ContainerImage.Pinniped/internal/oidc/discovery/discovery_test.go

// Copyright 2020 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package discovery

import (
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"net/url"
	"testing"

	"github.com/stretchr/testify/require"

	"go.pinniped.dev/internal/oidc/issuerprovider"
)

func TestDiscovery(t *testing.T) {
	tests := []struct {
		name string

		issuer *url.URL
		method string

		wantStatus      int
		wantContentType string
		wantBody        interface{}
	}{
		{
			name:       "nil issuer",
			method:     http.MethodGet,
			wantStatus: http.StatusNotFound,
			wantBody: map[string]string{
				"error": "OIDC discovery not available (unknown issuer)",
			},
		},
		{
			name:            "issuer without path",
			issuer:          must(url.Parse("https://some-issuer.com")),
			method:          http.MethodGet,
			wantStatus:      http.StatusOK,
			wantContentType: "application/json",
			wantBody: &Metadata{
				Issuer:                           "https://some-issuer.com",
				AuthorizationEndpoint:            "https://some-issuer.com/oauth2/v0/auth",
				TokenEndpoint:                    "https://some-issuer.com/oauth2/v0/token",
				JWKSURL:                          "https://some-issuer.com/oauth2/v0/keys",
				ResponseTypesSupported:           []string{},
				SubjectTypesSupported:            []string{},
				IDTokenSigningAlgValuesSupported: []string{},
			},
		},
		{
			name:            "issuer with path",
			issuer:          must(url.Parse("https://some-issuer.com/some/path")),
			method:          http.MethodGet,
			wantStatus:      http.StatusOK,
			wantContentType: "application/json",
			wantBody: &Metadata{
				Issuer:                           "https://some-issuer.com/some/path",
				AuthorizationEndpoint:            "https://some-issuer.com/some/path/oauth2/v0/auth",
				TokenEndpoint:                    "https://some-issuer.com/some/path/oauth2/v0/token",
				JWKSURL:                          "https://some-issuer.com/some/path/oauth2/v0/keys",
				ResponseTypesSupported:           []string{},
				SubjectTypesSupported:            []string{},
				IDTokenSigningAlgValuesSupported: []string{},
			},
		},
		{
			name:       "bad method",
			issuer:     must(url.Parse("https://some-issuer.com")),
			method:     http.MethodPost,
			wantStatus: http.StatusMethodNotAllowed,
			wantBody: map[string]string{
				"error": "Method not allowed (try GET)",
			},
		},
	}
	for _, test := range tests {
		test := test
		t.Run(test.name, func(t *testing.T) {
			p := issuerprovider.New()
			p.SetIssuer(test.issuer)

			handler := New(p)
			req := httptest.NewRequest(test.method, "/this/path/shouldnt/matter", nil)
			rsp := httptest.NewRecorder()
			handler.ServeHTTP(rsp, req)

			require.Equal(t, test.wantStatus, rsp.Code)

			if test.wantContentType != "" {
				require.Equal(t, test.wantContentType, rsp.Header().Get("Content-Type"))
			}

			if test.wantBody != nil {
				wantJSON, err := json.Marshal(test.wantBody)
				require.NoError(t, err)
				require.JSONEq(t, string(wantJSON), rsp.Body.String())
			}
		})
	}
}

func must(u *url.URL, err error) *url.URL {
	if err != nil {
		panic(err)
	}
	return u
}
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`// Copyright 2020 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`package discovery`

			`import (`
			`"encoding/json"`
			`"net/http"`
			`"net/http/httptest"`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`"net/url"`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`"testing"`

			`"github.com/stretchr/testify/require"`

			`"go.pinniped.dev/internal/oidc/issuerprovider"`
			`)`

			`func TestDiscovery(t *testing.T) {`
			`tests := []struct {`
			`name string`

supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`issuer *url.URL`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`method string`

			`wantStatus int`
			`wantContentType string`
			`wantBody interface{}`
			`}{`
			`{`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`name: "nil issuer",`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`method: http.MethodGet,`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`wantStatus: http.StatusNotFound,`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`wantBody: map[string]string{`
			`"error": "OIDC discovery not available (unknown issuer)",`
			`},`
			`},`
			`{`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`name: "issuer without path",`
			`issuer: must(url.Parse("https://some-issuer.com")),`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`method: http.MethodGet,`
			`wantStatus: http.StatusOK,`
			`wantContentType: "application/json",`
			`wantBody: &Metadata{`
			`Issuer: "https://some-issuer.com",`
			`AuthorizationEndpoint: "https://some-issuer.com/oauth2/v0/auth",`
			`TokenEndpoint: "https://some-issuer.com/oauth2/v0/token",`
			`JWKSURL: "https://some-issuer.com/oauth2/v0/keys",`
			`ResponseTypesSupported: []string{},`
			`SubjectTypesSupported: []string{},`
			`IDTokenSigningAlgValuesSupported: []string{},`
			`},`
			`},`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`{`
			`name: "issuer with path",`
			`issuer: must(url.Parse("https://some-issuer.com/some/path")),`
			`method: http.MethodGet,`
			`wantStatus: http.StatusOK,`
			`wantContentType: "application/json",`
			`wantBody: &Metadata{`
			`Issuer: "https://some-issuer.com/some/path",`
			`AuthorizationEndpoint: "https://some-issuer.com/some/path/oauth2/v0/auth",`
			`TokenEndpoint: "https://some-issuer.com/some/path/oauth2/v0/token",`
			`JWKSURL: "https://some-issuer.com/some/path/oauth2/v0/keys",`
			`ResponseTypesSupported: []string{},`
			`SubjectTypesSupported: []string{},`
			`IDTokenSigningAlgValuesSupported: []string{},`
			`},`
			`},`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`{`
			`name: "bad method",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`issuer: must(url.Parse("https://some-issuer.com")),`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`method: http.MethodPost,`
			`wantStatus: http.StatusMethodNotAllowed,`
			`wantBody: map[string]string{`
			`"error": "Method not allowed (try GET)",`
			`},`
			`},`
			`}`
			`for _, test := range tests {`
			`test := test`
			`t.Run(test.name, func(t *testing.T) {`
			`p := issuerprovider.New()`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`p.SetIssuer(test.issuer)`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00
			`handler := New(p)`
			`req := httptest.NewRequest(test.method, "/this/path/shouldnt/matter", nil)`
			`rsp := httptest.NewRecorder()`
			`handler.ServeHTTP(rsp, req)`

			`require.Equal(t, test.wantStatus, rsp.Code)`

			`if test.wantContentType != "" {`
			`require.Equal(t, test.wantContentType, rsp.Header().Get("Content-Type"))`
			`}`

			`if test.wantBody != nil {`
			`wantJSON, err := json.Marshal(test.wantBody)`
			`require.NoError(t, err)`
			`require.JSONEq(t, string(wantJSON), rsp.Body.String())`
			`}`
			`})`
			`}`
			`}`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00
			`func must(u url.URL, err error) url.URL {`
			`if err != nil {`
			`panic(err)`
			`}`
			`return u`
			`}`