go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/auth/generator_test.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/auth/generator_test.go (about)

     1  // Copyright 2021 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package auth
    16  
    17  import (
    18  	"context"
    19  	"testing"
    20  	"time"
    21  
    22  	"go.chromium.org/luci/auth/internal"
    23  
    24  	. "github.com/smartystreets/goconvey/convey"
    25  )
    26  
    27  func TestTokenGenerator(t *testing.T) {
    28  	t.Parallel()
    29  
    30  	Convey("With TokenGenerator", t, func() {
    31  		ctx := context.Background()
    32  		provider := &fakeTokenProvider{
    33  			interactive: false,
    34  		}
    35  
    36  		gen := NewTokenGenerator(ctx, Options{
    37  			Method:                   ServiceAccountMethod, // to allow arbitrary scopes and audience
    38  			testingCache:             &internal.MemoryTokenCache{},
    39  			testingBaseTokenProvider: provider,
    40  		})
    41  
    42  		Convey("GenerateOAuthToken", func() {
    43  			tok, err := gen.GenerateOAuthToken(ctx, []string{"b", "a"}, time.Minute)
    44  			So(err, ShouldBeNil)
    45  			So(tok, ShouldNotBeNil)
    46  			So(tok.AccessToken, ShouldEqual, "some minted access token")
    47  
    48  			tok, err = gen.GenerateOAuthToken(ctx, []string{"a", "b"}, time.Minute)
    49  			So(err, ShouldBeNil)
    50  			So(tok, ShouldNotBeNil)
    51  
    52  			email, err := gen.GetEmail()
    53  			So(err, ShouldBeNil)
    54  			So(email, ShouldEqual, "some-email-minttoken@example.com")
    55  
    56  			// Created only one authenticator.
    57  			So(gen.authenticators, ShouldHaveLength, 1)
    58  
    59  			tok, err = gen.GenerateOAuthToken(ctx, []string{"a"}, time.Minute)
    60  			So(err, ShouldBeNil)
    61  			So(tok, ShouldNotBeNil)
    62  
    63  			// Created one more.
    64  			So(gen.authenticators, ShouldHaveLength, 2)
    65  		})
    66  
    67  		Convey("GenerateIDToken", func() {
    68  			provider.useIDTokens = true
    69  
    70  			tok, err := gen.GenerateIDToken(ctx, "aud_1", time.Minute)
    71  			So(err, ShouldBeNil)
    72  			So(tok, ShouldNotBeNil)
    73  			So(tok.AccessToken, ShouldEqual, "some minted ID token")
    74  
    75  			tok, err = gen.GenerateIDToken(ctx, "aud_1", time.Minute)
    76  			So(err, ShouldBeNil)
    77  			So(tok, ShouldNotBeNil)
    78  
    79  			email, err := gen.GetEmail()
    80  			So(err, ShouldBeNil)
    81  			So(email, ShouldEqual, "some-email-minttoken@example.com")
    82  
    83  			// Created only one authenticator.
    84  			So(gen.authenticators, ShouldHaveLength, 1)
    85  
    86  			tok, err = gen.GenerateIDToken(ctx, "aud_2", time.Minute)
    87  			So(err, ShouldBeNil)
    88  			So(tok, ShouldNotBeNil)
    89  
    90  			// Created one more.
    91  			So(gen.authenticators, ShouldHaveLength, 2)
    92  		})
    93  
    94  		Convey("GetEmail", func() {
    95  			email, err := gen.GetEmail()
    96  			So(err, ShouldBeNil)
    97  			So(email, ShouldEqual, "some-email-minttoken@example.com")
    98  		})
    99  	})
   100  }