// Copyright 2021-2022 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package formposthtml import ( "bytes" "fmt" "net/url" "testing" "github.com/ory/fosite" "github.com/stretchr/testify/require" "go.pinniped.dev/internal/here" ) var ( testRedirectURL = "http://127.0.0.1:12345/callback" testResponseParams = url.Values{ "code": []string{"test-S629KHsCCBYV0PQ6FDSrn6iEXtVImQRBh7NCAk.JezyUSdCiSslYjtUmv7V5VAgiCz3ZkES9mYldg9GhqU"}, "scope": []string{"openid offline_access pinniped:request-audience"}, "state": []string{"01234567890123456789012345678901"}, } testExpectedFormPostOutput = here.Doc(`
`) // It's okay if this changes in the future, but this gives us a chance to eyeball the formatting. // Our browser-based integration tests should find any incompatibilities. testExpectedCSP = `default-src 'none'; ` + `script-src 'sha256-A3Wb0nDQrxXF07tExs31mVq68ObC+TMpvX8GUFw4SZk='; ` + `style-src 'sha256-CtfkX7m8x2UdGYvGgDq+6b6yIAQsASW9pbQK+sG8fNA='; ` + `img-src data:; ` + `connect-src *; ` + `frame-ancestors 'none'` ) func TestTemplate(t *testing.T) { // Use the Fosite helper to render the form, ensuring that the parameters all have the same names + types. var buf bytes.Buffer fosite.WriteAuthorizeFormPostResponse(testRedirectURL, testResponseParams, Template(), &buf) // Render again so we can confirm that there is no error returned (Fosite ignores any error). var buf2 bytes.Buffer require.NoError(t, Template().Execute(&buf2, struct { RedirURL string Parameters url.Values }{ RedirURL: testRedirectURL, Parameters: testResponseParams, })) require.Equal(t, buf.String(), buf2.String()) require.Equal(t, testExpectedFormPostOutput, buf.String()) } func TestContentSecurityPolicyHashes(t *testing.T) { require.Equal(t, testExpectedCSP, ContentSecurityPolicy()) } func TestHelpers(t *testing.T) { // These are silly tests but it's easy to we might as well have them. require.Equal(t, "test", mustMinify("test", nil)) require.PanicsWithError(t, "some error", func() { mustMinify("", fmt.Errorf("some error")) }) // Example test vector from https://content-security-policy.com/hash/. require.Equal(t, "sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc=", cspHash("doSomething();")) }