github.com/greenpau/go-authcrunch@v1.1.4/pkg/idp/saml/config_test.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package saml 16 17 import ( 18 "fmt" 19 "github.com/greenpau/go-authcrunch/internal/tests" 20 "github.com/greenpau/go-authcrunch/pkg/errors" 21 "testing" 22 ) 23 24 var ( 25 // Jumpcloud config has no TenantID, ApplicationID fields. 26 testConfig1 = &Config{ 27 Name: "jumpcloud", 28 Realm: "jumpcloud", 29 Driver: "generic", 30 IdpMetadataLocation: "JumpCloud-saml2-metadata.xml", 31 IdpSignCertLocation: "certificate.pem", 32 IdpLoginURL: "https://sso.jumpcloud.com/saml2/authp", 33 ApplicationName: "Auth Portal", 34 EntityID: "urn:authp", 35 AssertionConsumerServiceURLs: []string{ 36 "https://localhost/saml/jumpcloud", 37 }, 38 } 39 // Azure config has no IdpLoginURL field. 40 testConfig2 = &Config{ 41 Name: "azure", 42 Realm: "azure", 43 Driver: "azure", 44 IdpMetadataLocation: "azure_ad_app_metadata.xml", 45 IdpSignCertLocation: "azure_ad_app_signing_cert.pem", 46 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 47 ApplicationID: "623cae7c-e6b2-43c5-853c-2059c9b2cb58", 48 ApplicationName: "My Gatekeeper", 49 EntityID: "urn:caddy:mygatekeeper", 50 AssertionConsumerServiceURLs: []string{ 51 "https://localhost/auth/saml/azure", 52 }, 53 } 54 55 testConfig3 = &Config{ 56 Name: "azure", 57 Realm: "azure", 58 Driver: "azure", 59 IdpSignCertLocation: "azure_ad_app_signing_cert.pem", 60 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 61 ApplicationID: "623cae7c-e6b2-43c5-853c-2059c9b2cb58", 62 ApplicationName: "My Gatekeeper", 63 EntityID: "urn:caddy:mygatekeeper", 64 AssertionConsumerServiceURLs: []string{ 65 "https://localhost/auth/saml/azure", 66 }, 67 } 68 ) 69 70 func TestValidateConfig(t *testing.T) { 71 testcases := []struct { 72 name string 73 config *Config 74 shouldErr bool 75 err error 76 }{ 77 { 78 name: "validate jumpcloud saml config", 79 config: testConfig1, 80 }, 81 { 82 name: "validate azure saml config", 83 config: testConfig2, 84 }, 85 { 86 name: "validate azure saml config without idp metadata location", 87 config: testConfig3, 88 }, 89 { 90 name: "test empty config name", 91 config: &Config{ 92 Realm: "azure", 93 }, 94 shouldErr: true, 95 err: errors.ErrIdentityProviderConfigureNameEmpty, 96 }, 97 { 98 name: "test empty config realm", 99 config: &Config{ 100 Name: "azure", 101 }, 102 shouldErr: true, 103 err: errors.ErrIdentityProviderConfigureRealmEmpty, 104 }, 105 { 106 name: "test config tenant id not found", 107 config: &Config{ 108 Name: "azure", 109 Realm: "azure", 110 Driver: "azure", 111 }, 112 shouldErr: true, 113 err: errors.ErrIdentityProviderConfig.WithArgs("no tenant id found"), 114 }, 115 { 116 name: "test config application id not found", 117 config: &Config{ 118 Name: "azure", 119 Realm: "azure", 120 Driver: "azure", 121 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 122 }, 123 shouldErr: true, 124 err: errors.ErrIdentityProviderConfig.WithArgs("no application id found"), 125 }, 126 { 127 name: "test config application name not found", 128 config: &Config{ 129 Name: "azure", 130 Realm: "azure", 131 Driver: "azure", 132 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 133 ApplicationID: "623cae7c-e6b2-43c5-853c-2059c9b2cb58", 134 }, 135 shouldErr: true, 136 err: errors.ErrIdentityProviderConfig.WithArgs("no application name found"), 137 }, 138 { 139 name: "test config SAML provider not found", 140 config: &Config{ 141 Name: "azure", 142 Realm: "azure", 143 Driver: "", 144 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 145 ApplicationID: "623cae7c-e6b2-43c5-853c-2059c9b2cb58", 146 ApplicationName: "My Gatekeeper", 147 }, 148 shouldErr: true, 149 err: errors.ErrIdentityProviderConfig.WithArgs("no SAML provider found"), 150 }, 151 { 152 name: "test config SAML provider unsupported", 153 config: &Config{ 154 Name: "azure", 155 Realm: "azure", 156 Driver: "foobar", 157 TenantID: "1b9e886b-8ff2-4378-b6c8-6771259a5f51", 158 ApplicationID: "623cae7c-e6b2-43c5-853c-2059c9b2cb58", 159 ApplicationName: "My Gatekeeper", 160 }, 161 shouldErr: true, 162 err: errors.ErrIdentityProviderConfig.WithArgs( 163 fmt.Errorf("driver %q is unsupported", "foobar"), 164 ), 165 }, 166 { 167 name: "test config IdP Loging URL not found", 168 config: &Config{ 169 Name: "jumpcloud", 170 Realm: "jumpcloud", 171 Driver: "generic", 172 }, 173 shouldErr: true, 174 err: errors.ErrIdentityProviderConfig.WithArgs("IdP Loging URL not found"), 175 }, 176 { 177 name: "test config ACS URLs not found", 178 config: &Config{ 179 Name: "jumpcloud", 180 Realm: "jumpcloud", 181 Driver: "generic", 182 IdpLoginURL: "https://sso.jumpcloud.com/saml2/authp", 183 }, 184 shouldErr: true, 185 err: errors.ErrIdentityProviderConfig.WithArgs("ACS URLs are missing"), 186 }, 187 { 188 name: "test config IdP Signing Certificate not found", 189 config: &Config{ 190 Name: "jumpcloud", 191 Realm: "jumpcloud", 192 Driver: "generic", 193 IdpLoginURL: "https://sso.jumpcloud.com/saml2/authp", 194 AssertionConsumerServiceURLs: []string{ 195 "https://localhost/saml/jumpcloud", 196 }, 197 }, 198 shouldErr: true, 199 err: errors.ErrIdentityProviderConfig.WithArgs("IdP Signing Certificate not found"), 200 }, 201 } 202 for _, tc := range testcases { 203 t.Run(tc.name, func(t *testing.T) { 204 msgs := []string{fmt.Sprintf("test name: %s", tc.name)} 205 tests.EvalErrWithLog(t, tc.config.Validate(), "ValidateConfig", tc.shouldErr, tc.err, msgs) 206 }) 207 } 208 }