From a2ce9e05731b078597d0f04addf8c7a2854915e2 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Fri, 3 Feb 2023 10:36:38 +1100
Subject: [PATCH] test: add test for 2329 expand-env (#4870)

This adds a test for https://github.com/authelia/authelia/issues/2329#issuecomment-1414201785
---
 internal/configuration/provider_test.go         |  8 ++++++++
 .../test_resources/config.filtered.yml          | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/internal/configuration/provider_test.go b/internal/configuration/provider_test.go
index 975fccdd4..f60d68651 100644
--- a/internal/configuration/provider_test.go
+++ b/internal/configuration/provider_test.go
@@ -105,6 +105,9 @@ func TestShouldValidateConfigurationWithFilters(t *testing.T) {
 	testSetEnv(t, "JWT_SECRET", "abc")
 	testSetEnv(t, "AUTHENTICATION_BACKEND_LDAP_PASSWORD", "abc")
 
+	t.Setenv("ABC_CLIENT_SECRET", "$plaintext$example-abc")
+	t.Setenv("XYZ_CLIENT_SECRET", "$plaintext$example-xyz")
+	t.Setenv("ANOTHER_CLIENT_SECRET", "$plaintext$example-123")
 	t.Setenv("SERVICES_SERVER", "10.10.10.10")
 	t.Setenv("ROOT_DOMAIN", "example.org")
 
@@ -118,6 +121,11 @@ func TestShouldValidateConfigurationWithFilters(t *testing.T) {
 	assert.Equal(t, "api-123456789.example.org", config.DuoAPI.Hostname)
 	assert.Equal(t, "10.10.10.10", config.Notifier.SMTP.Host)
 	assert.Equal(t, "10.10.10.10", config.Session.Redis.Host)
+
+	require.Len(t, config.IdentityProviders.OIDC.Clients, 3)
+	assert.Equal(t, "$plaintext$example-abc", config.IdentityProviders.OIDC.Clients[0].Secret.String())
+	assert.Equal(t, "$plaintext$example-xyz", config.IdentityProviders.OIDC.Clients[1].Secret.String())
+	assert.Equal(t, "$plaintext$example-123", config.IdentityProviders.OIDC.Clients[2].Secret.String())
 }
 
 func TestShouldNotIgnoreInvalidEnvs(t *testing.T) {
diff --git a/internal/configuration/test_resources/config.filtered.yml b/internal/configuration/test_resources/config.filtered.yml
index eed860eaf..0a5d84daf 100644
--- a/internal/configuration/test_resources/config.filtered.yml
+++ b/internal/configuration/test_resources/config.filtered.yml
@@ -174,4 +174,21 @@ notifier:
     port: 1025
     sender: 'admin@{{ env "ROOT_DOMAIN" }}'
     disable_require_tls: true
+
+identity_providers:
+  oidc:
+    cors:
+      allowed_origins:
+        - https://google.com
+        - https://example.com
+    clients:
+      - id: abc
+        secret: '${ABC_CLIENT_SECRET}'
+        consent_mode: explicit
+      - id: xyz
+        secret: '$XYZ_CLIENT_SECRET'
+        consent_mode: explicit
+      - id: '123'
+        secret: $ANOTHER_CLIENT_SECRET
+        consent_mode: explicit
 ...