ContainerImage.Pinniped/internal/oidc/discovery/discovery_handler_test.go

// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

package discovery

import (
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/require"

	"go.pinniped.dev/internal/here"
	"go.pinniped.dev/internal/oidc"
)

func TestDiscovery(t *testing.T) {
	tests := []struct {
		name string

		issuer string
		method string
		path   string

		wantStatus      int
		wantContentType string
		wantBodyJSON    string
		wantBodyString  string
	}{
		{
			name:            "happy path",
			issuer:          "https://some-issuer.com/some/path",
			method:          http.MethodGet,
			path:            "/some/path" + oidc.WellKnownEndpointPath,
			wantStatus:      http.StatusOK,
			wantContentType: "application/json",
			wantBodyJSON: here.Doc(`
			{
				"issuer": "https://some-issuer.com/some/path",
				"authorization_endpoint": "https://some-issuer.com/some/path/oauth2/authorize",
				"token_endpoint": "https://some-issuer.com/some/path/oauth2/token",
				"jwks_uri": "https://some-issuer.com/some/path/jwks.json",
				"response_types_supported": ["code"],
				"response_modes_supported": ["query", "form_post"],
				"subject_types_supported": ["public"],
				"id_token_signing_alg_values_supported": ["ES256"],
				"token_endpoint_auth_methods_supported": ["client_secret_basic"],
				"scopes_supported": ["openid", "offline"],
				"code_challenge_methods_supported": ["S256"],
				"claims_supported": ["groups"],
				"discovery.supervisor.pinniped.dev/v1alpha1": {
					"pinniped_identity_providers_endpoint": "https://some-issuer.com/some/path/v1alpha1/pinniped_identity_providers"
				}
			}
			`),
		},
		{
			name:            "bad method",
			issuer:          "https://some-issuer.com",
			method:          http.MethodPost,
			path:            oidc.WellKnownEndpointPath,
			wantStatus:      http.StatusMethodNotAllowed,
			wantContentType: "text/plain; charset=utf-8",
			wantBodyString:  "Method not allowed (try GET)\n",
		},
	}
	for _, test := range tests {
		test := test
		t.Run(test.name, func(t *testing.T) {
			handler := NewHandler(test.issuer)
			req := httptest.NewRequest(test.method, test.path, nil)
			rsp := httptest.NewRecorder()
			handler.ServeHTTP(rsp, req)

			require.Equal(t, test.wantStatus, rsp.Code)

			require.Equal(t, test.wantContentType, rsp.Header().Get("Content-Type"))

			if test.wantBodyJSON != "" {
				require.JSONEq(t, test.wantBodyJSON, rsp.Body.String())
			}

			if test.wantBodyString != "" {
				require.Equal(t, test.wantBodyString, rsp.Body.String())
			}
		})
	}
}
add a code comment 2022-04-19 18:35:46 +00:00			`// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`// SPDX-License-Identifier: Apache-2.0`

			`package discovery`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`

			`"github.com/stretchr/testify/require"`

Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 22:23:03 +00:00			`"go.pinniped.dev/internal/here"`
supervisor-oidc: int test passes, but impl needs refactor Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 15:33:50 +00:00			`"go.pinniped.dev/internal/oidc"`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`)`

			`func TestDiscovery(t *testing.T) {`
			`tests := []struct {`
			`name string`

Creation and deletion of OIDC Provider discovery endpoints from config - The OIDCProviderConfigWatcherController synchronizes the OIDCProviderConfig settings to dynamically mount and unmount the OIDC discovery endpoints for each provider - Integration test passes but unit tests need to be added still 2020-10-08 02:18:34 +00:00			`issuer string`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`method string`
supervisor-oidc: int test passes, but impl needs refactor Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 15:33:50 +00:00			`path string`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00
Move Supervisor IDP discovery to its own new endpoint 2021-05-11 17:31:33 +00:00			`wantStatus int`
			`wantContentType string`
Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 22:23:03 +00:00			`wantBodyJSON string`
Move Supervisor IDP discovery to its own new endpoint 2021-05-11 17:31:33 +00:00			`wantBodyString string`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`}{`
			`{`
Creation and deletion of OIDC Provider discovery endpoints from config - The OIDCProviderConfigWatcherController synchronizes the OIDCProviderConfig settings to dynamically mount and unmount the OIDC discovery endpoints for each provider - Integration test passes but unit tests need to be added still 2020-10-08 02:18:34 +00:00			`name: "happy path",`
			`issuer: "https://some-issuer.com/some/path",`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`method: http.MethodGet,`
Several small refactors related to OIDC providers 2020-10-08 18:28:21 +00:00			`path: "/some/path" + oidc.WellKnownEndpointPath,`
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`wantStatus: http.StatusOK,`
			`wantContentType: "application/json",`
Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 22:23:03 +00:00			wantBodyJSON: here.Doc(`
			`{`
			`"issuer": "https://some-issuer.com/some/path",`
			`"authorization_endpoint": "https://some-issuer.com/some/path/oauth2/authorize",`
			`"token_endpoint": "https://some-issuer.com/some/path/oauth2/token",`
			`"jwks_uri": "https://some-issuer.com/some/path/jwks.json",`
			`"response_types_supported": ["code"],`
			`"response_modes_supported": ["query", "form_post"],`
			`"subject_types_supported": ["public"],`
			`"id_token_signing_alg_values_supported": ["ES256"],`
			`"token_endpoint_auth_methods_supported": ["client_secret_basic"],`
			`"scopes_supported": ["openid", "offline"],`
oidc: add code challenge supported methods Signed-off-by: hectorj2f <hectorf@vmware.com> 2022-04-17 23:06:59 +00:00			`"code_challenge_methods_supported": ["S256"],`
Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 22:23:03 +00:00			`"claims_supported": ["groups"],`
			`"discovery.supervisor.pinniped.dev/v1alpha1": {`
			`"pinniped_identity_providers_endpoint": "https://some-issuer.com/some/path/v1alpha1/pinniped_identity_providers"`
			`}`
			`}`
			`),
supervisor-oidc: checkpoint: controller watches OIDCProviderConfig Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 14:53:05 +00:00			`},`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`{`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`name: "bad method",`
			`issuer: "https://some-issuer.com",`
			`method: http.MethodPost,`
			`path: oidc.WellKnownEndpointPath,`
			`wantStatus: http.StatusMethodNotAllowed,`
			`wantContentType: "text/plain; charset=utf-8",`
			`wantBodyString: "Method not allowed (try GET)\n",`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`},`
			`}`
			`for _, test := range tests {`
			`test := test`
			`t.Run(test.name, func(t *testing.T) {`
Move Supervisor IDP discovery to its own new endpoint 2021-05-11 17:31:33 +00:00			`handler := NewHandler(test.issuer)`
supervisor-oidc: int test passes, but impl needs refactor Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-07 15:33:50 +00:00			`req := httptest.NewRequest(test.method, test.path, nil)`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`rsp := httptest.NewRecorder()`
			`handler.ServeHTTP(rsp, req)`

			`require.Equal(t, test.wantStatus, rsp.Code)`

Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00			`require.Equal(t, test.wantContentType, rsp.Header().Get("Content-Type"))`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00
Extract Supervisor IDP discovery endpoint types into apis package 2021-08-17 22:23:03 +00:00			`if test.wantBodyJSON != "" {`
			`require.JSONEq(t, test.wantBodyJSON, rsp.Body.String())`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`}`
Implement per-issuer OIDC JWKS endpoint 2020-10-17 00:51:40 +00:00
			`if test.wantBodyString != "" {`
			`require.Equal(t, test.wantBodyString, rsp.Body.String())`
			`}`
supervisor-oidc: hoist OIDC discovery handler for testing Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-10-06 14:11:57 +00:00			`})`
			`}`
			`}`