djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bring back the test that was skipped by the previous commit

Browse Source 
- This test is still a work in progress. Some TODO comments
  have been added to give hints for next steps.
This commit is contained in:
Ryan Richard 2020-12-08 18:25:01 -08:00
parent f84dda937b
commit 6420caca94
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
internal/oidc/token/token_handler_test.go
View File

@ -566,14 +566,14 @@ func TestTokenEndpointWhenAuthcodeIsUsedTwice(t *testing.T) {
} }
func TestTokenExchange(t *testing.T) { func TestTokenExchange(t *testing.T) {
// TODO write this test
t.Skip()
tests := []struct { tests := []struct {
name string name string
authcodeExchange authcodeExchangeInputs authcodeExchange authcodeExchangeInputs
wantStatus int
requestedAudience string
modifyTokenExchangeRequest func(r *http.Request) modifyTokenExchangeRequest func(r *http.Request)
requestedAudience string
wantStatus int
}{ }{
{ {
name: "token exchange happy path", name: "token exchange happy path",
@ -581,12 +581,18 @@ func TestTokenExchange(t *testing.T) {
modifyAuthRequest: func(authRequest *http.Request) { modifyAuthRequest: func(authRequest *http.Request) {
authRequest.Form.Set("scope", "openid pinniped.sts.unrestricted") authRequest.Form.Set("scope", "openid pinniped.sts.unrestricted")
}, },
wantStatus: http.StatusOK, wantStatus: http.StatusOK,
wantBodyFields: []string{"id_token", "access_token", "token_type", "expires_in", "scope"}, wantSuccessBodyFields: []string{"id_token", "access_token", "token_type", "expires_in", "scope"},
wantRequestedScopes: []string{"openid", "pinniped.sts.unrestricted"}, wantRequestedScopes: []string{"openid", "pinniped.sts.unrestricted"},
wantGrantedScopes: []string{"openid", "pinniped.sts.unrestricted"},
}, },
wantStatus: http.StatusOK, requestedAudience: "some-workload-cluster",
wantStatus: http.StatusOK,
}, },
// TODO add the unhappy path table entries: wrong client id, invalid access token, access token does not have pinniped.sts.unrestricted, etc.
// Can use modifyAuthRequest to change the request params for the original authorize request (e.g. don't request pinniped.sts.unrestricted).
// Can use modifyTokenExchangeRequest to change to request params for the token exchange call (e.g. bad access token or wrong http verb).
// Will need to add some more fields to the test table to declare the expected values of the error response, etc.
} }
for _, test := range tests { for _, test := range tests {
test := test test := test
@ -595,7 +601,7 @@ func TestTokenExchange(t *testing.T) {
var parsedResponseBody map[string]interface{} var parsedResponseBody map[string]interface{}
require.NoError(t, json.Unmarshal(rsp.Body.Bytes(), &parsedResponseBody)) require.NoError(t, json.Unmarshal(rsp.Body.Bytes(), &parsedResponseBody))
request := happyTokenExchangeRequest("foo-cluster", parsedResponseBody["access_token"].(string)) request := happyTokenExchangeRequest(test.requestedAudience, parsedResponseBody["access_token"].(string))
req := httptest.NewRequest("POST", "/path/shouldn't/matter", body(request.Form).ReadCloser()) req := httptest.NewRequest("POST", "/path/shouldn't/matter", body(request.Form).ReadCloser())
req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
@ -610,6 +616,10 @@ func TestTokenExchange(t *testing.T) {
require.Equal(t, test.wantStatus, rsp.Code) require.Equal(t, test.wantStatus, rsp.Code)
testutil.RequireEqualContentType(t, rsp.Header().Get("Content-Type"), "application/json") testutil.RequireEqualContentType(t, rsp.Header().Get("Content-Type"), "application/json")
// TODO write lots more assertions about the happy path
// e.g. that nothing was changed in the fosite k8s storage
// e.g. that the response body is correct, and the decoded token has the right claims
}) })
} }
} }