github.com/kyma-incubator/compass/components/director@v0.0.0-20230623144113-d764f56ff805/pkg/graphql/auth_validation_test.go (about) 1 package graphql_test 2 3 import ( 4 "testing" 5 6 "github.com/kyma-incubator/compass/components/director/pkg/graphql" 7 "github.com/kyma-incubator/compass/components/director/pkg/inputvalidation/inputvalidationtest" 8 "github.com/stretchr/testify/require" 9 ) 10 11 func TestAuthInput_Validate_Credential(t *testing.T) { 12 credential := fixValidCredentialDataInput() 13 14 testCases := []struct { 15 Name string 16 Value *graphql.CredentialDataInput 17 ExpectedValid bool 18 }{ 19 { 20 Name: "ExpectedValid", 21 Value: &credential, 22 ExpectedValid: true, 23 }, 24 { 25 Name: "Empty", 26 Value: nil, 27 ExpectedValid: true, 28 }, 29 { 30 Name: "Invalid - nested validation error", 31 Value: &graphql.CredentialDataInput{}, 32 ExpectedValid: false, 33 }, 34 } 35 36 for _, testCase := range testCases { 37 t.Run(testCase.Name, func(t *testing.T) { 38 //GIVEN 39 sut := fixValidAuthInput() 40 sut.Credential = testCase.Value 41 // WHEN 42 err := sut.Validate() 43 // THEN 44 if testCase.ExpectedValid { 45 require.NoError(t, err) 46 } else { 47 require.Error(t, err) 48 } 49 }) 50 } 51 } 52 53 func TestAuthInput_Validate_AdditionalHeaders(t *testing.T) { 54 testCases := []struct { 55 Name string 56 Value graphql.HTTPHeaders 57 ExpectedValid bool 58 }{ 59 { 60 Name: "ExpectedValid", 61 Value: graphql.HTTPHeaders{ 62 "Authorization": {"test", "asdf"}, 63 "Test": {"test", "asdf"}, 64 }, 65 ExpectedValid: true, 66 }, 67 { 68 Name: "ExpectedValid - nil", 69 Value: nil, 70 ExpectedValid: true, 71 }, 72 { 73 Name: "Invalid - empty key", 74 Value: graphql.HTTPHeaders{ 75 inputvalidationtest.EmptyString: {"test"}, 76 }, 77 ExpectedValid: false, 78 }, 79 { 80 Name: "Invalid - nil value", 81 Value: graphql.HTTPHeaders{ 82 "test": nil, 83 }, 84 ExpectedValid: false, 85 }, 86 { 87 Name: "Invalid - empty slice element", 88 Value: graphql.HTTPHeaders{ 89 "test": {inputvalidationtest.EmptyString}, 90 }, 91 ExpectedValid: false, 92 }, 93 } 94 95 for _, testCase := range testCases { 96 t.Run(testCase.Name, func(t *testing.T) { 97 //GIVEN 98 sut := fixValidAuthInput() 99 sut.AdditionalHeaders = testCase.Value 100 // WHEN 101 err := sut.Validate() 102 // THEN 103 if testCase.ExpectedValid { 104 require.NoError(t, err) 105 } else { 106 require.Error(t, err) 107 } 108 }) 109 } 110 } 111 112 func TestAuthInput_Validate_AdditionalQueryParams(t *testing.T) { 113 testCases := []struct { 114 Name string 115 Value graphql.QueryParams 116 ExpectedValid bool 117 }{ 118 { 119 Name: "ExpectedValid", 120 Value: graphql.QueryParams{ 121 "Param": {"test", "asdf"}, 122 "Test": {"test", "asdf"}, 123 }, 124 ExpectedValid: true, 125 }, 126 { 127 Name: "ExpectedValid - nil", 128 Value: nil, 129 ExpectedValid: true, 130 }, 131 { 132 Name: "Invalid - empty key", 133 Value: graphql.QueryParams{ 134 inputvalidationtest.EmptyString: {"test"}, 135 }, 136 ExpectedValid: false, 137 }, 138 { 139 Name: "Invalid - nil value", 140 Value: graphql.QueryParams{ 141 "test": nil, 142 }, 143 ExpectedValid: false, 144 }, 145 { 146 Name: "Invalid - empty slice element", 147 Value: graphql.QueryParams{ 148 "test": {inputvalidationtest.EmptyString}, 149 }, 150 ExpectedValid: false, 151 }, 152 } 153 154 for _, testCase := range testCases { 155 t.Run(testCase.Name, func(t *testing.T) { 156 //GIVEN 157 sut := fixValidAuthInput() 158 sut.AdditionalQueryParams = testCase.Value 159 // WHEN 160 err := sut.Validate() 161 // THEN 162 if testCase.ExpectedValid { 163 require.NoError(t, err) 164 } else { 165 require.Error(t, err) 166 } 167 }) 168 } 169 } 170 171 func TestAuthInput_Validate_RequestAuth(t *testing.T) { 172 credRequest := fixValidCredentialRequestAuthInput() 173 testCases := []struct { 174 Name string 175 Value *graphql.CredentialRequestAuthInput 176 ExpectedValid bool 177 }{ 178 { 179 Name: "ExpectedValid", 180 Value: &credRequest, 181 ExpectedValid: true, 182 }, 183 { 184 Name: "ExpectedValid - nil", 185 Value: nil, 186 ExpectedValid: true, 187 }, 188 { 189 Name: "Invalid - no auth provided", 190 Value: &graphql.CredentialRequestAuthInput{ 191 Csrf: nil, 192 }, 193 ExpectedValid: false, 194 }, 195 { 196 Name: "Invalid - nested validation error", 197 Value: &graphql.CredentialRequestAuthInput{ 198 Csrf: &graphql.CSRFTokenCredentialRequestAuthInput{}, 199 }, 200 ExpectedValid: false, 201 }, 202 } 203 204 for _, testCase := range testCases { 205 t.Run(testCase.Name, func(t *testing.T) { 206 //GIVEN 207 sut := fixValidAuthInput() 208 sut.RequestAuth = testCase.Value 209 // WHEN 210 err := sut.Validate() 211 // THEN 212 if testCase.ExpectedValid { 213 require.NoError(t, err) 214 } else { 215 require.Error(t, err) 216 } 217 }) 218 } 219 } 220 221 func TestCredentialDataInput_Validate(t *testing.T) { 222 credential := fixValidCredentialDataInput() 223 basic := fixValidBasicCredentialDataInput() 224 oauth := fixValidOAuthCredentialDataInput() 225 226 testCases := []struct { 227 Name string 228 Value *graphql.CredentialDataInput 229 ExpectedValid bool 230 }{ 231 { 232 Name: "ExpectedValid", 233 Value: &credential, 234 ExpectedValid: true, 235 }, 236 { 237 Name: "Invalid - no auth provided", 238 Value: &graphql.CredentialDataInput{ 239 Basic: nil, 240 Oauth: nil, 241 }, 242 ExpectedValid: false, 243 }, 244 { 245 Name: "Invalid - multiple auths provided", 246 Value: &graphql.CredentialDataInput{ 247 Basic: &basic, 248 Oauth: &oauth, 249 }, 250 ExpectedValid: false, 251 }, 252 { 253 Name: "Invalid - nested validation error in Basic", 254 Value: &graphql.CredentialDataInput{ 255 Basic: &graphql.BasicCredentialDataInput{}, 256 }, 257 ExpectedValid: false, 258 }, 259 { 260 Name: "Invalid - nested validation error in Oauth", 261 Value: &graphql.CredentialDataInput{ 262 Oauth: &graphql.OAuthCredentialDataInput{}, 263 }, 264 ExpectedValid: false, 265 }, 266 } 267 268 for _, testCase := range testCases { 269 t.Run(testCase.Name, func(t *testing.T) { 270 //GIVEN 271 sut := fixValidAuthInput() 272 sut.Credential = testCase.Value 273 // WHEN 274 err := sut.Validate() 275 // THEN 276 if testCase.ExpectedValid { 277 require.NoError(t, err) 278 } else { 279 require.Error(t, err) 280 } 281 }) 282 } 283 } 284 285 func TestBasicCredentialDataInput_Validate_Username(t *testing.T) { 286 testCases := []struct { 287 Name string 288 Value string 289 ExpectedValid bool 290 }{ 291 { 292 Name: "ExpectedValid", 293 Value: "John", 294 ExpectedValid: true, 295 }, 296 { 297 Name: "Invalid - Empty string", 298 Value: inputvalidationtest.EmptyString, 299 ExpectedValid: false, 300 }, 301 } 302 303 for _, testCase := range testCases { 304 t.Run(testCase.Name, func(t *testing.T) { 305 //GIVEN 306 sut := fixValidBasicCredentialDataInput() 307 sut.Username = testCase.Value 308 // WHEN 309 err := sut.Validate() 310 // THEN 311 if testCase.ExpectedValid { 312 require.NoError(t, err) 313 } else { 314 require.Error(t, err) 315 } 316 }) 317 } 318 } 319 320 func TestBasicCredentialDataInput_Validate_Password(t *testing.T) { 321 testCases := []struct { 322 Name string 323 Value string 324 ExpectedValid bool 325 }{ 326 { 327 Name: "ExpectedValid", 328 Value: "John", 329 ExpectedValid: true, 330 }, 331 { 332 Name: "Invalid - Empty string", 333 Value: inputvalidationtest.EmptyString, 334 ExpectedValid: false, 335 }, 336 } 337 338 for _, testCase := range testCases { 339 t.Run(testCase.Name, func(t *testing.T) { 340 //GIVEN 341 sut := fixValidBasicCredentialDataInput() 342 sut.Password = testCase.Value 343 // WHEN 344 err := sut.Validate() 345 // THEN 346 if testCase.ExpectedValid { 347 require.NoError(t, err) 348 } else { 349 require.Error(t, err) 350 } 351 }) 352 } 353 } 354 355 func TestOAuthCredentialDataInput_Validate_ClientID(t *testing.T) { 356 testCases := []struct { 357 Name string 358 Value string 359 ExpectedValid bool 360 }{ 361 { 362 Name: "ExpectedValid", 363 Value: "John.2h2kj2k5gw6j3h5gjk34hg-g:0", 364 ExpectedValid: true, 365 }, 366 { 367 Name: "Invalid - Empty string", 368 Value: inputvalidationtest.EmptyString, 369 ExpectedValid: false, 370 }, 371 } 372 373 for _, testCase := range testCases { 374 t.Run(testCase.Name, func(t *testing.T) { 375 //GIVEN 376 sut := fixValidOAuthCredentialDataInput() 377 sut.ClientID = testCase.Value 378 // WHEN 379 err := sut.Validate() 380 // THEN 381 if testCase.ExpectedValid { 382 require.NoError(t, err) 383 } else { 384 require.Error(t, err) 385 } 386 }) 387 } 388 } 389 390 func TestOAuthCredentialDataInput_Validate_ClientSecret(t *testing.T) { 391 testCases := []struct { 392 Name string 393 Value string 394 ExpectedValid bool 395 }{ 396 { 397 Name: "ExpectedValid", 398 Value: "Doe.2h2kj2k5gw6j3h5gjk34hg-g:0", 399 ExpectedValid: true, 400 }, 401 { 402 Name: "Invalid - Empty string", 403 Value: inputvalidationtest.EmptyString, 404 ExpectedValid: false, 405 }, 406 } 407 408 for _, testCase := range testCases { 409 t.Run(testCase.Name, func(t *testing.T) { 410 //GIVEN 411 sut := fixValidOAuthCredentialDataInput() 412 sut.ClientSecret = testCase.Value 413 // WHEN 414 err := sut.Validate() 415 // THEN 416 if testCase.ExpectedValid { 417 require.NoError(t, err) 418 } else { 419 require.Error(t, err) 420 } 421 }) 422 } 423 } 424 425 func TestOAuthCredentialDataInput_Validate_URL(t *testing.T) { 426 testCases := []struct { 427 Name string 428 Value string 429 ExpectedValid bool 430 }{ 431 { 432 Name: "ExpectedValid", 433 Value: inputvalidationtest.ValidURL, 434 ExpectedValid: true, 435 }, 436 { 437 Name: "Invalid - Empty string", 438 Value: inputvalidationtest.EmptyString, 439 ExpectedValid: false, 440 }, 441 { 442 Name: "Invalid - Invalid URL", 443 Value: inputvalidationtest.InvalidURL, 444 ExpectedValid: false, 445 }, 446 } 447 448 for _, testCase := range testCases { 449 t.Run(testCase.Name, func(t *testing.T) { 450 //GIVEN 451 sut := fixValidOAuthCredentialDataInput() 452 sut.URL = testCase.Value 453 // WHEN 454 err := sut.Validate() 455 // THEN 456 if testCase.ExpectedValid { 457 require.NoError(t, err) 458 } else { 459 require.Error(t, err) 460 } 461 }) 462 } 463 } 464 465 func TestCredentialRequestAuthInput_Validate(t *testing.T) { 466 csrf := fixValidCSRFTokenCredentialRequestAuthInput() 467 testCases := []struct { 468 Name string 469 Value *graphql.CredentialRequestAuthInput 470 ExpectedValid bool 471 }{ 472 { 473 Name: "ExpectedValid", 474 Value: &graphql.CredentialRequestAuthInput{ 475 Csrf: &csrf, 476 }, 477 ExpectedValid: true, 478 }, 479 { 480 Name: "Invalid - no auth provided", 481 Value: &graphql.CredentialRequestAuthInput{ 482 Csrf: nil, 483 }, 484 ExpectedValid: false, 485 }, 486 { 487 Name: "Invalid - Nested validation error", 488 Value: &graphql.CredentialRequestAuthInput{ 489 Csrf: &graphql.CSRFTokenCredentialRequestAuthInput{}, 490 }, 491 ExpectedValid: false, 492 }, 493 } 494 495 for _, testCase := range testCases { 496 t.Run(testCase.Name, func(t *testing.T) { 497 //GIVEN 498 sut := testCase.Value 499 // WHEN 500 err := sut.Validate() 501 // THEN 502 if testCase.ExpectedValid { 503 require.NoError(t, err) 504 } else { 505 require.Error(t, err) 506 } 507 }) 508 } 509 } 510 511 func TestCSRFTokenCredentialRequestAuthInput_Validate_Credential(t *testing.T) { 512 credential := fixValidCredentialDataInput() 513 514 testCases := []struct { 515 Name string 516 Value *graphql.CredentialDataInput 517 ExpectedValid bool 518 }{ 519 { 520 Name: "ExpectedValid", 521 Value: &credential, 522 ExpectedValid: true, 523 }, 524 { 525 Name: "Valid - empty", 526 Value: nil, 527 ExpectedValid: true, 528 }, 529 { 530 Name: "Invalid - nested validation error", 531 Value: &graphql.CredentialDataInput{ 532 Basic: nil, 533 Oauth: nil, 534 }, 535 ExpectedValid: false, 536 }, 537 } 538 539 for _, testCase := range testCases { 540 t.Run(testCase.Name, func(t *testing.T) { 541 //GIVEN 542 sut := fixValidCSRFTokenCredentialRequestAuthInput() 543 sut.Credential = testCase.Value 544 // WHEN 545 err := sut.Validate() 546 // THEN 547 if testCase.ExpectedValid { 548 require.NoError(t, err) 549 } else { 550 require.Error(t, err) 551 } 552 }) 553 } 554 } 555 556 func TestCSRFTokenCredentialRequestAuthInput_Validate_AdditionalHeaders(t *testing.T) { 557 testCases := []struct { 558 Name string 559 Value graphql.HTTPHeaders 560 ExpectedValid bool 561 }{ 562 { 563 Name: "ExpectedValid", 564 Value: graphql.HTTPHeaders{ 565 "Authorization": {"test", "asdf"}, 566 "Test": {"test", "asdf"}, 567 }, 568 ExpectedValid: true, 569 }, 570 { 571 Name: "ExpectedValid - nil", 572 Value: nil, 573 ExpectedValid: true, 574 }, 575 { 576 Name: "Invalid - empty key", 577 Value: graphql.HTTPHeaders{ 578 inputvalidationtest.EmptyString: {"test"}, 579 }, 580 ExpectedValid: false, 581 }, 582 { 583 Name: "Invalid - nil value", 584 Value: graphql.HTTPHeaders{ 585 "test": nil, 586 }, 587 ExpectedValid: false, 588 }, 589 { 590 Name: "Invalid - empty slice element", 591 Value: graphql.HTTPHeaders{ 592 "test": {inputvalidationtest.EmptyString}, 593 }, 594 ExpectedValid: false, 595 }, 596 } 597 598 for _, testCase := range testCases { 599 t.Run(testCase.Name, func(t *testing.T) { 600 //GIVEN 601 sut := fixValidCSRFTokenCredentialRequestAuthInput() 602 sut.AdditionalHeaders = testCase.Value 603 // WHEN 604 err := sut.Validate() 605 // THEN 606 if testCase.ExpectedValid { 607 require.NoError(t, err) 608 } else { 609 require.Error(t, err) 610 } 611 }) 612 } 613 } 614 615 func TestCSRFTokenCredentialRequestAuthInput_Validate_AdditionalQueryParams(t *testing.T) { 616 testCases := []struct { 617 Name string 618 Value graphql.QueryParams 619 ExpectedValid bool 620 }{ 621 { 622 Name: "ExpectedValid", 623 Value: graphql.QueryParams{ 624 "Param": {"test", "asdf"}, 625 "Test": {"test", "asdf"}, 626 }, 627 ExpectedValid: true, 628 }, 629 { 630 Name: "ExpectedValid - nil", 631 Value: nil, 632 ExpectedValid: true, 633 }, 634 { 635 Name: "Invalid - empty key", 636 Value: graphql.QueryParams{ 637 inputvalidationtest.EmptyString: {"test"}, 638 }, 639 ExpectedValid: false, 640 }, 641 { 642 Name: "Invalid - nil value", 643 Value: graphql.QueryParams{ 644 "test": nil, 645 }, 646 ExpectedValid: false, 647 }, 648 { 649 Name: "Invalid - empty slice element", 650 Value: graphql.QueryParams{ 651 "test": {inputvalidationtest.EmptyString}, 652 }, 653 ExpectedValid: false, 654 }, 655 } 656 657 for _, testCase := range testCases { 658 t.Run(testCase.Name, func(t *testing.T) { 659 //GIVEN 660 sut := fixValidCSRFTokenCredentialRequestAuthInput() 661 sut.AdditionalQueryParams = testCase.Value 662 // WHEN 663 err := sut.Validate() 664 // THEN 665 if testCase.ExpectedValid { 666 require.NoError(t, err) 667 } else { 668 require.Error(t, err) 669 } 670 }) 671 } 672 } 673 674 func TestCSRFTokenCredentialRequestAuthInput_Validate_TokenEndpointURL(t *testing.T) { 675 testCases := []struct { 676 Name string 677 Value string 678 ExpectedValid bool 679 }{ 680 { 681 Name: "ExpectedValid", 682 Value: inputvalidationtest.ValidURL, 683 ExpectedValid: true, 684 }, 685 { 686 Name: "Invalid - Empty string", 687 Value: inputvalidationtest.EmptyString, 688 ExpectedValid: false, 689 }, 690 { 691 Name: "Invalid - Invalid URL", 692 Value: inputvalidationtest.InvalidURL, 693 ExpectedValid: false, 694 }, 695 } 696 697 for _, testCase := range testCases { 698 t.Run(testCase.Name, func(t *testing.T) { 699 //GIVEN 700 sut := fixValidCSRFTokenCredentialRequestAuthInput() 701 sut.TokenEndpointURL = testCase.Value 702 // WHEN 703 err := sut.Validate() 704 // THEN 705 if testCase.ExpectedValid { 706 require.NoError(t, err) 707 } else { 708 require.Error(t, err) 709 } 710 }) 711 } 712 } 713 714 func fixValidAuthInput() graphql.AuthInput { 715 credential := fixValidCredentialDataInput() 716 return graphql.AuthInput{ 717 Credential: &credential, 718 } 719 } 720 721 func fixValidCredentialDataInput() graphql.CredentialDataInput { 722 basic := fixValidBasicCredentialDataInput() 723 return graphql.CredentialDataInput{ 724 Basic: &basic, 725 Oauth: nil, 726 } 727 } 728 729 func fixValidBasicCredentialDataInput() graphql.BasicCredentialDataInput { 730 return graphql.BasicCredentialDataInput{ 731 Username: "John", 732 Password: "P3!@2sklasdjkfla", 733 } 734 } 735 736 func fixValidOAuthCredentialDataInput() graphql.OAuthCredentialDataInput { 737 return graphql.OAuthCredentialDataInput{ 738 ClientID: "client", 739 ClientSecret: "secret", 740 URL: "http://valid.url", 741 } 742 } 743 744 func fixValidCredentialRequestAuthInput() graphql.CredentialRequestAuthInput { 745 csrf := fixValidCSRFTokenCredentialRequestAuthInput() 746 return graphql.CredentialRequestAuthInput{ 747 Csrf: &csrf, 748 } 749 } 750 751 func fixValidCSRFTokenCredentialRequestAuthInput() graphql.CSRFTokenCredentialRequestAuthInput { 752 credential := fixValidCredentialDataInput() 753 return graphql.CSRFTokenCredentialRequestAuthInput{ 754 TokenEndpointURL: "http://valid.url", 755 Credential: &credential, 756 AdditionalHeaders: nil, 757 AdditionalQueryParams: nil, 758 } 759 }