2021-05-04 22:06:05 +00:00
|
|
|
package oidc
|
|
|
|
|
2022-04-12 03:02:12 +00:00
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
|
|
|
|
2023-04-13 10:58:18 +00:00
|
|
|
"github.com/ory/fosite"
|
2022-04-12 03:02:12 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"github.com/authelia/authelia/v4/internal/authorization"
|
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
|
|
)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
|
|
|
func TestOpenIDConnectStore_GetClientPolicy(t *testing.T) {
|
2022-11-13 03:26:10 +00:00
|
|
|
s := NewStore(&schema.OpenIDConnectConfiguration{
|
2022-10-02 02:07:40 +00:00
|
|
|
IssuerCertificateChain: schema.X509CertificateChain{},
|
2023-04-19 04:24:05 +00:00
|
|
|
IssuerPrivateKey: keyRSA2048,
|
2021-05-04 22:06:05 +00:00
|
|
|
Clients: []schema.OpenIDConnectClientConfiguration{
|
|
|
|
{
|
2023-04-13 10:58:18 +00:00
|
|
|
ID: myclient,
|
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: onefactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
ID: "myotherclient",
|
2023-04-13 10:58:18 +00:00
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: twofactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
},
|
|
|
|
},
|
2022-04-12 03:02:12 +00:00
|
|
|
}, nil)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2023-04-13 10:58:18 +00:00
|
|
|
policyOne := s.GetClientPolicy(myclient)
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.Equal(t, authorization.OneFactor, policyOne)
|
|
|
|
|
|
|
|
policyTwo := s.GetClientPolicy("myotherclient")
|
|
|
|
assert.Equal(t, authorization.TwoFactor, policyTwo)
|
|
|
|
|
|
|
|
policyInvalid := s.GetClientPolicy("invalidclient")
|
|
|
|
assert.Equal(t, authorization.TwoFactor, policyInvalid)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestOpenIDConnectStore_GetInternalClient(t *testing.T) {
|
2022-11-13 03:26:10 +00:00
|
|
|
s := NewStore(&schema.OpenIDConnectConfiguration{
|
2022-10-02 02:07:40 +00:00
|
|
|
IssuerCertificateChain: schema.X509CertificateChain{},
|
2023-04-19 04:24:05 +00:00
|
|
|
IssuerPrivateKey: keyRSA2048,
|
2021-05-04 22:06:05 +00:00
|
|
|
Clients: []schema.OpenIDConnectClientConfiguration{
|
|
|
|
{
|
2023-04-13 10:58:18 +00:00
|
|
|
ID: myclient,
|
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: onefactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
},
|
|
|
|
},
|
2022-04-12 03:02:12 +00:00
|
|
|
}, nil)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
|
|
|
client, err := s.GetClient(context.Background(), "myinvalidclient")
|
2023-04-08 04:48:55 +00:00
|
|
|
assert.EqualError(t, err, "invalid_client")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.Nil(t, client)
|
|
|
|
|
2023-04-13 10:58:18 +00:00
|
|
|
client, err = s.GetClient(context.Background(), myclient)
|
2021-05-04 22:06:05 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, client)
|
2023-04-13 10:58:18 +00:00
|
|
|
assert.Equal(t, myclient, client.GetID())
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestOpenIDConnectStore_GetInternalClient_ValidClient(t *testing.T) {
|
2023-04-13 10:58:18 +00:00
|
|
|
id := myclient
|
|
|
|
|
2021-05-04 22:06:05 +00:00
|
|
|
c1 := schema.OpenIDConnectClientConfiguration{
|
2023-04-13 10:58:18 +00:00
|
|
|
ID: id,
|
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: onefactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
2021-11-23 09:45:38 +00:00
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
s := NewStore(&schema.OpenIDConnectConfiguration{
|
2022-10-02 02:07:40 +00:00
|
|
|
IssuerCertificateChain: schema.X509CertificateChain{},
|
2023-04-19 04:24:05 +00:00
|
|
|
IssuerPrivateKey: keyRSA2048,
|
2022-10-02 02:07:40 +00:00
|
|
|
Clients: []schema.OpenIDConnectClientConfiguration{c1},
|
2022-04-12 03:02:12 +00:00
|
|
|
}, nil)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2023-04-13 10:58:18 +00:00
|
|
|
client, err := s.GetFullClient(id)
|
2021-05-04 22:06:05 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, client)
|
2023-04-13 10:58:18 +00:00
|
|
|
assert.Equal(t, id, client.GetID())
|
|
|
|
assert.Equal(t, myclientdesc, client.GetDescription())
|
|
|
|
assert.Equal(t, fosite.Arguments(c1.Scopes), client.GetScopes())
|
|
|
|
assert.Equal(t, fosite.Arguments([]string{GrantTypeAuthorizationCode}), client.GetGrantTypes())
|
|
|
|
assert.Equal(t, fosite.Arguments([]string{ResponseTypeAuthorizationCodeFlow}), client.GetResponseTypes())
|
|
|
|
assert.Equal(t, []string(nil), client.GetRedirectURIs())
|
|
|
|
assert.Equal(t, authorization.OneFactor, client.GetAuthorizationPolicy())
|
|
|
|
assert.Equal(t, "$plaintext$mysecret", client.GetSecret().Encode())
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestOpenIDConnectStore_GetInternalClient_InvalidClient(t *testing.T) {
|
|
|
|
c1 := schema.OpenIDConnectClientConfiguration{
|
2023-04-13 10:58:18 +00:00
|
|
|
ID: myclient,
|
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: onefactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
2021-11-23 09:45:38 +00:00
|
|
|
|
2022-11-13 03:26:10 +00:00
|
|
|
s := NewStore(&schema.OpenIDConnectConfiguration{
|
2022-10-02 02:07:40 +00:00
|
|
|
IssuerCertificateChain: schema.X509CertificateChain{},
|
2023-04-19 04:24:05 +00:00
|
|
|
IssuerPrivateKey: keyRSA2048,
|
2022-10-02 02:07:40 +00:00
|
|
|
Clients: []schema.OpenIDConnectClientConfiguration{c1},
|
2022-04-12 03:02:12 +00:00
|
|
|
}, nil)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2022-04-07 05:33:53 +00:00
|
|
|
client, err := s.GetFullClient("another-client")
|
2021-05-04 22:06:05 +00:00
|
|
|
assert.Nil(t, client)
|
2023-04-08 04:48:55 +00:00
|
|
|
assert.EqualError(t, err, "invalid_client")
|
2021-05-04 22:06:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestOpenIDConnectStore_IsValidClientID(t *testing.T) {
|
2022-11-13 03:26:10 +00:00
|
|
|
s := NewStore(&schema.OpenIDConnectConfiguration{
|
2022-10-02 02:07:40 +00:00
|
|
|
IssuerCertificateChain: schema.X509CertificateChain{},
|
2023-04-19 04:24:05 +00:00
|
|
|
IssuerPrivateKey: keyRSA2048,
|
2021-05-04 22:06:05 +00:00
|
|
|
Clients: []schema.OpenIDConnectClientConfiguration{
|
|
|
|
{
|
2023-04-13 10:58:18 +00:00
|
|
|
ID: myclient,
|
|
|
|
Description: myclientdesc,
|
|
|
|
Policy: onefactor,
|
2022-10-20 02:16:36 +00:00
|
|
|
Scopes: []string{ScopeOpenID, ScopeProfile},
|
2022-10-20 03:21:45 +00:00
|
|
|
Secret: MustDecodeSecret("$plaintext$mysecret"),
|
2021-05-04 22:06:05 +00:00
|
|
|
},
|
|
|
|
},
|
2022-04-12 03:02:12 +00:00
|
|
|
}, nil)
|
2021-05-04 22:06:05 +00:00
|
|
|
|
2023-04-13 10:58:18 +00:00
|
|
|
validClient := s.IsValidClientID(myclient)
|
2021-05-04 22:06:05 +00:00
|
|
|
invalidClient := s.IsValidClientID("myinvalidclient")
|
|
|
|
|
|
|
|
assert.True(t, validClient)
|
|
|
|
assert.False(t, invalidClient)
|
2022-04-12 03:02:12 +00:00
|
|
|
}
|