oauth2_proxy/providers/internal_util_test.go

package providers

import (
	"errors"
	"net/http"
	"net/http/httptest"
	"net/url"
	"testing"

	"github.com/stretchr/testify/assert"
)

type ValidateSessionStateTestProvider struct {
	*ProviderData
}

func (tp *ValidateSessionStateTestProvider) GetEmailAddress(s *SessionState) (string, error) {
	return "", errors.New("not implemented")
}

// Note that we're testing the internal validateToken() used to implement
// several Provider's ValidateSessionState() implementations
func (tp *ValidateSessionStateTestProvider) ValidateSessionState(s *SessionState) bool {
	return false
}

type ValidateSessionStateTest struct {
	backend       *httptest.Server
	response_code int
	provider      *ValidateSessionStateTestProvider
	header        http.Header
}

func NewValidateSessionStateTest() *ValidateSessionStateTest {
	var vt_test ValidateSessionStateTest

	vt_test.backend = httptest.NewServer(
		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			if r.URL.Path != "/oauth/tokeninfo" {
				w.WriteHeader(500)
				w.Write([]byte("unknown URL"))
			}
			token_param := r.FormValue("access_token")
			if token_param == "" {
				missing := false
				received_headers := r.Header
				for k, _ := range vt_test.header {
					received := received_headers.Get(k)
					expected := vt_test.header.Get(k)
					if received == "" || received != expected {
						missing = true
					}
				}
				if missing {
					w.WriteHeader(500)
					w.Write([]byte("no token param and missing or incorrect headers"))
				}
			}
			w.WriteHeader(vt_test.response_code)
			w.Write([]byte("only code matters; contents disregarded"))

		}))
	backend_url, _ := url.Parse(vt_test.backend.URL)
	vt_test.provider = &ValidateSessionStateTestProvider{
		ProviderData: &ProviderData{
			ValidateURL: &url.URL{
				Scheme: "http",
				Host:   backend_url.Host,
				Path:   "/oauth/tokeninfo",
			},
		},
	}
	vt_test.response_code = 200
	return &vt_test
}

func (vt_test *ValidateSessionStateTest) Close() {
	vt_test.backend.Close()
}

func TestValidateSessionStateValidToken(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	defer vt_test.Close()
	assert.Equal(t, true, validateToken(vt_test.provider, "foobar", nil))
}

func TestValidateSessionStateValidTokenWithHeaders(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	defer vt_test.Close()
	vt_test.header = make(http.Header)
	vt_test.header.Set("Authorization", "Bearer foobar")
	assert.Equal(t, true,
		validateToken(vt_test.provider, "foobar", vt_test.header))
}

func TestValidateSessionStateEmptyToken(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	defer vt_test.Close()
	assert.Equal(t, false, validateToken(vt_test.provider, "", nil))
}

func TestValidateSessionStateEmptyValidateURL(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	defer vt_test.Close()
	vt_test.provider.Data().ValidateURL = nil
	assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
}

func TestValidateSessionStateRequestNetworkFailure(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	// Close immediately to simulate a network failure
	vt_test.Close()
	assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
}

func TestValidateSessionStateExpiredToken(t *testing.T) {
	vt_test := NewValidateSessionStateTest()
	defer vt_test.Close()
	vt_test.response_code = 401
	assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))
}

func TestStripTokenNotPresent(t *testing.T) {
	test := "http://local.test/api/test?a=1&b=2"
	assert.Equal(t, test, stripToken(test))
}

func TestStripToken(t *testing.T) {
	test := "http://local.test/api/test?access_token=deadbeef&b=1&c=2"
	expected := "http://local.test/api/test?access_token=dead...&b=1&c=2"
	assert.Equal(t, expected, stripToken(test))
}
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`package providers`

			`import (`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`"errors"`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`"net/http"`
			`"net/http/httptest"`
			`"net/url"`
			`"testing"`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00
Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert 2017-10-23 16:23:46 +00:00			`"github.com/stretchr/testify/assert"`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`)`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`type ValidateSessionStateTestProvider struct {`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`*ProviderData`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func (tp ValidateSessionStateTestProvider) GetEmailAddress(s SessionState) (string, error) {`
			`return "", errors.New("not implemented")`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`}`

			`// Note that we're testing the internal validateToken() used to implement`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`// several Provider's ValidateSessionState() implementations`
			`func (tp ValidateSessionStateTestProvider) ValidateSessionState(s SessionState) bool {`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`return false`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`type ValidateSessionStateTest struct {`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`backend *httptest.Server`
			`response_code int`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`provider *ValidateSessionStateTestProvider`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`header http.Header`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func NewValidateSessionStateTest() *ValidateSessionStateTest {`
			`var vt_test ValidateSessionStateTest`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00
			`vt_test.backend = httptest.NewServer(`
			`http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.URL.Path != "/oauth/tokeninfo" {`
			`w.WriteHeader(500)`
			`w.Write([]byte("unknown URL"))`
			`}`
			`token_param := r.FormValue("access_token")`
			`if token_param == "" {`
			`missing := false`
			`received_headers := r.Header`
			`for k, _ := range vt_test.header {`
			`received := received_headers.Get(k)`
			`expected := vt_test.header.Get(k)`
			`if received == "" \|\| received != expected {`
			`missing = true`
			`}`
			`}`
			`if missing {`
			`w.WriteHeader(500)`
			`w.Write([]byte("no token param and missing or incorrect headers"))`
			`}`
			`}`
			`w.WriteHeader(vt_test.response_code)`
			`w.Write([]byte("only code matters; contents disregarded"))`

			`}))`
			`backend_url, _ := url.Parse(vt_test.backend.URL)`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`vt_test.provider = &ValidateSessionStateTestProvider{`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`ProviderData: &ProviderData{`
*: rename Url to URL everywhere Go coding style says that acronyms should be all lower or all upper. Fix Url to URL. 2015-11-08 23:47:44 +00:00			`ValidateURL: &url.URL{`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`Scheme: "http",`
			`Host: backend_url.Host,`
			`Path: "/oauth/tokeninfo",`
			`},`
			`},`
			`}`
			`vt_test.response_code = 200`
			`return &vt_test`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func (vt_test *ValidateSessionStateTest) Close() {`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`vt_test.backend.Close()`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func TestValidateSessionStateValidToken(t *testing.T) {`
			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`defer vt_test.Close()`
			`assert.Equal(t, true, validateToken(vt_test.provider, "foobar", nil))`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func TestValidateSessionStateValidTokenWithHeaders(t *testing.T) {`
			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`defer vt_test.Close()`
			`vt_test.header = make(http.Header)`
			`vt_test.header.Set("Authorization", "Bearer foobar")`
			`assert.Equal(t, true,`
			`validateToken(vt_test.provider, "foobar", vt_test.header))`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func TestValidateSessionStateEmptyToken(t *testing.T) {`
			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`defer vt_test.Close()`
			`assert.Equal(t, false, validateToken(vt_test.provider, "", nil))`
			`}`

*: rename Url to URL everywhere Go coding style says that acronyms should be all lower or all upper. Fix Url to URL. 2015-11-08 23:47:44 +00:00			`func TestValidateSessionStateEmptyValidateURL(t *testing.T) {`
SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`defer vt_test.Close()`
*: rename Url to URL everywhere Go coding style says that acronyms should be all lower or all upper. Fix Url to URL. 2015-11-08 23:47:44 +00:00			`vt_test.provider.Data().ValidateURL = nil`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func TestValidateSessionStateRequestNetworkFailure(t *testing.T) {`
			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`// Close immediately to simulate a network failure`
			`vt_test.Close()`
			`assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))`
			`}`

SessionState refactoring; improve token renewal and cookie refresh * New SessionState to consolidate email, access token and refresh token * split ServeHttp into individual methods * log on session renewal * log on access token refresh * refactor cookie encription/decription and session state serialization 2015-06-23 11:23:39 +00:00			`func TestValidateSessionStateExpiredToken(t *testing.T) {`
			`vt_test := NewValidateSessionStateTest()`
Move ValidateToken() to Provider 2015-05-13 01:48:13 +00:00			`defer vt_test.Close()`
			`vt_test.response_code = 401`
			`assert.Equal(t, false, validateToken(vt_test.provider, "foobar", nil))`
			`}`
add stripParam and stripToken methods to obfuscate log output 2016-08-03 02:27:50 +00:00
			`func TestStripTokenNotPresent(t *testing.T) {`
			`test := "http://local.test/api/test?a=1&b=2"`
			`assert.Equal(t, test, stripToken(test))`
			`}`

			`func TestStripToken(t *testing.T) {`
			`test := "http://local.test/api/test?access_token=deadbeef&b=1&c=2"`
			`expected := "http://local.test/api/test?access_token=dead...&b=1&c=2"`
			`assert.Equal(t, expected, stripToken(test))`
			`}`