oauth2_proxy/providers/adfs_test.go
2019-07-23 00:22:19 +03:00

92 lines
2.7 KiB
Go

package providers
import (
"encoding/base64"
"encoding/json"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/stretchr/testify/assert"
)
type redeemResponseADFS struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int64 `json:"expires_in"`
IDToken string `json:"id_token"`
}
func newADFSRedeemServer(body []byte) (*url.URL, *httptest.Server) {
s := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
rw.Write(body)
}))
u, _ := url.Parse(s.URL)
return u, s
}
func newADFSProvider() *ADFSProvider {
return NewADFSProvider(
&ProviderData{
ProviderName: "",
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProtectedResource: &url.URL{},
Scope: ""})
}
func TestADFSProviderDefaults(t *testing.T) {
p := newADFSProvider()
assert.NotEqual(t, nil, p)
assert.Equal(t, "ADFS", p.Data().ProviderName)
assert.Equal(t, "", p.Data().LoginURL.String())
assert.Equal(t, "", p.Data().RedeemURL.String())
assert.Equal(t, "", p.Data().ProtectedResource.String())
assert.Equal(t, "openid", p.Data().Scope)
}
func TestADFSProviderGetEmailAddressAndUpn(t *testing.T) {
p := newADFSProvider()
body, err := json.Marshal(redeemResponseADFS{
AccessToken: "test12345",
ExpiresIn: 10,
RefreshToken: "refreshtest12345",
IDToken: "jwt header." + base64.URLEncoding.EncodeToString([]byte(`{"upn": "m_fedotov@gmail.com", "email": "m_fedotov@gmail.com"}`)),
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newADFSRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.Equal(t, nil, err)
assert.NotEqual(t, session, nil)
assert.Equal(t, "m_fedotov@gmail.com", session.Email)
assert.Equal(t, "test12345", session.AccessToken)
assert.Equal(t, "refreshtest12345", session.RefreshToken)
assert.Equal(t, "m_fedotov@gmail.com", session.User)
}
func TestADFSProviderGetUpnOnly(t *testing.T) {
p := newADFSProvider()
body, err := json.Marshal(redeemResponseADFS{
AccessToken: "test12345",
ExpiresIn: 10,
RefreshToken: "refreshtest12345",
IDToken: "jwt header." + base64.URLEncoding.EncodeToString([]byte(`{"upn": "m_fedotov@gmail.com"}`)),
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newADFSRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.Equal(t, nil, err)
assert.NotEqual(t, session, nil)
assert.Equal(t, "m_fedotov@gmail.com", session.Email)
assert.Equal(t, "test12345", session.AccessToken)
assert.Equal(t, "refreshtest12345", session.RefreshToken)
assert.Equal(t, "m_fedotov@gmail.com", session.User)
}