github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/pkg/graphql/auth_validation_test.go (about)

     1  package graphql_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/kyma-incubator/compass/components/director/pkg/graphql"
     7  	"github.com/kyma-incubator/compass/components/director/pkg/inputvalidation/inputvalidationtest"
     8  	"github.com/stretchr/testify/require"
     9  )
    10  
    11  func TestAuthInput_Validate_Credential(t *testing.T) {
    12  	credential := fixValidCredentialDataInput()
    13  
    14  	testCases := []struct {
    15  		Name          string
    16  		Value         *graphql.CredentialDataInput
    17  		ExpectedValid bool
    18  	}{
    19  		{
    20  			Name:          "ExpectedValid",
    21  			Value:         &credential,
    22  			ExpectedValid: true,
    23  		},
    24  		{
    25  			Name:          "Empty",
    26  			Value:         nil,
    27  			ExpectedValid: true,
    28  		},
    29  		{
    30  			Name:          "Invalid - nested validation error",
    31  			Value:         &graphql.CredentialDataInput{},
    32  			ExpectedValid: false,
    33  		},
    34  	}
    35  
    36  	for _, testCase := range testCases {
    37  		t.Run(testCase.Name, func(t *testing.T) {
    38  			//GIVEN
    39  			sut := fixValidAuthInput()
    40  			sut.Credential = testCase.Value
    41  			// WHEN
    42  			err := sut.Validate()
    43  			// THEN
    44  			if testCase.ExpectedValid {
    45  				require.NoError(t, err)
    46  			} else {
    47  				require.Error(t, err)
    48  			}
    49  		})
    50  	}
    51  }
    52  
    53  func TestAuthInput_Validate_AdditionalHeaders(t *testing.T) {
    54  	testCases := []struct {
    55  		Name          string
    56  		Value         graphql.HTTPHeaders
    57  		ExpectedValid bool
    58  	}{
    59  		{
    60  			Name: "ExpectedValid",
    61  			Value: graphql.HTTPHeaders{
    62  				"Authorization": {"test", "asdf"},
    63  				"Test":          {"test", "asdf"},
    64  			},
    65  			ExpectedValid: true,
    66  		},
    67  		{
    68  			Name:          "ExpectedValid - nil",
    69  			Value:         nil,
    70  			ExpectedValid: true,
    71  		},
    72  		{
    73  			Name: "Invalid - empty key",
    74  			Value: graphql.HTTPHeaders{
    75  				inputvalidationtest.EmptyString: {"test"},
    76  			},
    77  			ExpectedValid: false,
    78  		},
    79  		{
    80  			Name: "Invalid - nil value",
    81  			Value: graphql.HTTPHeaders{
    82  				"test": nil,
    83  			},
    84  			ExpectedValid: false,
    85  		},
    86  		{
    87  			Name: "Invalid - empty slice element",
    88  			Value: graphql.HTTPHeaders{
    89  				"test": {inputvalidationtest.EmptyString},
    90  			},
    91  			ExpectedValid: false,
    92  		},
    93  	}
    94  
    95  	for _, testCase := range testCases {
    96  		t.Run(testCase.Name, func(t *testing.T) {
    97  			//GIVEN
    98  			sut := fixValidAuthInput()
    99  			sut.AdditionalHeaders = testCase.Value
   100  			// WHEN
   101  			err := sut.Validate()
   102  			// THEN
   103  			if testCase.ExpectedValid {
   104  				require.NoError(t, err)
   105  			} else {
   106  				require.Error(t, err)
   107  			}
   108  		})
   109  	}
   110  }
   111  
   112  func TestAuthInput_Validate_AdditionalQueryParams(t *testing.T) {
   113  	testCases := []struct {
   114  		Name          string
   115  		Value         graphql.QueryParams
   116  		ExpectedValid bool
   117  	}{
   118  		{
   119  			Name: "ExpectedValid",
   120  			Value: graphql.QueryParams{
   121  				"Param": {"test", "asdf"},
   122  				"Test":  {"test", "asdf"},
   123  			},
   124  			ExpectedValid: true,
   125  		},
   126  		{
   127  			Name:          "ExpectedValid - nil",
   128  			Value:         nil,
   129  			ExpectedValid: true,
   130  		},
   131  		{
   132  			Name: "Invalid - empty key",
   133  			Value: graphql.QueryParams{
   134  				inputvalidationtest.EmptyString: {"test"},
   135  			},
   136  			ExpectedValid: false,
   137  		},
   138  		{
   139  			Name: "Invalid - nil value",
   140  			Value: graphql.QueryParams{
   141  				"test": nil,
   142  			},
   143  			ExpectedValid: false,
   144  		},
   145  		{
   146  			Name: "Invalid - empty slice element",
   147  			Value: graphql.QueryParams{
   148  				"test": {inputvalidationtest.EmptyString},
   149  			},
   150  			ExpectedValid: false,
   151  		},
   152  	}
   153  
   154  	for _, testCase := range testCases {
   155  		t.Run(testCase.Name, func(t *testing.T) {
   156  			//GIVEN
   157  			sut := fixValidAuthInput()
   158  			sut.AdditionalQueryParams = testCase.Value
   159  			// WHEN
   160  			err := sut.Validate()
   161  			// THEN
   162  			if testCase.ExpectedValid {
   163  				require.NoError(t, err)
   164  			} else {
   165  				require.Error(t, err)
   166  			}
   167  		})
   168  	}
   169  }
   170  
   171  func TestAuthInput_Validate_RequestAuth(t *testing.T) {
   172  	credRequest := fixValidCredentialRequestAuthInput()
   173  	testCases := []struct {
   174  		Name          string
   175  		Value         *graphql.CredentialRequestAuthInput
   176  		ExpectedValid bool
   177  	}{
   178  		{
   179  			Name:          "ExpectedValid",
   180  			Value:         &credRequest,
   181  			ExpectedValid: true,
   182  		},
   183  		{
   184  			Name:          "ExpectedValid - nil",
   185  			Value:         nil,
   186  			ExpectedValid: true,
   187  		},
   188  		{
   189  			Name: "Invalid - no auth provided",
   190  			Value: &graphql.CredentialRequestAuthInput{
   191  				Csrf: nil,
   192  			},
   193  			ExpectedValid: false,
   194  		},
   195  		{
   196  			Name: "Invalid - nested validation error",
   197  			Value: &graphql.CredentialRequestAuthInput{
   198  				Csrf: &graphql.CSRFTokenCredentialRequestAuthInput{},
   199  			},
   200  			ExpectedValid: false,
   201  		},
   202  	}
   203  
   204  	for _, testCase := range testCases {
   205  		t.Run(testCase.Name, func(t *testing.T) {
   206  			//GIVEN
   207  			sut := fixValidAuthInput()
   208  			sut.RequestAuth = testCase.Value
   209  			// WHEN
   210  			err := sut.Validate()
   211  			// THEN
   212  			if testCase.ExpectedValid {
   213  				require.NoError(t, err)
   214  			} else {
   215  				require.Error(t, err)
   216  			}
   217  		})
   218  	}
   219  }
   220  
   221  func TestCredentialDataInput_Validate(t *testing.T) {
   222  	credential := fixValidCredentialDataInput()
   223  	basic := fixValidBasicCredentialDataInput()
   224  	oauth := fixValidOAuthCredentialDataInput()
   225  
   226  	testCases := []struct {
   227  		Name          string
   228  		Value         *graphql.CredentialDataInput
   229  		ExpectedValid bool
   230  	}{
   231  		{
   232  			Name:          "ExpectedValid",
   233  			Value:         &credential,
   234  			ExpectedValid: true,
   235  		},
   236  		{
   237  			Name: "Invalid - no auth provided",
   238  			Value: &graphql.CredentialDataInput{
   239  				Basic: nil,
   240  				Oauth: nil,
   241  			},
   242  			ExpectedValid: false,
   243  		},
   244  		{
   245  			Name: "Invalid - multiple auths provided",
   246  			Value: &graphql.CredentialDataInput{
   247  				Basic: &basic,
   248  				Oauth: &oauth,
   249  			},
   250  			ExpectedValid: false,
   251  		},
   252  		{
   253  			Name: "Invalid - nested validation error in Basic",
   254  			Value: &graphql.CredentialDataInput{
   255  				Basic: &graphql.BasicCredentialDataInput{},
   256  			},
   257  			ExpectedValid: false,
   258  		},
   259  		{
   260  			Name: "Invalid - nested validation error in Oauth",
   261  			Value: &graphql.CredentialDataInput{
   262  				Oauth: &graphql.OAuthCredentialDataInput{},
   263  			},
   264  			ExpectedValid: false,
   265  		},
   266  	}
   267  
   268  	for _, testCase := range testCases {
   269  		t.Run(testCase.Name, func(t *testing.T) {
   270  			//GIVEN
   271  			sut := fixValidAuthInput()
   272  			sut.Credential = testCase.Value
   273  			// WHEN
   274  			err := sut.Validate()
   275  			// THEN
   276  			if testCase.ExpectedValid {
   277  				require.NoError(t, err)
   278  			} else {
   279  				require.Error(t, err)
   280  			}
   281  		})
   282  	}
   283  }
   284  
   285  func TestBasicCredentialDataInput_Validate_Username(t *testing.T) {
   286  	testCases := []struct {
   287  		Name          string
   288  		Value         string
   289  		ExpectedValid bool
   290  	}{
   291  		{
   292  			Name:          "ExpectedValid",
   293  			Value:         "John",
   294  			ExpectedValid: true,
   295  		},
   296  		{
   297  			Name:          "Invalid - Empty string",
   298  			Value:         inputvalidationtest.EmptyString,
   299  			ExpectedValid: false,
   300  		},
   301  	}
   302  
   303  	for _, testCase := range testCases {
   304  		t.Run(testCase.Name, func(t *testing.T) {
   305  			//GIVEN
   306  			sut := fixValidBasicCredentialDataInput()
   307  			sut.Username = testCase.Value
   308  			// WHEN
   309  			err := sut.Validate()
   310  			// THEN
   311  			if testCase.ExpectedValid {
   312  				require.NoError(t, err)
   313  			} else {
   314  				require.Error(t, err)
   315  			}
   316  		})
   317  	}
   318  }
   319  
   320  func TestBasicCredentialDataInput_Validate_Password(t *testing.T) {
   321  	testCases := []struct {
   322  		Name          string
   323  		Value         string
   324  		ExpectedValid bool
   325  	}{
   326  		{
   327  			Name:          "ExpectedValid",
   328  			Value:         "John",
   329  			ExpectedValid: true,
   330  		},
   331  		{
   332  			Name:          "Invalid - Empty string",
   333  			Value:         inputvalidationtest.EmptyString,
   334  			ExpectedValid: false,
   335  		},
   336  	}
   337  
   338  	for _, testCase := range testCases {
   339  		t.Run(testCase.Name, func(t *testing.T) {
   340  			//GIVEN
   341  			sut := fixValidBasicCredentialDataInput()
   342  			sut.Password = testCase.Value
   343  			// WHEN
   344  			err := sut.Validate()
   345  			// THEN
   346  			if testCase.ExpectedValid {
   347  				require.NoError(t, err)
   348  			} else {
   349  				require.Error(t, err)
   350  			}
   351  		})
   352  	}
   353  }
   354  
   355  func TestOAuthCredentialDataInput_Validate_ClientID(t *testing.T) {
   356  	testCases := []struct {
   357  		Name          string
   358  		Value         string
   359  		ExpectedValid bool
   360  	}{
   361  		{
   362  			Name:          "ExpectedValid",
   363  			Value:         "John.2h2kj2k5gw6j3h5gjk34hg-g:0",
   364  			ExpectedValid: true,
   365  		},
   366  		{
   367  			Name:          "Invalid - Empty string",
   368  			Value:         inputvalidationtest.EmptyString,
   369  			ExpectedValid: false,
   370  		},
   371  	}
   372  
   373  	for _, testCase := range testCases {
   374  		t.Run(testCase.Name, func(t *testing.T) {
   375  			//GIVEN
   376  			sut := fixValidOAuthCredentialDataInput()
   377  			sut.ClientID = testCase.Value
   378  			// WHEN
   379  			err := sut.Validate()
   380  			// THEN
   381  			if testCase.ExpectedValid {
   382  				require.NoError(t, err)
   383  			} else {
   384  				require.Error(t, err)
   385  			}
   386  		})
   387  	}
   388  }
   389  
   390  func TestOAuthCredentialDataInput_Validate_ClientSecret(t *testing.T) {
   391  	testCases := []struct {
   392  		Name          string
   393  		Value         string
   394  		ExpectedValid bool
   395  	}{
   396  		{
   397  			Name:          "ExpectedValid",
   398  			Value:         "Doe.2h2kj2k5gw6j3h5gjk34hg-g:0",
   399  			ExpectedValid: true,
   400  		},
   401  		{
   402  			Name:          "Invalid - Empty string",
   403  			Value:         inputvalidationtest.EmptyString,
   404  			ExpectedValid: false,
   405  		},
   406  	}
   407  
   408  	for _, testCase := range testCases {
   409  		t.Run(testCase.Name, func(t *testing.T) {
   410  			//GIVEN
   411  			sut := fixValidOAuthCredentialDataInput()
   412  			sut.ClientSecret = testCase.Value
   413  			// WHEN
   414  			err := sut.Validate()
   415  			// THEN
   416  			if testCase.ExpectedValid {
   417  				require.NoError(t, err)
   418  			} else {
   419  				require.Error(t, err)
   420  			}
   421  		})
   422  	}
   423  }
   424  
   425  func TestOAuthCredentialDataInput_Validate_URL(t *testing.T) {
   426  	testCases := []struct {
   427  		Name          string
   428  		Value         string
   429  		ExpectedValid bool
   430  	}{
   431  		{
   432  			Name:          "ExpectedValid",
   433  			Value:         inputvalidationtest.ValidURL,
   434  			ExpectedValid: true,
   435  		},
   436  		{
   437  			Name:          "Invalid - Empty string",
   438  			Value:         inputvalidationtest.EmptyString,
   439  			ExpectedValid: false,
   440  		},
   441  		{
   442  			Name:          "Invalid - Invalid URL",
   443  			Value:         inputvalidationtest.InvalidURL,
   444  			ExpectedValid: false,
   445  		},
   446  	}
   447  
   448  	for _, testCase := range testCases {
   449  		t.Run(testCase.Name, func(t *testing.T) {
   450  			//GIVEN
   451  			sut := fixValidOAuthCredentialDataInput()
   452  			sut.URL = testCase.Value
   453  			// WHEN
   454  			err := sut.Validate()
   455  			// THEN
   456  			if testCase.ExpectedValid {
   457  				require.NoError(t, err)
   458  			} else {
   459  				require.Error(t, err)
   460  			}
   461  		})
   462  	}
   463  }
   464  
   465  func TestCredentialRequestAuthInput_Validate(t *testing.T) {
   466  	csrf := fixValidCSRFTokenCredentialRequestAuthInput()
   467  	testCases := []struct {
   468  		Name          string
   469  		Value         *graphql.CredentialRequestAuthInput
   470  		ExpectedValid bool
   471  	}{
   472  		{
   473  			Name: "ExpectedValid",
   474  			Value: &graphql.CredentialRequestAuthInput{
   475  				Csrf: &csrf,
   476  			},
   477  			ExpectedValid: true,
   478  		},
   479  		{
   480  			Name: "Invalid - no auth provided",
   481  			Value: &graphql.CredentialRequestAuthInput{
   482  				Csrf: nil,
   483  			},
   484  			ExpectedValid: false,
   485  		},
   486  		{
   487  			Name: "Invalid - Nested validation error",
   488  			Value: &graphql.CredentialRequestAuthInput{
   489  				Csrf: &graphql.CSRFTokenCredentialRequestAuthInput{},
   490  			},
   491  			ExpectedValid: false,
   492  		},
   493  	}
   494  
   495  	for _, testCase := range testCases {
   496  		t.Run(testCase.Name, func(t *testing.T) {
   497  			//GIVEN
   498  			sut := testCase.Value
   499  			// WHEN
   500  			err := sut.Validate()
   501  			// THEN
   502  			if testCase.ExpectedValid {
   503  				require.NoError(t, err)
   504  			} else {
   505  				require.Error(t, err)
   506  			}
   507  		})
   508  	}
   509  }
   510  
   511  func TestCSRFTokenCredentialRequestAuthInput_Validate_Credential(t *testing.T) {
   512  	credential := fixValidCredentialDataInput()
   513  
   514  	testCases := []struct {
   515  		Name          string
   516  		Value         *graphql.CredentialDataInput
   517  		ExpectedValid bool
   518  	}{
   519  		{
   520  			Name:          "ExpectedValid",
   521  			Value:         &credential,
   522  			ExpectedValid: true,
   523  		},
   524  		{
   525  			Name:          "Valid - empty",
   526  			Value:         nil,
   527  			ExpectedValid: true,
   528  		},
   529  		{
   530  			Name: "Invalid - nested validation error",
   531  			Value: &graphql.CredentialDataInput{
   532  				Basic: nil,
   533  				Oauth: nil,
   534  			},
   535  			ExpectedValid: false,
   536  		},
   537  	}
   538  
   539  	for _, testCase := range testCases {
   540  		t.Run(testCase.Name, func(t *testing.T) {
   541  			//GIVEN
   542  			sut := fixValidCSRFTokenCredentialRequestAuthInput()
   543  			sut.Credential = testCase.Value
   544  			// WHEN
   545  			err := sut.Validate()
   546  			// THEN
   547  			if testCase.ExpectedValid {
   548  				require.NoError(t, err)
   549  			} else {
   550  				require.Error(t, err)
   551  			}
   552  		})
   553  	}
   554  }
   555  
   556  func TestCSRFTokenCredentialRequestAuthInput_Validate_AdditionalHeaders(t *testing.T) {
   557  	testCases := []struct {
   558  		Name          string
   559  		Value         graphql.HTTPHeaders
   560  		ExpectedValid bool
   561  	}{
   562  		{
   563  			Name: "ExpectedValid",
   564  			Value: graphql.HTTPHeaders{
   565  				"Authorization": {"test", "asdf"},
   566  				"Test":          {"test", "asdf"},
   567  			},
   568  			ExpectedValid: true,
   569  		},
   570  		{
   571  			Name:          "ExpectedValid - nil",
   572  			Value:         nil,
   573  			ExpectedValid: true,
   574  		},
   575  		{
   576  			Name: "Invalid - empty key",
   577  			Value: graphql.HTTPHeaders{
   578  				inputvalidationtest.EmptyString: {"test"},
   579  			},
   580  			ExpectedValid: false,
   581  		},
   582  		{
   583  			Name: "Invalid - nil value",
   584  			Value: graphql.HTTPHeaders{
   585  				"test": nil,
   586  			},
   587  			ExpectedValid: false,
   588  		},
   589  		{
   590  			Name: "Invalid - empty slice element",
   591  			Value: graphql.HTTPHeaders{
   592  				"test": {inputvalidationtest.EmptyString},
   593  			},
   594  			ExpectedValid: false,
   595  		},
   596  	}
   597  
   598  	for _, testCase := range testCases {
   599  		t.Run(testCase.Name, func(t *testing.T) {
   600  			//GIVEN
   601  			sut := fixValidCSRFTokenCredentialRequestAuthInput()
   602  			sut.AdditionalHeaders = testCase.Value
   603  			// WHEN
   604  			err := sut.Validate()
   605  			// THEN
   606  			if testCase.ExpectedValid {
   607  				require.NoError(t, err)
   608  			} else {
   609  				require.Error(t, err)
   610  			}
   611  		})
   612  	}
   613  }
   614  
   615  func TestCSRFTokenCredentialRequestAuthInput_Validate_AdditionalQueryParams(t *testing.T) {
   616  	testCases := []struct {
   617  		Name          string
   618  		Value         graphql.QueryParams
   619  		ExpectedValid bool
   620  	}{
   621  		{
   622  			Name: "ExpectedValid",
   623  			Value: graphql.QueryParams{
   624  				"Param": {"test", "asdf"},
   625  				"Test":  {"test", "asdf"},
   626  			},
   627  			ExpectedValid: true,
   628  		},
   629  		{
   630  			Name:          "ExpectedValid - nil",
   631  			Value:         nil,
   632  			ExpectedValid: true,
   633  		},
   634  		{
   635  			Name: "Invalid - empty key",
   636  			Value: graphql.QueryParams{
   637  				inputvalidationtest.EmptyString: {"test"},
   638  			},
   639  			ExpectedValid: false,
   640  		},
   641  		{
   642  			Name: "Invalid - nil value",
   643  			Value: graphql.QueryParams{
   644  				"test": nil,
   645  			},
   646  			ExpectedValid: false,
   647  		},
   648  		{
   649  			Name: "Invalid - empty slice element",
   650  			Value: graphql.QueryParams{
   651  				"test": {inputvalidationtest.EmptyString},
   652  			},
   653  			ExpectedValid: false,
   654  		},
   655  	}
   656  
   657  	for _, testCase := range testCases {
   658  		t.Run(testCase.Name, func(t *testing.T) {
   659  			//GIVEN
   660  			sut := fixValidCSRFTokenCredentialRequestAuthInput()
   661  			sut.AdditionalQueryParams = testCase.Value
   662  			// WHEN
   663  			err := sut.Validate()
   664  			// THEN
   665  			if testCase.ExpectedValid {
   666  				require.NoError(t, err)
   667  			} else {
   668  				require.Error(t, err)
   669  			}
   670  		})
   671  	}
   672  }
   673  
   674  func TestCSRFTokenCredentialRequestAuthInput_Validate_TokenEndpointURL(t *testing.T) {
   675  	testCases := []struct {
   676  		Name          string
   677  		Value         string
   678  		ExpectedValid bool
   679  	}{
   680  		{
   681  			Name:          "ExpectedValid",
   682  			Value:         inputvalidationtest.ValidURL,
   683  			ExpectedValid: true,
   684  		},
   685  		{
   686  			Name:          "Invalid - Empty string",
   687  			Value:         inputvalidationtest.EmptyString,
   688  			ExpectedValid: false,
   689  		},
   690  		{
   691  			Name:          "Invalid - Invalid URL",
   692  			Value:         inputvalidationtest.InvalidURL,
   693  			ExpectedValid: false,
   694  		},
   695  	}
   696  
   697  	for _, testCase := range testCases {
   698  		t.Run(testCase.Name, func(t *testing.T) {
   699  			//GIVEN
   700  			sut := fixValidCSRFTokenCredentialRequestAuthInput()
   701  			sut.TokenEndpointURL = testCase.Value
   702  			// WHEN
   703  			err := sut.Validate()
   704  			// THEN
   705  			if testCase.ExpectedValid {
   706  				require.NoError(t, err)
   707  			} else {
   708  				require.Error(t, err)
   709  			}
   710  		})
   711  	}
   712  }
   713  
   714  func fixValidAuthInput() graphql.AuthInput {
   715  	credential := fixValidCredentialDataInput()
   716  	return graphql.AuthInput{
   717  		Credential: &credential,
   718  	}
   719  }
   720  
   721  func fixValidCredentialDataInput() graphql.CredentialDataInput {
   722  	basic := fixValidBasicCredentialDataInput()
   723  	return graphql.CredentialDataInput{
   724  		Basic: &basic,
   725  		Oauth: nil,
   726  	}
   727  }
   728  
   729  func fixValidBasicCredentialDataInput() graphql.BasicCredentialDataInput {
   730  	return graphql.BasicCredentialDataInput{
   731  		Username: "John",
   732  		Password: "P3!@2sklasdjkfla",
   733  	}
   734  }
   735  
   736  func fixValidOAuthCredentialDataInput() graphql.OAuthCredentialDataInput {
   737  	return graphql.OAuthCredentialDataInput{
   738  		ClientID:     "client",
   739  		ClientSecret: "secret",
   740  		URL:          "http://valid.url",
   741  	}
   742  }
   743  
   744  func fixValidCredentialRequestAuthInput() graphql.CredentialRequestAuthInput {
   745  	csrf := fixValidCSRFTokenCredentialRequestAuthInput()
   746  	return graphql.CredentialRequestAuthInput{
   747  		Csrf: &csrf,
   748  	}
   749  }
   750  
   751  func fixValidCSRFTokenCredentialRequestAuthInput() graphql.CSRFTokenCredentialRequestAuthInput {
   752  	credential := fixValidCredentialDataInput()
   753  	return graphql.CSRFTokenCredentialRequestAuthInput{
   754  		TokenEndpointURL:      "http://valid.url",
   755  		Credential:            &credential,
   756  		AdditionalHeaders:     nil,
   757  		AdditionalQueryParams: nil,
   758  	}
   759  }