mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-05-11 06:48:11 +00:00
Scott McKendry
36bfcd45c1
removes the sqlite dependency for tests, also brings back the option for users to run zero persistence instances of tinyauth. adds new mapErr fn for sqlc wrapper gen to prevent sql errors from leaking out of the store implementation.
112 lines
3.9 KiB
Go
112 lines
3.9 KiB
Go
package controller_test
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http/httptest"
|
|
"sync"
|
|
"testing"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/tinyauthapp/tinyauth/internal/controller"
|
|
"github.com/tinyauthapp/tinyauth/internal/repository/memory"
|
|
"github.com/tinyauthapp/tinyauth/internal/service"
|
|
"github.com/tinyauthapp/tinyauth/internal/test"
|
|
"github.com/tinyauthapp/tinyauth/internal/utils/logger"
|
|
)
|
|
|
|
func TestWellKnownController(t *testing.T) {
|
|
log := logger.NewLogger().WithTestConfig()
|
|
log.Init()
|
|
|
|
cfg, runtime := test.CreateTestConfigs(t)
|
|
|
|
type testCase struct {
|
|
description string
|
|
run func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder)
|
|
}
|
|
|
|
tests := []testCase{
|
|
{
|
|
description: "Ensure well-known endpoint returns correct OIDC configuration",
|
|
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
|
|
req := httptest.NewRequest("GET", "/.well-known/openid-configuration", nil)
|
|
router.ServeHTTP(recorder, req)
|
|
|
|
assert.Equal(t, 200, recorder.Code)
|
|
|
|
res := controller.OpenIDConnectConfiguration{}
|
|
err := json.Unmarshal(recorder.Body.Bytes(), &res)
|
|
assert.NoError(t, err)
|
|
|
|
expected := controller.OpenIDConnectConfiguration{
|
|
Issuer: runtime.AppURL,
|
|
AuthorizationEndpoint: fmt.Sprintf("%s/authorize", runtime.AppURL),
|
|
TokenEndpoint: fmt.Sprintf("%s/api/oidc/token", runtime.AppURL),
|
|
UserinfoEndpoint: fmt.Sprintf("%s/api/oidc/userinfo", runtime.AppURL),
|
|
JwksUri: fmt.Sprintf("%s/.well-known/jwks.json", runtime.AppURL),
|
|
ScopesSupported: service.SupportedScopes,
|
|
ResponseTypesSupported: service.SupportedResponseTypes,
|
|
GrantTypesSupported: service.SupportedGrantTypes,
|
|
SubjectTypesSupported: []string{"pairwise"},
|
|
IDTokenSigningAlgValuesSupported: []string{"RS256"},
|
|
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic", "client_secret_post"},
|
|
ClaimsSupported: []string{"sub", "updated_at", "name", "preferred_username", "email", "email_verified", "groups", "phone_number", "phone_number_verified", "address", "given_name", "family_name", "middle_name", "nickname", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale"},
|
|
ServiceDocumentation: "https://tinyauth.app/docs/guides/oidc",
|
|
RequestParameterSupported: true,
|
|
RequestObjectSigningAlgValuesSupported: []string{"none"},
|
|
}
|
|
|
|
assert.Equal(t, expected, res)
|
|
},
|
|
},
|
|
{
|
|
description: "Ensure well-known endpoint returns correct JWKS",
|
|
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
|
|
req := httptest.NewRequest("GET", "/.well-known/jwks.json", nil)
|
|
router.ServeHTTP(recorder, req)
|
|
|
|
assert.Equal(t, 200, recorder.Code)
|
|
|
|
decodedBody := make(map[string]any)
|
|
err := json.Unmarshal(recorder.Body.Bytes(), &decodedBody)
|
|
assert.NoError(t, err)
|
|
|
|
keys, ok := decodedBody["keys"].([]any)
|
|
assert.True(t, ok)
|
|
assert.Len(t, keys, 1)
|
|
|
|
keyData, ok := keys[0].(map[string]any)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, "RSA", keyData["kty"])
|
|
assert.Equal(t, "sig", keyData["use"])
|
|
assert.Equal(t, "RS256", keyData["alg"])
|
|
},
|
|
},
|
|
}
|
|
|
|
ctx := context.TODO()
|
|
wg := &sync.WaitGroup{}
|
|
|
|
store := memory.New()
|
|
|
|
oidcService, err := service.NewOIDCService(log, cfg, runtime, store, ctx, wg)
|
|
require.NoError(t, err)
|
|
|
|
for _, test := range tests {
|
|
t.Run(test.description, func(t *testing.T) {
|
|
router := gin.Default()
|
|
gin.SetMode(gin.TestMode)
|
|
|
|
recorder := httptest.NewRecorder()
|
|
|
|
controller.NewWellKnownController(oidcService, &router.RouterGroup)
|
|
|
|
test.run(t, router, recorder)
|
|
})
|
|
}
|
|
}
|