101 lines
3.3 KiB
Go
101 lines
3.3 KiB
Go
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
||
|
// SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
package pkce
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"net/url"
|
||
|
"testing"
|
||
|
"time"
|
||
|
|
||
|
"github.com/ory/fosite"
|
||
|
"github.com/ory/fosite/handler/openid"
|
||
|
"github.com/stretchr/testify/require"
|
||
|
corev1 "k8s.io/api/core/v1"
|
||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||
|
"k8s.io/client-go/kubernetes/fake"
|
||
|
coretesting "k8s.io/client-go/testing"
|
||
|
)
|
||
|
|
||
|
func TestPKCEStorage(t *testing.T) {
|
||
|
ctx := context.Background()
|
||
|
secretsGVR := schema.GroupVersionResource{
|
||
|
Group: "",
|
||
|
Version: "v1",
|
||
|
Resource: "secrets",
|
||
|
}
|
||
|
|
||
|
const namespace = "test-ns"
|
||
|
|
||
|
wantActions := []coretesting.Action{
|
||
|
coretesting.NewCreateAction(secretsGVR, namespace, &corev1.Secret{
|
||
|
ObjectMeta: metav1.ObjectMeta{
|
||
|
Name: "pinniped-storage-pkce-pwu5zs7lekbhnln2w4",
|
||
|
ResourceVersion: "",
|
||
|
Labels: map[string]string{
|
||
|
"storage.pinniped.dev": "pkce",
|
||
|
},
|
||
|
},
|
||
|
Data: map[string][]byte{
|
||
|
"pinniped-storage-data": []byte(`{"request":{"id":"abcd-1","requestedAt":"0001-01-01T00:00:00Z","client":{"id":"pinny","redirect_uris":null,"grant_types":null,"response_types":null,"scopes":null,"audience":null,"public":true,"jwks_uri":"where","jwks":null,"token_endpoint_auth_method":"something","request_uris":null,"request_object_signing_alg":"","token_endpoint_auth_signing_alg":""},"scopes":null,"grantedScopes":null,"form":{"key":["val"]},"session":{"Claims":null,"Headers":null,"ExpiresAt":null,"Username":"snorlax","Subject":"panda"},"requestedAudience":null,"grantedAudience":null},"version":"1"}`),
|
||
|
"pinniped-storage-version": []byte("1"),
|
||
|
},
|
||
|
Type: "storage.pinniped.dev/pkce",
|
||
|
}),
|
||
|
coretesting.NewGetAction(secretsGVR, namespace, "pinniped-storage-pkce-pwu5zs7lekbhnln2w4"),
|
||
|
coretesting.NewDeleteAction(secretsGVR, namespace, "pinniped-storage-pkce-pwu5zs7lekbhnln2w4"),
|
||
|
}
|
||
|
|
||
|
client := fake.NewSimpleClientset()
|
||
|
secrets := client.CoreV1().Secrets(namespace)
|
||
|
storage := New(secrets)
|
||
|
|
||
|
request := &fosite.Request{
|
||
|
ID: "abcd-1",
|
||
|
RequestedAt: time.Time{},
|
||
|
Client: &fosite.DefaultOpenIDConnectClient{
|
||
|
DefaultClient: &fosite.DefaultClient{
|
||
|
ID: "pinny",
|
||
|
Secret: nil,
|
||
|
RedirectURIs: nil,
|
||
|
GrantTypes: nil,
|
||
|
ResponseTypes: nil,
|
||
|
Scopes: nil,
|
||
|
Audience: nil,
|
||
|
Public: true,
|
||
|
},
|
||
|
JSONWebKeysURI: "where",
|
||
|
JSONWebKeys: nil,
|
||
|
TokenEndpointAuthMethod: "something",
|
||
|
RequestURIs: nil,
|
||
|
RequestObjectSigningAlgorithm: "",
|
||
|
TokenEndpointAuthSigningAlgorithm: "",
|
||
|
},
|
||
|
RequestedScope: nil,
|
||
|
GrantedScope: nil,
|
||
|
Form: url.Values{"key": []string{"val"}},
|
||
|
Session: &openid.DefaultSession{
|
||
|
Claims: nil,
|
||
|
Headers: nil,
|
||
|
ExpiresAt: nil,
|
||
|
Username: "snorlax",
|
||
|
Subject: "panda",
|
||
|
},
|
||
|
RequestedAudience: nil,
|
||
|
GrantedAudience: nil,
|
||
|
}
|
||
|
err := storage.CreatePKCERequestSession(ctx, "fancy-signature", request)
|
||
|
require.NoError(t, err)
|
||
|
|
||
|
newRequest, err := storage.GetPKCERequestSession(ctx, "fancy-signature", nil)
|
||
|
require.NoError(t, err)
|
||
|
require.Equal(t, request, newRequest)
|
||
|
|
||
|
err = storage.DeletePKCERequestSession(ctx, "fancy-signature")
|
||
|
require.NoError(t, err)
|
||
|
|
||
|
require.Equal(t, wantActions, client.Actions())
|
||
|
}
|