github.com/pusher/oauth2_proxy@v3.2.0+incompatible/providers/azure_test.go (about) 1 package providers 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "net/url" 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func testAzureProvider(hostname string) *AzureProvider { 13 p := NewAzureProvider( 14 &ProviderData{ 15 ProviderName: "", 16 LoginURL: &url.URL{}, 17 RedeemURL: &url.URL{}, 18 ProfileURL: &url.URL{}, 19 ValidateURL: &url.URL{}, 20 ProtectedResource: &url.URL{}, 21 Scope: ""}) 22 if hostname != "" { 23 updateURL(p.Data().LoginURL, hostname) 24 updateURL(p.Data().RedeemURL, hostname) 25 updateURL(p.Data().ProfileURL, hostname) 26 updateURL(p.Data().ValidateURL, hostname) 27 updateURL(p.Data().ProtectedResource, hostname) 28 } 29 return p 30 } 31 32 func TestAzureProviderDefaults(t *testing.T) { 33 p := testAzureProvider("") 34 assert.NotEqual(t, nil, p) 35 p.Configure("") 36 assert.Equal(t, "Azure", p.Data().ProviderName) 37 assert.Equal(t, "common", p.Tenant) 38 assert.Equal(t, "https://login.microsoftonline.com/common/oauth2/authorize", 39 p.Data().LoginURL.String()) 40 assert.Equal(t, "https://login.microsoftonline.com/common/oauth2/token", 41 p.Data().RedeemURL.String()) 42 assert.Equal(t, "https://graph.windows.net/me?api-version=1.6", 43 p.Data().ProfileURL.String()) 44 assert.Equal(t, "https://graph.windows.net", 45 p.Data().ProtectedResource.String()) 46 assert.Equal(t, "", 47 p.Data().ValidateURL.String()) 48 assert.Equal(t, "openid", p.Data().Scope) 49 } 50 51 func TestAzureProviderOverrides(t *testing.T) { 52 p := NewAzureProvider( 53 &ProviderData{ 54 LoginURL: &url.URL{ 55 Scheme: "https", 56 Host: "example.com", 57 Path: "/oauth/auth"}, 58 RedeemURL: &url.URL{ 59 Scheme: "https", 60 Host: "example.com", 61 Path: "/oauth/token"}, 62 ProfileURL: &url.URL{ 63 Scheme: "https", 64 Host: "example.com", 65 Path: "/oauth/profile"}, 66 ValidateURL: &url.URL{ 67 Scheme: "https", 68 Host: "example.com", 69 Path: "/oauth/tokeninfo"}, 70 ProtectedResource: &url.URL{ 71 Scheme: "https", 72 Host: "example.com"}, 73 Scope: "profile"}) 74 assert.NotEqual(t, nil, p) 75 assert.Equal(t, "Azure", p.Data().ProviderName) 76 assert.Equal(t, "https://example.com/oauth/auth", 77 p.Data().LoginURL.String()) 78 assert.Equal(t, "https://example.com/oauth/token", 79 p.Data().RedeemURL.String()) 80 assert.Equal(t, "https://example.com/oauth/profile", 81 p.Data().ProfileURL.String()) 82 assert.Equal(t, "https://example.com/oauth/tokeninfo", 83 p.Data().ValidateURL.String()) 84 assert.Equal(t, "https://example.com", 85 p.Data().ProtectedResource.String()) 86 assert.Equal(t, "profile", p.Data().Scope) 87 } 88 89 func TestAzureSetTenant(t *testing.T) { 90 p := testAzureProvider("") 91 p.Configure("example") 92 assert.Equal(t, "Azure", p.Data().ProviderName) 93 assert.Equal(t, "example", p.Tenant) 94 assert.Equal(t, "https://login.microsoftonline.com/example/oauth2/authorize", 95 p.Data().LoginURL.String()) 96 assert.Equal(t, "https://login.microsoftonline.com/example/oauth2/token", 97 p.Data().RedeemURL.String()) 98 assert.Equal(t, "https://graph.windows.net/me?api-version=1.6", 99 p.Data().ProfileURL.String()) 100 assert.Equal(t, "https://graph.windows.net", 101 p.Data().ProtectedResource.String()) 102 assert.Equal(t, "", 103 p.Data().ValidateURL.String()) 104 assert.Equal(t, "openid", p.Data().Scope) 105 } 106 107 func testAzureBackend(payload string) *httptest.Server { 108 path := "/me" 109 query := "api-version=1.6" 110 111 return httptest.NewServer(http.HandlerFunc( 112 func(w http.ResponseWriter, r *http.Request) { 113 if r.URL.Path != path || r.URL.RawQuery != query { 114 w.WriteHeader(404) 115 } else if r.Header.Get("Authorization") != "Bearer imaginary_access_token" { 116 w.WriteHeader(403) 117 } else { 118 w.WriteHeader(200) 119 w.Write([]byte(payload)) 120 } 121 })) 122 } 123 124 func TestAzureProviderGetEmailAddress(t *testing.T) { 125 b := testAzureBackend(`{ "mail": "user@windows.net" }`) 126 defer b.Close() 127 128 bURL, _ := url.Parse(b.URL) 129 p := testAzureProvider(bURL.Host) 130 131 session := &SessionState{AccessToken: "imaginary_access_token"} 132 email, err := p.GetEmailAddress(session) 133 assert.Equal(t, nil, err) 134 assert.Equal(t, "user@windows.net", email) 135 } 136 137 func TestAzureProviderGetEmailAddressMailNull(t *testing.T) { 138 b := testAzureBackend(`{ "mail": null, "otherMails": ["user@windows.net", "altuser@windows.net"] }`) 139 defer b.Close() 140 141 bURL, _ := url.Parse(b.URL) 142 p := testAzureProvider(bURL.Host) 143 144 session := &SessionState{AccessToken: "imaginary_access_token"} 145 email, err := p.GetEmailAddress(session) 146 assert.Equal(t, nil, err) 147 assert.Equal(t, "user@windows.net", email) 148 } 149 150 func TestAzureProviderGetEmailAddressGetUserPrincipalName(t *testing.T) { 151 b := testAzureBackend(`{ "mail": null, "otherMails": [], "userPrincipalName": "user@windows.net" }`) 152 defer b.Close() 153 154 bURL, _ := url.Parse(b.URL) 155 p := testAzureProvider(bURL.Host) 156 157 session := &SessionState{AccessToken: "imaginary_access_token"} 158 email, err := p.GetEmailAddress(session) 159 assert.Equal(t, nil, err) 160 assert.Equal(t, "user@windows.net", email) 161 } 162 163 func TestAzureProviderGetEmailAddressFailToGetEmailAddress(t *testing.T) { 164 b := testAzureBackend(`{ "mail": null, "otherMails": [], "userPrincipalName": null }`) 165 defer b.Close() 166 167 bURL, _ := url.Parse(b.URL) 168 p := testAzureProvider(bURL.Host) 169 170 session := &SessionState{AccessToken: "imaginary_access_token"} 171 email, err := p.GetEmailAddress(session) 172 assert.Equal(t, "type assertion to string failed", err.Error()) 173 assert.Equal(t, "", email) 174 } 175 176 func TestAzureProviderGetEmailAddressEmptyUserPrincipalName(t *testing.T) { 177 b := testAzureBackend(`{ "mail": null, "otherMails": [], "userPrincipalName": "" }`) 178 defer b.Close() 179 180 bURL, _ := url.Parse(b.URL) 181 p := testAzureProvider(bURL.Host) 182 183 session := &SessionState{AccessToken: "imaginary_access_token"} 184 email, err := p.GetEmailAddress(session) 185 assert.Equal(t, nil, err) 186 assert.Equal(t, "", email) 187 } 188 189 func TestAzureProviderGetEmailAddressIncorrectOtherMails(t *testing.T) { 190 b := testAzureBackend(`{ "mail": null, "otherMails": "", "userPrincipalName": null }`) 191 defer b.Close() 192 193 bURL, _ := url.Parse(b.URL) 194 p := testAzureProvider(bURL.Host) 195 196 session := &SessionState{AccessToken: "imaginary_access_token"} 197 email, err := p.GetEmailAddress(session) 198 assert.Equal(t, "type assertion to string failed", err.Error()) 199 assert.Equal(t, "", email) 200 }