github.com/greenpau/go-authcrunch@v1.1.4/pkg/idp/config_test.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package idp 16 17 import ( 18 "fmt" 19 "github.com/google/go-cmp/cmp" 20 "github.com/greenpau/go-authcrunch/internal/tests" 21 "github.com/greenpau/go-authcrunch/pkg/errors" 22 "testing" 23 ) 24 25 func TestNewIdentityProviderConfig(t *testing.T) { 26 testcases := []struct { 27 name string 28 driver string 29 kind string 30 params map[string]interface{} 31 want string 32 shouldErr bool 33 err error 34 }{ 35 { 36 name: "test google identity provider", 37 driver: "google", 38 kind: "oauth", 39 params: map[string]interface{}{ 40 "client_id": "foo.apps.googleusercontent.com", 41 "client_secret": "foobar", 42 "driver": "google", 43 "realm": "localdb", 44 "scopes": []string{"openid", "email", "profile"}, 45 }, 46 want: `{ 47 "name": "google", 48 "kind": "oauth", 49 "params": { 50 "client_id": "foo.apps.googleusercontent.com", 51 "client_secret": "foobar", 52 "driver": "google", 53 "realm": "localdb", 54 "scopes": ["openid", "email", "profile"] 55 } 56 }`, 57 }, 58 { 59 name: "test jumpcloud identity provider", 60 driver: "jumpcloud", 61 kind: "saml", 62 params: map[string]interface{}{ 63 "driver": "generic", 64 "realm": "jumpcloud", 65 "idp_metadata_location": "JumpCloud-saml2-metadata.xml", 66 "idp_sign_cert_location": "certificate.pem", 67 "idp_login_url": "https://sso.jumpcloud.com/saml2/authp", 68 "application_name": "Auth Portal", 69 "entity_id": "urn:authp", 70 "acs_urls": []string{"https://localhost/saml/jumpcloud"}, 71 }, 72 want: `{ 73 "kind": "saml", 74 "name": "jumpcloud", 75 "params": { 76 "acs_urls": [ 77 "https://localhost/saml/jumpcloud" 78 ], 79 "application_name": "Auth Portal", 80 "entity_id": "urn:authp", 81 "idp_login_url": "https://sso.jumpcloud.com/saml2/authp", 82 "idp_metadata_location": "JumpCloud-saml2-metadata.xml", 83 "idp_sign_cert_location": "certificate.pem", 84 "driver": "generic", 85 "realm": "jumpcloud" 86 } 87 }`, 88 }, 89 { 90 name: "test config validation error", 91 // driver: "google", 92 kind: "oauth", 93 params: map[string]interface{}{ 94 "client_id": "foo.apps.googleusercontent.com", 95 "client_secret": "foobar", 96 "driver": "google", 97 "realm": "localdb", 98 "scopes": []string{"openid", "email", "profile"}, 99 }, 100 shouldErr: true, 101 err: errors.ErrIdentityProviderConfigInvalid.WithArgs("empty identity provider name"), 102 }, 103 { 104 name: "test config validation error with unsupported provider kind", 105 driver: "google", 106 kind: "foobar", 107 params: map[string]interface{}{ 108 "client_id": "foo.apps.googleusercontent.com", 109 "client_secret": "foobar", 110 "driver": "google", 111 "realm": "localdb", 112 "scopes": []string{"openid", "email", "profile"}, 113 }, 114 shouldErr: true, 115 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 116 "unsupported identity provider type foobar", 117 ), 118 }, 119 { 120 name: "test config validation error with empty provider kind", 121 driver: "google", 122 params: map[string]interface{}{ 123 "client_id": "foo.apps.googleusercontent.com", 124 "client_secret": "foobar", 125 "driver": "google", 126 "realm": "localdb", 127 "scopes": []string{"openid", "email", "profile"}, 128 }, 129 shouldErr: true, 130 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 131 "empty identity provider type", 132 ), 133 }, 134 { 135 name: "test config validation error with nil params", 136 driver: "google", 137 kind: "oauth", 138 params: map[string]interface{}{}, 139 shouldErr: true, 140 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 141 "empty identity provider parameters", 142 ), 143 }, 144 { 145 name: "test config validation error with unsupported param field", 146 driver: "google", 147 kind: "oauth", 148 params: map[string]interface{}{ 149 "client_id": "foo.apps.googleusercontent.com", 150 "client_secret": "foobar", 151 "driver": "google", 152 "realm": "localdb", 153 "scopes": []string{"openid", "email", "profile"}, 154 "foo": "bar", 155 }, 156 157 shouldErr: true, 158 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 159 fmt.Errorf("found unsupported %q field", "foo"), 160 ), 161 }, 162 { 163 name: "test config validation error with required field not found", 164 driver: "google", 165 kind: "oauth", 166 params: map[string]interface{}{ 167 "client_id": "foo.apps.googleusercontent.com", 168 "client_secret": "foobar", 169 // "driver": "google", 170 "realm": "localdb", 171 "scopes": []string{"openid", "email", "profile"}, 172 }, 173 174 shouldErr: true, 175 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 176 fmt.Errorf("required field %q not found", "driver"), 177 ), 178 }, 179 { 180 name: "test oauth config validation error", 181 driver: "google", 182 kind: "oauth", 183 params: map[string]interface{}{ 184 "client_id": "foo.apps.googleusercontent.com", 185 "client_secret": "foobar", 186 "driver": "", 187 "realm": "google", 188 "scopes": []string{"openid", "email", "profile"}, 189 }, 190 191 shouldErr: true, 192 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 193 errors.ErrIdentityProviderConfig.WithArgs("driver name not found"), 194 ), 195 }, 196 { 197 name: "test saml config validation error", 198 driver: "jumpcloud", 199 kind: "saml", 200 params: map[string]interface{}{ 201 "driver": "", 202 "realm": "", 203 "entity_id": "", 204 "acs_urls": "", 205 }, 206 207 shouldErr: true, 208 err: errors.ErrIdentityProviderConfigInvalid.WithArgs( 209 errors.ErrIdentityProviderConfigureRealmEmpty, 210 ), 211 }, 212 } 213 for _, tc := range testcases { 214 t.Run(tc.name, func(t *testing.T) { 215 cfg, err := NewIdentityProviderConfig(tc.driver, tc.kind, tc.params) 216 if err != nil { 217 if !tc.shouldErr { 218 t.Fatalf("expected success, got: %v", err) 219 } 220 if diff := cmp.Diff(err.Error(), tc.err.Error()); diff != "" { 221 t.Fatalf("unexpected error: %v, want: %v", err, tc.err) 222 } 223 return 224 } 225 if tc.shouldErr { 226 t.Fatalf("unexpected success, want: %v", tc.err) 227 } 228 got := tests.Unpack(t, cfg) 229 want := tests.Unpack(t, tc.want) 230 231 if diff := cmp.Diff(want, got); diff != "" { 232 t.Logf("JSON: %v", tests.UnpackJSON(t, got)) 233 t.Errorf("NewIdentityProviderConfig() mismatch (-want +got):\n%s", diff) 234 } 235 }) 236 } 237 }