2023-06-08 02:33:54 +00:00
|
|
|
// Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
2020-10-07 15:48:21 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
2023-06-22 20:12:50 +00:00
|
|
|
package federationdomainproviders
|
2020-10-07 14:53:05 +00:00
|
|
|
|
|
|
|
import (
|
2023-07-19 21:26:50 +00:00
|
|
|
"fmt"
|
2020-10-07 14:53:05 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
2023-06-13 19:26:59 +00:00
|
|
|
|
|
|
|
"go.pinniped.dev/internal/idtransform"
|
2020-10-07 14:53:05 +00:00
|
|
|
)
|
|
|
|
|
2020-12-17 19:34:49 +00:00
|
|
|
func TestFederationDomainIssuerValidations(t *testing.T) {
|
2020-10-07 14:53:05 +00:00
|
|
|
tests := []struct {
|
|
|
|
name string
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer string
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError string
|
|
|
|
}{
|
|
|
|
{
|
2020-12-17 19:34:49 +00:00
|
|
|
name: "must have an issuer",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "",
|
2020-12-17 19:34:49 +00:00
|
|
|
wantError: "federation domain must have an issuer",
|
2020-10-07 14:53:05 +00:00
|
|
|
},
|
2023-06-08 02:33:54 +00:00
|
|
|
{
|
|
|
|
name: "returns url.Parse errors",
|
|
|
|
issuer: "https://example.com" + string(byte(0x7f)),
|
|
|
|
wantError: "could not parse issuer as URL: parse \"https://example.com\\x7f\": net/url: invalid control character in URL",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "no hostname",
|
|
|
|
issuer: "https://",
|
|
|
|
wantError: `issuer must have a hostname`,
|
|
|
|
},
|
2020-10-07 14:53:05 +00:00
|
|
|
{
|
|
|
|
name: "no scheme",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "tuna.com",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must have "https" scheme`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "bad scheme",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "ftp://tuna.com",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must have "https" scheme`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "fragment",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://tuna.com/fish#some-frag",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must not have fragment`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "query",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://tuna.com?some=query",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must not have query`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "username",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://username@tuna.com",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must not have username or password`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "password",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://username:password@tuna.com",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must not have username or password`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "without path",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://tuna.com",
|
2020-10-07 14:53:05 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "with path",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://tuna.com/fish/marlin",
|
2020-10-07 14:53:05 +00:00
|
|
|
},
|
2020-10-28 19:49:41 +00:00
|
|
|
{
|
|
|
|
name: "with http scheme",
|
|
|
|
issuer: "http://tuna.com",
|
|
|
|
wantError: `issuer must have "https" scheme`,
|
|
|
|
},
|
2020-10-07 14:53:05 +00:00
|
|
|
{
|
|
|
|
name: "trailing slash in path",
|
2020-10-08 18:28:21 +00:00
|
|
|
issuer: "https://tuna.com/",
|
2020-10-07 14:53:05 +00:00
|
|
|
wantError: `issuer must not have trailing slash in path`,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for _, tt := range tests {
|
2020-10-07 15:48:21 +00:00
|
|
|
tt := tt
|
2020-10-07 14:53:05 +00:00
|
|
|
t.Run(tt.name, func(t *testing.T) {
|
2023-06-13 19:26:59 +00:00
|
|
|
_, err := NewFederationDomainIssuer(tt.issuer, []*FederationDomainIdentityProvider{})
|
2023-06-05 21:40:39 +00:00
|
|
|
if tt.wantError != "" {
|
|
|
|
require.EqualError(t, err, tt.wantError)
|
|
|
|
} else {
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// This alternate constructor should perform all the same validations on the issuer string.
|
2023-06-13 19:26:59 +00:00
|
|
|
_, err = NewFederationDomainIssuerWithDefaultIDP(tt.issuer, &FederationDomainIdentityProvider{
|
|
|
|
DisplayName: "foobar",
|
|
|
|
UID: "foo-123",
|
|
|
|
Transforms: idtransform.NewTransformationPipeline(),
|
|
|
|
})
|
2020-10-07 14:53:05 +00:00
|
|
|
if tt.wantError != "" {
|
|
|
|
require.EqualError(t, err, tt.wantError)
|
|
|
|
} else {
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-07-19 21:26:50 +00:00
|
|
|
|
|
|
|
func TestFederationDomainGetters(t *testing.T) {
|
|
|
|
const issuerHost = "some-issuer.com"
|
|
|
|
const issuerPath = "/some/path"
|
|
|
|
issuerURLString := fmt.Sprintf("https://%s%s", issuerHost, issuerPath)
|
|
|
|
|
|
|
|
provider1 := &FederationDomainIdentityProvider{
|
|
|
|
DisplayName: "test-name-1",
|
|
|
|
UID: "test-uid-1",
|
|
|
|
}
|
|
|
|
provider2 := &FederationDomainIdentityProvider{
|
|
|
|
DisplayName: "test-name-2",
|
|
|
|
UID: "test-uid-2",
|
|
|
|
}
|
|
|
|
|
|
|
|
fdi, err := NewFederationDomainIssuer(issuerURLString, []*FederationDomainIdentityProvider{provider1, provider2})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, issuerURLString, fdi.Issuer())
|
|
|
|
require.Equal(t, issuerHost, fdi.IssuerHost())
|
|
|
|
require.Equal(t, issuerPath, fdi.IssuerPath())
|
|
|
|
require.Equal(t, []*FederationDomainIdentityProvider{provider1, provider2}, fdi.IdentityProviders())
|
|
|
|
require.Nil(t, fdi.DefaultIdentityProvider())
|
|
|
|
|
|
|
|
fdi, err = NewFederationDomainIssuerWithDefaultIDP(issuerURLString, provider1)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, issuerURLString, fdi.Issuer())
|
|
|
|
require.Equal(t, issuerHost, fdi.IssuerHost())
|
|
|
|
require.Equal(t, issuerPath, fdi.IssuerPath())
|
|
|
|
require.Equal(t, []*FederationDomainIdentityProvider{provider1}, fdi.IdentityProviders())
|
|
|
|
require.Equal(t, provider1, fdi.DefaultIdentityProvider())
|
|
|
|
}
|