IDToken.From(r.Context())
require.NotNil(t, token)
assert.Equal(t, user.Subject, token.Subject)
w.WriteHeader(http.StatusTeapot)
}))
r, w := test.RequestResponse(
"GET",
"/example",
test.WithCookie(web.NewCookie(xcfg.IDTokenCookie, rawIDToken)),
)
server.ServeHTTP(w, r)
assert.Equal(t, http.StatusTeapot, w.Code)
})
})
t.Run("when an invalid session cookie is provided", func(t *testing.T) {
t.Run("forwards the request", func(t *testing.T) {
server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
require.Nil(t, xcfg.IDToken.From(r.Context()))
w.WriteHeader(http.StatusTeapot)
}))
r, w := test.RequestResponse(
"GET",
"/example",
test.WithCookie(web.NewCookie(xcfg.IDTokenCookie, "invalid")),
)
server.ServeHTTP(w, r)
assert.Equal(t, http.StatusTeapot, w.Code)
})
})
t.Run("when no cookies are provided", func(t *testing.T) {
t.Run("forwards the request", func(t *testing.T) {
server := middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
require.Nil(t, xcfg.IDToken.From(r.Context()))
w.WriteHeader(http.StatusTeapot)
}))
r, w := test.RequestResponse("GET", "/example")
server.ServeHTTP(w, r)
assert.Equal(t, http.StatusTeapot, w.Code)
})
})
}
|
