github.com/hellofresh/janus@v0.0.0-20230925145208-ce8de8183c67/pkg/plugin/oauth2/oauth_test.go (about) 1 package oauth2 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 "github.com/stretchr/testify/require" 8 "go.mongodb.org/mongo-driver/bson" 9 ) 10 11 func TestAccessRulesWithWrongPredicate(t *testing.T) { 12 rules := AccessRule{ 13 Action: "wrong", 14 Predicate: "wrong.predicate", 15 } 16 _, err := rules.IsAllowed(make(map[string]interface{})) 17 require.Error(t, err) 18 } 19 20 func TestAccessRulesWithEmptyPredicate(t *testing.T) { 21 rules := AccessRule{ 22 Action: "wrong", 23 Predicate: "", 24 } 25 _, err := rules.IsAllowed(map[string]interface{}{"test": true}) 26 require.Error(t, err) 27 } 28 29 func TestAccessRulesWithPredicateThatDoesntMatch(t *testing.T) { 30 rules := AccessRule{ 31 Action: "wrong", 32 Predicate: "test = false", 33 } 34 _, err := rules.IsAllowed(map[string]interface{}{"test": true}) 35 require.Error(t, err) 36 } 37 38 func TestTokenStrategyWithInvalidSettings(t *testing.T) { 39 settingsLegacy := TokenStrategy{Settings: make(chan int)} 40 _, err := settingsLegacy.GetJWTSigningMethods() 41 require.Error(t, err) 42 } 43 44 func TestTokenStrategyWithEmptySecret(t *testing.T) { 45 settingsLegacy := TokenStrategy{Settings: bson.M{"secret": ""}} 46 _, err := settingsLegacy.GetJWTSigningMethods() 47 require.Error(t, err) 48 } 49 50 func TestTokenStrategy_GetJWTSigningMethods_mongo(t *testing.T) { 51 settingsLegacy := TokenStrategy{Settings: bson.M{"secret": "foo-bar"}} 52 methodsLegacy, err := settingsLegacy.GetJWTSigningMethods() 53 require.NoError(t, err) 54 55 require.Equal(t, 1, len(methodsLegacy)) 56 assert.Equal(t, "HS256", methodsLegacy[0].Alg) 57 assert.Equal(t, "foo-bar", methodsLegacy[0].Key) 58 59 settingsList := TokenStrategy{Settings: []interface{}{bson.M{"alg": "HS256", "key": "foo"}, bson.M{"alg": "RS256", "key": "bar"}}} 60 methodsList, err := settingsList.GetJWTSigningMethods() 61 require.NoError(t, err) 62 63 require.Equal(t, 2, len(methodsList)) 64 assert.Equal(t, "HS256", methodsList[0].Alg) 65 assert.Equal(t, "foo", methodsList[0].Key) 66 assert.Equal(t, "RS256", methodsList[1].Alg) 67 assert.Equal(t, "bar", methodsList[1].Key) 68 69 settingsLegacyError := TokenStrategy{Settings: bson.M{"foo": "bar"}} 70 _, err = settingsLegacyError.GetJWTSigningMethods() 71 assert.Equal(t, ErrJWTSecretMissing, err) 72 73 settingsInvalid := TokenStrategy{Settings: bson.M{}} 74 _, err = settingsInvalid.GetJWTSigningMethods() 75 assert.Error(t, err) 76 } 77 78 func TestTokenStrategy_GetJWTSigningMethods_file(t *testing.T) { 79 repo := &FileSystemRepository{} 80 81 oauthServerLegacy := repo.parseOAuthServer([]byte(fileLegacy)) 82 methodsLegacy, err := oauthServerLegacy.TokenStrategy.GetJWTSigningMethods() 83 require.NoError(t, err) 84 85 require.Equal(t, 1, len(methodsLegacy)) 86 assert.Equal(t, "HS256", methodsLegacy[0].Alg) 87 assert.Equal(t, "foo-bar", methodsLegacy[0].Key) 88 89 oauthServerList := repo.parseOAuthServer([]byte(fileList)) 90 91 methodsList, err := oauthServerList.TokenStrategy.GetJWTSigningMethods() 92 require.NoError(t, err) 93 94 require.Equal(t, 2, len(methodsList)) 95 assert.Equal(t, "HS256", methodsList[0].Alg) 96 assert.Equal(t, "foo", methodsList[0].Key) 97 assert.Equal(t, "RS256", methodsList[1].Alg) 98 assert.Equal(t, "bar", methodsList[1].Key) 99 100 oauthServerLegacyError := repo.parseOAuthServer([]byte(fileLegacyError)) 101 _, err = oauthServerLegacyError.TokenStrategy.GetJWTSigningMethods() 102 assert.Equal(t, ErrJWTSecretMissing, err) 103 104 oauthServerInvalid := repo.parseOAuthServer([]byte(fileBad)) 105 _, err = oauthServerInvalid.TokenStrategy.GetJWTSigningMethods() 106 assert.Error(t, err) 107 } 108 109 const ( 110 fileLegacy = `{ 111 "name" : "legacy", 112 "oauth_endpoints" : { 113 "token" : { 114 "preserve_host" : false, 115 "listen_path" : "/auth/token", 116 "upstreams": {"balancing": "roundrobin", "targets": [{"target": "http://localhost:8080/token"}]}, 117 "strip_path" : true, 118 "append_path" : false, 119 "methods" : [ 120 "GET", 121 "POST" 122 ] 123 } 124 }, 125 "token_strategy" : { 126 "name" : "jwt", 127 "settings" : {"secret": "foo-bar"} 128 } 129 }` 130 fileList = `{ 131 "name" : "list", 132 "oauth_endpoints" : { 133 "token" : { 134 "preserve_host" : false, 135 "listen_path" : "/auth/token", 136 "upstreams": {"balancing": "roundrobin", "targets": [{"target": "http://localhost:8080/token"}]}, 137 "strip_path" : true, 138 "append_path" : false, 139 "methods" : [ 140 "GET", 141 "POST" 142 ] 143 } 144 }, 145 "token_strategy" : { 146 "name" : "jwt", 147 "settings" : [ 148 {"alg": "HS256", "key": "foo"}, 149 {"alg": "RS256", "key": "bar"} 150 ] 151 } 152 }` 153 fileLegacyError = `{ 154 "name" : "legacy", 155 "oauth_endpoints" : { 156 "token" : { 157 "preserve_host" : false, 158 "listen_path" : "/auth/token", 159 "upstreams": {"balancing": "roundrobin", "targets": [{"target": "http://localhost:8080/token"}]}, 160 "strip_path" : true, 161 "append_path" : false, 162 "methods" : [ 163 "GET", 164 "POST" 165 ] 166 } 167 }, 168 "token_strategy" : { 169 "name" : "jwt", 170 "settings" : {"foo": "bar"} 171 } 172 }` 173 fileBad = `{ 174 "name" : "legacy", 175 "oauth_endpoints" : { 176 "token" : { 177 "preserve_host" : false, 178 "listen_path" : "/auth/token", 179 "upstreams": {"balancing": "roundrobin", "targets": [{"target": "http://localhost:8080/token"}]}, 180 "strip_path" : true, 181 "append_path" : false, 182 "methods" : [ 183 "GET", 184 "POST" 185 ] 186 } 187 }, 188 "token_strategy" : { 189 "name" : "jwt", 190 "settings" : {} 191 } 192 }` 193 )