code.gitea.io/gitea@v1.21.7/routers/web/auth/oauth_test.go (about) 1 // Copyright 2021 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package auth 5 6 import ( 7 "testing" 8 9 "code.gitea.io/gitea/models/auth" 10 "code.gitea.io/gitea/models/db" 11 "code.gitea.io/gitea/models/unittest" 12 user_model "code.gitea.io/gitea/models/user" 13 "code.gitea.io/gitea/modules/setting" 14 "code.gitea.io/gitea/services/auth/source/oauth2" 15 16 "github.com/golang-jwt/jwt/v5" 17 "github.com/stretchr/testify/assert" 18 ) 19 20 func createAndParseToken(t *testing.T, grant *auth.OAuth2Grant) *oauth2.OIDCToken { 21 signingKey, err := oauth2.CreateJWTSigningKey("HS256", make([]byte, 32)) 22 assert.NoError(t, err) 23 assert.NotNil(t, signingKey) 24 25 response, terr := newAccessTokenResponse(db.DefaultContext, grant, signingKey, signingKey) 26 assert.Nil(t, terr) 27 assert.NotNil(t, response) 28 29 parsedToken, err := jwt.ParseWithClaims(response.IDToken, &oauth2.OIDCToken{}, func(token *jwt.Token) (any, error) { 30 assert.NotNil(t, token.Method) 31 assert.Equal(t, signingKey.SigningMethod().Alg(), token.Method.Alg()) 32 return signingKey.VerifyKey(), nil 33 }) 34 assert.NoError(t, err) 35 assert.True(t, parsedToken.Valid) 36 37 oidcToken, ok := parsedToken.Claims.(*oauth2.OIDCToken) 38 assert.True(t, ok) 39 assert.NotNil(t, oidcToken) 40 41 return oidcToken 42 } 43 44 func TestNewAccessTokenResponse_OIDCToken(t *testing.T) { 45 assert.NoError(t, unittest.PrepareTestDatabase()) 46 47 grants, err := auth.GetOAuth2GrantsByUserID(db.DefaultContext, 3) 48 assert.NoError(t, err) 49 assert.Len(t, grants, 1) 50 51 // Scopes: openid 52 oidcToken := createAndParseToken(t, grants[0]) 53 assert.Empty(t, oidcToken.Name) 54 assert.Empty(t, oidcToken.PreferredUsername) 55 assert.Empty(t, oidcToken.Profile) 56 assert.Empty(t, oidcToken.Picture) 57 assert.Empty(t, oidcToken.Website) 58 assert.Empty(t, oidcToken.UpdatedAt) 59 assert.Empty(t, oidcToken.Email) 60 assert.False(t, oidcToken.EmailVerified) 61 62 user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) 63 grants, err = auth.GetOAuth2GrantsByUserID(db.DefaultContext, user.ID) 64 assert.NoError(t, err) 65 assert.Len(t, grants, 1) 66 67 // Scopes: openid profile email 68 oidcToken = createAndParseToken(t, grants[0]) 69 assert.Equal(t, user.Name, oidcToken.Name) 70 assert.Equal(t, user.Name, oidcToken.PreferredUsername) 71 assert.Equal(t, user.HTMLURL(), oidcToken.Profile) 72 assert.Equal(t, user.AvatarLink(db.DefaultContext), oidcToken.Picture) 73 assert.Equal(t, user.Website, oidcToken.Website) 74 assert.Equal(t, user.UpdatedUnix, oidcToken.UpdatedAt) 75 assert.Equal(t, user.Email, oidcToken.Email) 76 assert.Equal(t, user.IsActive, oidcToken.EmailVerified) 77 78 // set DefaultShowFullName to true 79 oldDefaultShowFullName := setting.UI.DefaultShowFullName 80 setting.UI.DefaultShowFullName = true 81 defer func() { 82 setting.UI.DefaultShowFullName = oldDefaultShowFullName 83 }() 84 85 // Scopes: openid profile email 86 oidcToken = createAndParseToken(t, grants[0]) 87 assert.Equal(t, user.FullName, oidcToken.Name) 88 assert.Equal(t, user.Name, oidcToken.PreferredUsername) 89 assert.Equal(t, user.HTMLURL(), oidcToken.Profile) 90 assert.Equal(t, user.AvatarLink(db.DefaultContext), oidcToken.Picture) 91 assert.Equal(t, user.Website, oidcToken.Website) 92 assert.Equal(t, user.UpdatedUnix, oidcToken.UpdatedAt) 93 assert.Equal(t, user.Email, oidcToken.Email) 94 assert.Equal(t, user.IsActive, oidcToken.EmailVerified) 95 }