2017-03-20 15:38:52 +00:00
|
|
|
package oidc
|
|
|
|
|
2017-06-22 05:56:02 +00:00
|
|
|
import (
|
|
|
|
"github.com/coreos/dex/connector"
|
2017-07-25 20:45:17 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2017-06-22 05:56:02 +00:00
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
|
|
|
)
|
2017-03-20 15:38:52 +00:00
|
|
|
|
|
|
|
func TestKnownBrokenAuthHeaderProvider(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
|
|
issuerURL string
|
|
|
|
expect bool
|
|
|
|
}{
|
|
|
|
{"https://dev.oktapreview.com", true},
|
|
|
|
{"https://dev.okta.com", true},
|
|
|
|
{"https://okta.com", true},
|
|
|
|
{"https://dev.oktaaccounts.com", false},
|
|
|
|
{"https://accounts.google.com", false},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, tc := range tests {
|
|
|
|
got := knownBrokenAuthHeaderProvider(tc.issuerURL)
|
|
|
|
if got != tc.expect {
|
|
|
|
t.Errorf("knownBrokenAuthHeaderProvider(%q), want=%t, got=%t", tc.issuerURL, tc.expect, got)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-06-22 05:56:02 +00:00
|
|
|
|
|
|
|
func TestOidcConnector_LoginURL(t *testing.T) {
|
|
|
|
logger := &logrus.Logger{
|
|
|
|
Out: os.Stderr,
|
|
|
|
Formatter: &logrus.TextFormatter{DisableColors: true},
|
|
|
|
Level: logrus.DebugLevel,
|
|
|
|
}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
scopes connector.Scopes
|
|
|
|
hostedDomains []string
|
|
|
|
|
|
|
|
wantScopes string
|
|
|
|
wantHdParam string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
connector.Scopes{}, []string{"example.com"},
|
|
|
|
"openid profile email", "example.com",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
connector.Scopes{}, []string{"mydomain.org", "example.com"},
|
|
|
|
"openid profile email", "*",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
connector.Scopes{}, []string{},
|
|
|
|
"openid profile email", "",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
connector.Scopes{OfflineAccess: true}, []string{},
|
|
|
|
"openid profile email", "",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
callback := "https://dex.example.com/callback"
|
|
|
|
state := "secret"
|
|
|
|
|
|
|
|
for _, test := range tests {
|
|
|
|
config := &Config{
|
|
|
|
Issuer: "https://accounts.google.com",
|
|
|
|
ClientID: "client-id",
|
|
|
|
ClientSecret: "client-secret",
|
|
|
|
RedirectURI: "https://dex.example.com/callback",
|
|
|
|
HostedDomains: test.hostedDomains,
|
|
|
|
}
|
|
|
|
|
|
|
|
conn, err := config.Open(logger)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("failed to open connector: %v", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
loginURL, err := conn.(connector.CallbackConnector).LoginURL(test.scopes, callback, state)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("failed to get login URL: %v", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
actual, err := url.Parse(loginURL)
|
|
|
|
if err != nil {
|
|
|
|
t.Errorf("failed to parse login URL: %v", err)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
wanted, _ := url.Parse("https://accounts.google.com/o/oauth2/v2/auth")
|
|
|
|
wantedQuery := &url.Values{}
|
|
|
|
wantedQuery.Set("client_id", config.ClientID)
|
|
|
|
wantedQuery.Set("redirect_uri", config.RedirectURI)
|
|
|
|
wantedQuery.Set("response_type", "code")
|
|
|
|
wantedQuery.Set("state", "secret")
|
|
|
|
wantedQuery.Set("scope", test.wantScopes)
|
|
|
|
if test.wantHdParam != "" {
|
|
|
|
wantedQuery.Set("hd", test.wantHdParam)
|
|
|
|
}
|
|
|
|
wanted.RawQuery = wantedQuery.Encode()
|
|
|
|
|
|
|
|
if !reflect.DeepEqual(actual, wanted) {
|
|
|
|
t.Errorf("Wanted %v, got %v", wanted, actual)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
//func TestOidcConnector_HandleCallback(t *testing.T) {
|
|
|
|
// logger := &logrus.Logger{
|
|
|
|
// Out: os.Stderr,
|
|
|
|
// Formatter: &logrus.TextFormatter{DisableColors: true},
|
|
|
|
// Level: logrus.DebugLevel,
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// tests := []struct {
|
|
|
|
//
|
|
|
|
// }
|
|
|
|
//}
|