This repository was archived by the owner on Apr 13, 2025. It is now read-only.
forked from oauth2-proxy/oauth2-proxy
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinternal_util_test.go
144 lines (124 loc) · 3.98 KB
/
internal_util_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package providers
import (
"context"
"errors"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/stretchr/testify/assert"
)
func updateURL(url *url.URL, hostname string) {
if url == nil {
return
}
url.Scheme = "http"
url.Host = hostname
}
type ValidateSessionTestProvider struct {
*ProviderData
}
var _ Provider = (*ValidateSessionTestProvider)(nil)
func (tp *ValidateSessionTestProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
return "", errors.New("not implemented")
}
// Note that we're testing the internal validateToken() used to implement
// several Provider's ValidateSession() implementations
func (tp *ValidateSessionTestProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
return false
}
type ValidateSessionStateTest struct {
backend *httptest.Server
responseCode int
provider *ValidateSessionTestProvider
header http.Header
}
func NewValidateSessionTest() *ValidateSessionStateTest {
var vtTest ValidateSessionStateTest
vtTest.backend = httptest.NewServer(
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path != "/oauth/tokeninfo" {
w.WriteHeader(500)
w.Write([]byte("unknown URL"))
}
tokenParam := r.FormValue("access_token")
if tokenParam == "" {
missing := false
receivedHeaders := r.Header
for k := range vtTest.header {
received := receivedHeaders.Get(k)
expected := vtTest.header.Get(k)
if received == "" || received != expected {
missing = true
}
}
if missing {
w.WriteHeader(500)
w.Write([]byte("no token param and missing or incorrect headers"))
}
}
w.WriteHeader(vtTest.responseCode)
w.Write([]byte("only code matters; contents disregarded"))
}))
backendURL, _ := url.Parse(vtTest.backend.URL)
vtTest.provider = &ValidateSessionTestProvider{
ProviderData: &ProviderData{
ValidateURL: &url.URL{
Scheme: "http",
Host: backendURL.Host,
Path: "/oauth/tokeninfo",
},
},
}
vtTest.responseCode = 200
return &vtTest
}
func (vtTest *ValidateSessionStateTest) Close() {
vtTest.backend.Close()
}
func TestValidateSessionValidToken(t *testing.T) {
vtTest := NewValidateSessionTest()
defer vtTest.Close()
assert.Equal(t, true, validateToken(context.Background(), vtTest.provider, "foobar", nil))
}
func TestValidateSessionValidTokenWithHeaders(t *testing.T) {
vtTest := NewValidateSessionTest()
defer vtTest.Close()
vtTest.header = make(http.Header)
vtTest.header.Set("Authorization", "Bearer foobar")
assert.Equal(t, true,
validateToken(context.Background(), vtTest.provider, "foobar", vtTest.header))
}
func TestValidateSessionEmptyToken(t *testing.T) {
vtTest := NewValidateSessionTest()
defer vtTest.Close()
assert.Equal(t, false, validateToken(context.Background(), vtTest.provider, "", nil))
}
func TestValidateSessionEmptyValidateURL(t *testing.T) {
vtTest := NewValidateSessionTest()
defer vtTest.Close()
vtTest.provider.Data().ValidateURL = nil
assert.Equal(t, false, validateToken(context.Background(), vtTest.provider, "foobar", nil))
}
func TestValidateSessionRequestNetworkFailure(t *testing.T) {
vtTest := NewValidateSessionTest()
// Close immediately to simulate a network failure
vtTest.Close()
assert.Equal(t, false, validateToken(context.Background(), vtTest.provider, "foobar", nil))
}
func TestValidateSessionExpiredToken(t *testing.T) {
vtTest := NewValidateSessionTest()
defer vtTest.Close()
vtTest.responseCode = 401
assert.Equal(t, false, validateToken(context.Background(), vtTest.provider, "foobar", nil))
}
func TestStripTokenNotPresent(t *testing.T) {
test := "http://local.test/api/test?a=1&b=2"
assert.Equal(t, test, stripToken(test))
}
func TestStripToken(t *testing.T) {
test := "http://local.test/api/test?access_token=deadbeef&b=1&c=2"
expected := "http://local.test/api/test?access_token=dead...&b=1&c=2"
assert.Equal(t, expected, stripToken(test))
}