barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-30 18:37:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: more review comments

Browse Source
This commit is contained in:
Stavros
2026-03-29 20:20:53 +03:00
parent b60e546ecd
commit 36c2004bf6
6 changed files with 87 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
internal/controller/oidc_controller_test.go
View File

@@ -4,20 +4,24 @@ import (
"encoding/json" "encoding/json"
"net/http/httptest" "net/http/httptest"
"net/url" "net/url"
"os" "path"
"strings" "strings"
"testing" "testing"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/google/go-querystring/query"
"github.com/steveiliop56/tinyauth/internal/bootstrap" "github.com/steveiliop56/tinyauth/internal/bootstrap"
"github.com/steveiliop56/tinyauth/internal/config" "github.com/steveiliop56/tinyauth/internal/config"
"github.com/steveiliop56/tinyauth/internal/controller" "github.com/steveiliop56/tinyauth/internal/controller"
"github.com/steveiliop56/tinyauth/internal/repository" "github.com/steveiliop56/tinyauth/internal/repository"
"github.com/steveiliop56/tinyauth/internal/service" "github.com/steveiliop56/tinyauth/internal/service"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestOIDCController(t *testing.T) { func TestOIDCController(t *testing.T) {
tempDir := t.TempDir()
oidcServiceCfg := service.OIDCServiceConfig{ oidcServiceCfg := service.OIDCServiceConfig{
Clients: map[string]config.OIDCClientConfig{ Clients: map[string]config.OIDCClientConfig{
"test": { "test": {
@@ -27,8 +31,8 @@ func TestOIDCController(t *testing.T) {
Name: "Test Client", Name: "Test Client",
}, },
}, },
PrivateKeyPath: "/tmp/tinyauth_testing_key.pem", PrivateKeyPath: path.Join(tempDir, "key.pem"),
PublicKeyPath: "/tmp/tinyauth_testing_key.pub", PublicKeyPath: path.Join(tempDir, "key.pub"),
Issuer: "https://tinyauth.example.com", Issuer: "https://tinyauth.example.com",
SessionExpiry: 500, SessionExpiry: 500,
} }
@@ -170,11 +174,11 @@ func TestOIDCController(t *testing.T) {
Code: "", Code: "",
RedirectURI: "https://test.example.com/callback", RedirectURI: "https://test.example.com/callback",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
var res map[string]any var res map[string]any
@@ -193,11 +197,11 @@ func TestOIDCController(t *testing.T) {
Code: "some-code", Code: "some-code",
RedirectURI: "https://test.example.com/callback", RedirectURI: "https://test.example.com/callback",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.SetBasicAuth("some-client-id", "some-client-secret") req.SetBasicAuth("some-client-id", "some-client-secret")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
@@ -231,11 +235,11 @@ func TestOIDCController(t *testing.T) {
Code: "some-code", Code: "some-code",
RedirectURI: "https://test.example.com/callback", RedirectURI: "https://test.example.com/callback",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
authHeader := recorder.Header().Get("www-authenticate") authHeader := recorder.Header().Get("www-authenticate")
@@ -270,11 +274,11 @@ func TestOIDCController(t *testing.T) {
Code: code, Code: code,
RedirectURI: "https://test.example.com/callback", RedirectURI: "https://test.example.com/callback",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.SetBasicAuth("some-client-id", "some-client-secret") req.SetBasicAuth("some-client-id", "some-client-secret")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
@@ -307,11 +311,11 @@ func TestOIDCController(t *testing.T) {
ClientID: "some-client-id", ClientID: "some-client-id",
ClientSecret: "some-client-secret", ClientSecret: "some-client-secret",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
assert.NotEmpty(t, recorder.Header().Get("cache-control")) assert.NotEmpty(t, recorder.Header().Get("cache-control"))
@@ -356,19 +360,19 @@ func TestOIDCController(t *testing.T) {
Code: code, Code: code,
RedirectURI: "https://test.example.com/callback", RedirectURI: "https://test.example.com/callback",
} }
reqBodyBytes, err := json.Marshal(reqBody) reqBodyEncoded, err := query.Values(reqBody)
assert.NoError(t, err) assert.NoError(t, err)
req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) req := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.SetBasicAuth("some-client-id", "some-client-secret") req.SetBasicAuth("some-client-id", "some-client-secret")
router.ServeHTTP(recorder, req) router.ServeHTTP(recorder, req)
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 200, recorder.Code)
// Try to use the same code again // Try to use the same code again
secondReq := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(string(reqBodyBytes))) secondReq := httptest.NewRequest("POST", "/api/oidc/token", strings.NewReader(reqBodyEncoded.Encode()))
secondReq.Header.Set("Content-Type", "application/json") secondReq.Header.Set("Content-Type", "application/x-www-form-urlencoded")
secondReq.SetBasicAuth("some-client-id", "some-client-secret") secondReq.SetBasicAuth("some-client-id", "some-client-secret")
secondRecorder := httptest.NewRecorder() secondRecorder := httptest.NewRecorder()
router.ServeHTTP(secondRecorder, secondReq) router.ServeHTTP(secondRecorder, secondReq)
@@ -431,13 +435,13 @@ func TestOIDCController(t *testing.T) {
app := bootstrap.NewBootstrapApp(config.Config{}) app := bootstrap.NewBootstrapApp(config.Config{})
db, err := app.SetupDatabase("/tmp/tinyauth_test.db") db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
assert.NoError(t, err) require.NoError(t, err)
queries := repository.New(db) queries := repository.New(db)
oidcService := service.NewOIDCService(oidcServiceCfg, queries) oidcService := service.NewOIDCService(oidcServiceCfg, queries)
err = oidcService.Init() err = oidcService.Init()
assert.NoError(t, err) require.NoError(t, err)
for _, test := range tests { for _, test := range tests {
t.Run(test.description, func(t *testing.T) { t.Run(test.description, func(t *testing.T) {
@@ -459,15 +463,8 @@ func TestOIDCController(t *testing.T) {
}) })
} }
t.Cleanup(func() {
err = db.Close() err = db.Close()
assert.NoError(t, err) require.NoError(t, err)
})
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
err = os.Remove(oidcServiceCfg.PrivateKeyPath)
assert.NoError(t, err)
err = os.Remove(oidcServiceCfg.PublicKeyPath)
assert.NoError(t, err)
} }

24
internal/controller/proxy_controller_test.go
View File

@@ -2,7 +2,7 @@ package controller_test
import ( import (
"net/http/httptest" "net/http/httptest"
"os" "path"
"testing" "testing"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
@@ -13,9 +13,12 @@ import (
"github.com/steveiliop56/tinyauth/internal/service" "github.com/steveiliop56/tinyauth/internal/service"
"github.com/steveiliop56/tinyauth/internal/utils/tlog" "github.com/steveiliop56/tinyauth/internal/utils/tlog"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestProxyController(t *testing.T) { func TestProxyController(t *testing.T) {
tempDir := t.TempDir()
authServiceCfg := service.AuthServiceConfig{ authServiceCfg := service.AuthServiceConfig{
Users: []config.User{ Users: []config.User{
{ {
@@ -320,26 +323,26 @@ func TestProxyController(t *testing.T) {
app := bootstrap.NewBootstrapApp(config.Config{}) app := bootstrap.NewBootstrapApp(config.Config{})
db, err := app.SetupDatabase("/tmp/tinyauth_test.db") db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
assert.NoError(t, err) require.NoError(t, err)
queries := repository.New(db) queries := repository.New(db)
docker := service.NewDockerService() docker := service.NewDockerService()
err = docker.Init() err = docker.Init()
assert.NoError(t, err) require.NoError(t, err)
ldap := service.NewLdapService(service.LdapServiceConfig{}) ldap := service.NewLdapService(service.LdapServiceConfig{})
err = ldap.Init() err = ldap.Init()
assert.NoError(t, err) require.NoError(t, err)
broker := service.NewOAuthBrokerService(oauthBrokerCfgs) broker := service.NewOAuthBrokerService(oauthBrokerCfgs)
err = broker.Init() err = broker.Init()
assert.NoError(t, err) require.NoError(t, err)
authService := service.NewAuthService(authServiceCfg, docker, ldap, queries, broker) authService := service.NewAuthService(authServiceCfg, docker, ldap, queries, broker)
err = authService.Init() err = authService.Init()
assert.NoError(t, err) require.NoError(t, err)
aclsService := service.NewAccessControlsService(docker, acls) aclsService := service.NewAccessControlsService(docker, acls)
@@ -363,9 +366,8 @@ func TestProxyController(t *testing.T) {
}) })
} }
t.Cleanup(func() {
err = db.Close() err = db.Close()
assert.NoError(t, err) require.NoError(t, err)
})
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
} }

27
internal/controller/resources_controller_test.go
View File

@@ -3,19 +3,26 @@ package controller_test
import ( import (
"net/http/httptest" "net/http/httptest"
"os" "os"
"path"
"testing" "testing"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/steveiliop56/tinyauth/internal/controller" "github.com/steveiliop56/tinyauth/internal/controller"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestResourcesController(t *testing.T) { func TestResourcesController(t *testing.T) {
tempDir := t.TempDir()
resourcesControllerCfg := controller.ResourcesControllerConfig{ resourcesControllerCfg := controller.ResourcesControllerConfig{
Path: "/tmp/testfiles", Path: path.Join(tempDir, "resources"),
Enabled: true, Enabled: true,
} }
err := os.Mkdir(resourcesControllerCfg.Path, 0777)
require.NoError(t, err)
type testCase struct { type testCase struct {
description string description string
run func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) run func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder)
@@ -52,16 +59,13 @@ func TestResourcesController(t *testing.T) {
}, },
} }
err := os.MkdirAll(resourcesControllerCfg.Path, 0777)
assert.NoError(t, err)
testFilePath := resourcesControllerCfg.Path + "/testfile.txt" testFilePath := resourcesControllerCfg.Path + "/testfile.txt"
err = os.WriteFile(testFilePath, []byte("This is a test file."), 0777) err = os.WriteFile(testFilePath, []byte("This is a test file."), 0777)
assert.NoError(t, err) require.NoError(t, err)
testFilePathParent := resourcesControllerCfg.Path + "/../somefile.txt" testFilePathParent := tempDir + "/somefile.txt"
err = os.WriteFile(testFilePathParent, []byte("This file should not be accessible."), 0777) err = os.WriteFile(testFilePathParent, []byte("This file should not be accessible."), 0777)
assert.NoError(t, err) require.NoError(t, err)
for _, test := range tests { for _, test := range tests {
t.Run(test.description, func(t *testing.T) { t.Run(test.description, func(t *testing.T) {
@@ -76,13 +80,4 @@ func TestResourcesController(t *testing.T) {
test.run(t, router, recorder) test.run(t, router, recorder)
}) })
} }
err = os.Remove(testFilePath)
assert.NoError(t, err)
err = os.Remove(testFilePathParent)
assert.NoError(t, err)
err = os.Remove(resourcesControllerCfg.Path)
assert.NoError(t, err)
} }

24
internal/controller/user_controller_test.go
View File

@@ -3,7 +3,7 @@ package controller_test
import ( import (
"encoding/json" "encoding/json"
"net/http/httptest" "net/http/httptest"
"os" "path"
"slices" "slices"
"strings" "strings"
"testing" "testing"
@@ -18,9 +18,12 @@ import (
"github.com/steveiliop56/tinyauth/internal/service" "github.com/steveiliop56/tinyauth/internal/service"
"github.com/steveiliop56/tinyauth/internal/utils/tlog" "github.com/steveiliop56/tinyauth/internal/utils/tlog"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestUserController(t *testing.T) { func TestUserController(t *testing.T) {
tempDir := t.TempDir()
authServiceCfg := service.AuthServiceConfig{ authServiceCfg := service.AuthServiceConfig{
Users: []config.User{ Users: []config.User{
{ {
@@ -277,26 +280,26 @@ func TestUserController(t *testing.T) {
app := bootstrap.NewBootstrapApp(config.Config{}) app := bootstrap.NewBootstrapApp(config.Config{})
db, err := app.SetupDatabase("/tmp/tinyauth_test.db") db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
assert.NoError(t, err) require.NoError(t, err)
queries := repository.New(db) queries := repository.New(db)
docker := service.NewDockerService() docker := service.NewDockerService()
err = docker.Init() err = docker.Init()
assert.NoError(t, err) require.NoError(t, err)
ldap := service.NewLdapService(service.LdapServiceConfig{}) ldap := service.NewLdapService(service.LdapServiceConfig{})
err = ldap.Init() err = ldap.Init()
assert.NoError(t, err) require.NoError(t, err)
broker := service.NewOAuthBrokerService(oauthBrokerCfgs) broker := service.NewOAuthBrokerService(oauthBrokerCfgs)
err = broker.Init() err = broker.Init()
assert.NoError(t, err) require.NoError(t, err)
authService := service.NewAuthService(authServiceCfg, docker, ldap, queries, broker) authService := service.NewAuthService(authServiceCfg, docker, ldap, queries, broker)
err = authService.Init() err = authService.Init()
assert.NoError(t, err) require.NoError(t, err)
beforeEach := func() { beforeEach := func() {
// Clear failed login attempts before each test // Clear failed login attempts before each test
@@ -346,9 +349,8 @@ func TestUserController(t *testing.T) {
}) })
} }
t.Cleanup(func() {
err = db.Close() err = db.Close()
assert.NoError(t, err) require.NoError(t, err)
})
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
} }

22
internal/controller/well_known_controller_test.go
View File

@@ -4,7 +4,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http/httptest" "net/http/httptest"
"os" "path"
"testing" "testing"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
@@ -14,9 +14,12 @@ import (
"github.com/steveiliop56/tinyauth/internal/repository" "github.com/steveiliop56/tinyauth/internal/repository"
"github.com/steveiliop56/tinyauth/internal/service" "github.com/steveiliop56/tinyauth/internal/service"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestWellKnownController(t *testing.T) { func TestWellKnownController(t *testing.T) {
tempDir := t.TempDir()
oidcServiceCfg := service.OIDCServiceConfig{ oidcServiceCfg := service.OIDCServiceConfig{
Clients: map[string]config.OIDCClientConfig{ Clients: map[string]config.OIDCClientConfig{
"test": { "test": {
@@ -26,8 +29,8 @@ func TestWellKnownController(t *testing.T) {
Name: "Test Client", Name: "Test Client",
}, },
}, },
PrivateKeyPath: "/tmp/tinyauth_testing_key.pem", PrivateKeyPath: path.Join(tempDir, "key.pem"),
PublicKeyPath: "/tmp/tinyauth_testing_key.pub", PublicKeyPath: path.Join(tempDir, "key.pub"),
Issuer: "https://tinyauth.example.com", Issuer: "https://tinyauth.example.com",
SessionExpiry: 500, SessionExpiry: 500,
} }
@@ -96,14 +99,14 @@ func TestWellKnownController(t *testing.T) {
app := bootstrap.NewBootstrapApp(config.Config{}) app := bootstrap.NewBootstrapApp(config.Config{})
db, err := app.SetupDatabase("/tmp/tinyauth_test.db") db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth.db"))
assert.NoError(t, err) require.NoError(t, err)
queries := repository.New(db) queries := repository.New(db)
oidcService := service.NewOIDCService(oidcServiceCfg, queries) oidcService := service.NewOIDCService(oidcServiceCfg, queries)
err = oidcService.Init() err = oidcService.Init()
assert.NoError(t, err) require.NoError(t, err)
for _, test := range tests { for _, test := range tests {
t.Run(test.description, func(t *testing.T) { t.Run(test.description, func(t *testing.T) {
@@ -119,9 +122,8 @@ func TestWellKnownController(t *testing.T) {
}) })
} }
t.Cleanup(func() {
err = db.Close() err = db.Close()
assert.NoError(t, err) require.NoError(t, err)
})
err = os.Remove("/tmp/tinyauth_test.db")
assert.NoError(t, err)
} }

1
internal/service/auth_service.go
View File

@@ -801,5 +801,6 @@ func (auth *AuthService) lockdownMode() {
func (auth *AuthService) ClearRateLimitsTestingOnly() { func (auth *AuthService) ClearRateLimitsTestingOnly() {
auth.loginMutex.Lock() auth.loginMutex.Lock()
auth.loginAttempts = make(map[string]*LoginAttempt) auth.loginAttempts = make(map[string]*LoginAttempt)
auth.lockdown = nil
auth.loginMutex.Unlock() auth.loginMutex.Unlock()
} }