Add tests for OIDC

2021-12-31 20:07:19 -05:00
parent 9f8f7bb45e
commit dd5e3ee7ee
10 changed files with 207 additions and 107 deletions
--- a/security/oidc_test.go
+++ b/security/oidc_test.go
@ -0,0 +1,70 @@
+package security
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+)
+
+func TestOIDCConfig_isValid(t *testing.T) {
+	c := &OIDCConfig{
+		IssuerURL:       "https://sso.gatus.io/",
+		RedirectURL:     "http://localhost:80/authorization-code/callback",
+		ClientID:        "client-id",
+		ClientSecret:    "client-secret",
+		Scopes:          []string{"openid"},
+		AllowedSubjects: []string{"user1@example.com"},
+	}
+	if !c.isValid() {
+		t.Error("OIDCConfig should be valid")
+	}
+}
+
+func TestOIDCConfig_callbackHandler(t *testing.T) {
+	c := &OIDCConfig{
+		IssuerURL:       "https://sso.gatus.io/",
+		RedirectURL:     "http://localhost:80/authorization-code/callback",
+		ClientID:        "client-id",
+		ClientSecret:    "client-secret",
+		Scopes:          []string{"openid"},
+		AllowedSubjects: []string{"user1@example.com"},
+	}
+	if err := c.initialize(); err != nil {
+		t.Fatal("expected no error, but got", err)
+	}
+	// Try with no state cookie
+	request, _ := http.NewRequest("GET", "/authorization-code/callback", nil)
+	responseRecorder := httptest.NewRecorder()
+	c.callbackHandler(responseRecorder, request)
+	if responseRecorder.Code != http.StatusBadRequest {
+		t.Error("expected code to be 400, but was", responseRecorder.Code)
+	}
+	// Try with state cookie
+	request, _ = http.NewRequest("GET", "/authorization-code/callback", nil)
+	request.AddCookie(&http.Cookie{Name: cookieNameState, Value: "fake-state"})
+	responseRecorder = httptest.NewRecorder()
+	c.callbackHandler(responseRecorder, request)
+	if responseRecorder.Code != http.StatusBadRequest {
+		t.Error("expected code to be 400, but was", responseRecorder.Code)
+	}
+	// Try with state cookie and state query parameter
+	request, _ = http.NewRequest("GET", "/authorization-code/callback?state=fake-state", nil)
+	request.AddCookie(&http.Cookie{Name: cookieNameState, Value: "fake-state"})
+	responseRecorder = httptest.NewRecorder()
+	c.callbackHandler(responseRecorder, request)
+	// Exchange should fail, so 500.
+	if responseRecorder.Code != http.StatusInternalServerError {
+		t.Error("expected code to be 500, but was", responseRecorder.Code)
+	}
+}
+
+func TestOIDCConfig_setSessionCookie(t *testing.T) {
+	c := &OIDCConfig{}
+	responseRecorder := httptest.NewRecorder()
+	c.setSessionCookie(responseRecorder, &oidc.IDToken{Subject: "test@example.com"})
+	if len(responseRecorder.Result().Cookies()) == 0 {
+		t.Error("expected cookie to be set")
+	}
+}