Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity
dex/integration/admin_api_test.go

462 lines
9.8 KiB
Go
Raw Normal View History

*: move original project to dex
2015-08-18 05:57:27 +05:30
package integration
import (
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
"encoding/base64"
"fmt"
*: move original project to dex
2015-08-18 05:57:27 +05:30
"net/http"
"net/http/httptest"
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
"net/url"
*: move original project to dex
2015-08-18 05:57:27 +05:30
"testing"
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
"github.com/coreos/go-oidc/oidc"
*: move original project to dex
2015-08-18 05:57:27 +05:30
"github.com/kylelemons/godebug/pretty"
"google.golang.org/api/googleapi"
"github.com/coreos/dex/admin"
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
"github.com/coreos/dex/client"
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script
2016-05-12 22:23:01 +05:30
"github.com/coreos/dex/client/manager"
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
"github.com/coreos/dex/db"
*: move original project to dex
2015-08-18 05:57:27 +05:30
"github.com/coreos/dex/schema/adminschema"
"github.com/coreos/dex/server"
"github.com/coreos/dex/user"
)
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
const (
adminAPITestSecret = "admin_secret"
)
*: move original project to dex
2015-08-18 05:57:27 +05:30
type adminAPITestFixtures struct {
ur user.UserRepo
pwr user.PasswordInfoRepo
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
cr client.ClientRepo
*: move original project to dex
2015-08-18 05:57:27 +05:30
adAPI *admin.AdminAPI
adSrv *server.AdminServer
hSrv *httptest.Server
hc *http.Client
adClient *adminschema.Service
}
func (t *adminAPITestFixtures) close() {
t.hSrv.Close()
}
var (
adminUsers = []user.UserWithRemoteIdentities{
{
User: user.User{
ID: "ID-1",
Email: "Email-1@example.com",
},
},
{
User: user.User{
ID: "ID-2",
Email: "Email-2@example.com",
},
},
{
User: user.User{
ID: "ID-3",
Email: "Email-3@example.com",
},
},
}
adminPasswords = []user.PasswordInfo{
{
UserID: "ID-1",
Password: []byte("hi."),
},
}
)
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
type adminAPITransport struct {
secret string
}
func (a *adminAPITransport) RoundTrip(r *http.Request) (*http.Response, error) {
r.Header.Set("Authorization", a.secret)
return http.DefaultTransport.RoundTrip(r)
}
*: move original project to dex
2015-08-18 05:57:27 +05:30
func makeAdminAPITestFixtures() *adminAPITestFixtures {
f := &adminAPITestFixtures{}
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
dbMap, ur, pwr, um := makeUserObjects(adminUsers, adminPasswords)
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
var cliCount int
secGen := func() ([]byte, error) {
return []byte(fmt.Sprintf("client_%v", cliCount)), nil
}
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script
2016-05-12 22:23:01 +05:30
cr := db.NewClientRepo(dbMap)
clientIDGenerator := func(hostport string) (string, error) {
return fmt.Sprintf("client_%v", hostport), nil
}
cm := manager.NewClientManager(cr, db.TransactionFactory(dbMap), manager.ManagerOptions{SecretGenerator: secGen, ClientIDGenerator: clientIDGenerator})
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
f.cr = cr
*: move original project to dex
2015-08-18 05:57:27 +05:30
f.ur = ur
f.pwr = pwr
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script
2016-05-12 22:23:01 +05:30
f.adAPI = admin.NewAdminAPI(ur, pwr, cr, um, cm, "local")
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
f.adSrv = server.NewAdminServer(f.adAPI, nil, adminAPITestSecret)
*: move original project to dex
2015-08-18 05:57:27 +05:30
f.hSrv = httptest.NewServer(f.adSrv.HTTPHandler())
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
f.hc = &http.Client{
Transport: &adminAPITransport{
secret: adminAPITestSecret,
},
}
*: move original project to dex
2015-08-18 05:57:27 +05:30
f.adClient, _ = adminschema.NewWithBasePath(f.hc, f.hSrv.URL)
return f
}
func TestGetAdmin(t *testing.T) {
tests := []struct {
id string
errCode int
}{
{
id: "ID-1",
errCode: -1,
},
{
id: "ID-2",
errCode: http.StatusNotFound,
},
}
for i, tt := range tests {
func() {
f := makeAdminAPITestFixtures()
defer f.close()
admn, err := f.adClient.Admin.Get(tt.id).Do()
if tt.errCode != -1 {
if err == nil {
t.Errorf("case %d: err was nil", i)
return
}
gErr, ok := err.(*googleapi.Error)
if !ok {
t.Errorf("case %d: not a googleapi Error: %q", i, err)
return
}
if gErr.Code != tt.errCode {
t.Errorf("case %d: want=%d, got=%d", i, tt.errCode, gErr.Code)
return
}
} else {
if err != nil {
t.Errorf("case %d: err != nil: %q", i, err)
}
if admn == nil {
t.Errorf("case %d: admn was nil", i)
}
if admn.Id != "ID-1" {
t.Errorf("case %d: want=%q, got=%q", i, tt.id, admn.Id)
}
}
}()
}
}
func TestCreateAdmin(t *testing.T) {
tests := []struct {
integration: check when there's no secret provided
2015-10-14 01:04:28 +05:30
admn *adminschema.Admin
errCode int
secret string
noSecret bool
*: move original project to dex
2015-08-18 05:57:27 +05:30
}{
{
admn: &adminschema.Admin{
Email: "foo@example.com",
Password: "foopass",
},
errCode: -1,
},
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
{
admn: &adminschema.Admin{
Email: "foo@example.com",
Password: "foopass",
},
errCode: http.StatusUnauthorized,
secret: "bad_secret",
},
integration: check when there's no secret provided
2015-10-14 01:04:28 +05:30
{
admn: &adminschema.Admin{
Email: "foo@example.com",
Password: "foopass",
},
errCode: http.StatusUnauthorized,
noSecret: true,
},
*: move original project to dex
2015-08-18 05:57:27 +05:30
{
// duplicate Email
admn: &adminschema.Admin{
Email: "Email-1@example.com",
Password: "foopass",
},
errCode: http.StatusBadRequest,
},
{
// missing Email
admn: &adminschema.Admin{
Password: "foopass",
},
errCode: http.StatusBadRequest,
},
}
for i, tt := range tests {
func() {
f := makeAdminAPITestFixtures()
server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.
2015-10-02 00:04:53 +05:30
if tt.secret != "" {
f.hc.Transport = &adminAPITransport{
secret: tt.secret,
}
}
integration: check when there's no secret provided
2015-10-14 01:04:28 +05:30
if tt.noSecret {
f.hc.Transport = http.DefaultTransport
}
*: move original project to dex
2015-08-18 05:57:27 +05:30
defer f.close()
admn, err := f.adClient.Admin.Create(tt.admn).Do()
if tt.errCode != -1 {
if err == nil {
t.Errorf("case %d: err was nil", i)
return
}
gErr, ok := err.(*googleapi.Error)
if !ok {
t.Errorf("case %d: not a googleapi Error: %q", i, err)
return
}
if gErr.Code != tt.errCode {
t.Errorf("case %d: want=%d, got=%d", i, tt.errCode, gErr.Code)
return
}
} else {
if err != nil {
t.Errorf("case %d: err != nil: %q", i, err)
}
tt.admn.Id = admn.Id
if diff := pretty.Compare(tt.admn, admn); diff != "" {
t.Errorf("case %d: Compare(want, got) = %v", i, diff)
}
gotAdmn, err := f.adClient.Admin.Get(admn.Id).Do()
if err != nil {
t.Errorf("case %d: err != nil: %q", i, err)
}
if diff := pretty.Compare(admn, gotAdmn); diff != "" {
t.Errorf("case %d: Compare(want, got) = %v", i, diff)
}
usr, err := f.ur.GetByRemoteIdentity(nil, user.RemoteIdentity{
ConnectorID: "local",
ID: tt.admn.Id,
})
if err != nil {
t.Errorf("case %d: err != nil: %q", i, err)
}
if usr.ID != tt.admn.Id {
t.Errorf("case %d: want=%q, got=%q", i, tt.admn.Id, usr.ID)
}
}
}()
}
}
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
func TestCreateClient(t *testing.T) {
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
mustParseURL := func(s string) *url.URL {
u, err := url.Parse(s)
if err != nil {
t.Fatalf("couldn't parse URL: %v", err)
}
return u
}
addIDAndSecret := func(cli adminschema.Client) *adminschema.Client {
cli.Id = "client_auth.example.com"
cli.Secret = base64.URLEncoding.EncodeToString([]byte("client_0"))
return &cli
}
adminClientGood := adminschema.Client{
RedirectURIs: []string{"https://auth.example.com/"},
}
clientGood := client.Client{
Credentials: oidc.ClientCredentials{
ID: "client_auth.example.com",
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{*mustParseURL("https://auth.example.com/")},
},
}
adminAdminClient := adminClientGood
adminAdminClient.IsAdmin = true
clientGoodAdmin := clientGood
clientGoodAdmin.Admin = true
adminMultiRedirect := adminClientGood
adminMultiRedirect.RedirectURIs = []string{"https://auth.example.com/", "https://auth2.example.com/"}
clientMultiRedirect := clientGoodAdmin
clientMultiRedirect.Metadata.RedirectURIs = append(
clientMultiRedirect.Metadata.RedirectURIs,
*mustParseURL("https://auth2.example.com/"))
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
tests := []struct {
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
req adminschema.ClientCreateRequest
want adminschema.ClientCreateResponse
wantClient client.Client
wantError int
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
}{
{
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
req: adminschema.ClientCreateRequest{},
wantError: http.StatusBadRequest,
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
},
{
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
req: adminschema.ClientCreateRequest{
Client: &adminschema.Client{
IsAdmin: true,
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
},
},
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
wantError: http.StatusBadRequest,
},
{
req: adminschema.ClientCreateRequest{
Client: &adminschema.Client{
RedirectURIs: []string{"909090"},
},
},
wantError: http.StatusBadRequest,
},
{
req: adminschema.ClientCreateRequest{
Client: &adminClientGood,
},
want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminClientGood),
},
wantClient: clientGood,
},
{
req: adminschema.ClientCreateRequest{
Client: &adminAdminClient,
},
want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminAdminClient),
},
wantClient: clientGoodAdmin,
},
{
req: adminschema.ClientCreateRequest{
Client: &adminMultiRedirect,
},
want: adminschema.ClientCreateResponse{
Client: addIDAndSecret(adminMultiRedirect),
},
wantClient: clientMultiRedirect,
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
},
}
for i, tt := range tests {
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
if i != 3 {
continue
}
f := makeAdminAPITestFixtures()
*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client.
2016-04-15 04:27:53 +05:30
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
resp, err := f.adClient.Client.Create(&tt.req).Do()
if tt.wantError != 0 {
if err == nil {
t.Errorf("case %d: want non-nil error.", i)
continue
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
}
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
aErr, ok := err.(*googleapi.Error)
if !ok {
t.Errorf("case %d: could not assert as adminSchema.Error: %v", i, err)
continue
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
}
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
if aErr.Code != tt.wantError {
t.Errorf("case %d: want aErr.Code=%v, got %v", i, tt.wantError, aErr.Code)
continue
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
}
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
continue
}
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
if err != nil {
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
t.Errorf("case %d: unexpected error creating client: %v", i, err)
continue
}
if diff := pretty.Compare(tt.want, resp); diff != "" {
t.Errorf("case %d: Compare(want, got) = %v", i, diff)
}
client: add transaction support
2016-05-12 03:05:24 +05:30
repoClient, err := f.cr.Get(nil, resp.Client.Id)
integration, *: Improve tests for admin api * TestCreateClient was missing test coverage on error cases * Fixed bug where 500s were being reported for bad requests * changed function signature of NewAdminAPI back to old way of passing in lots of repos: passing in a DbMap made it difficult to test * added swappable ID and Secret generators when creating Clients
2016-04-20 06:57:45 +05:30
if err != nil {
t.Errorf("case %d: Unexpected error getting client: %v", i, err)
}
if diff := pretty.Compare(tt.wantClient, repoClient); diff != "" {
t.Errorf("case %d: Compare(wantClient, repoClient) = %v", i, diff)
*: add client registration endpoint to admin API
2016-04-06 00:07:26 +05:30
}
}
}
*: move original project to dex
2015-08-18 05:57:27 +05:30
func TestGetState(t *testing.T) {
tests := []struct {
addUsers []user.User
want adminschema.State
}{
{
addUsers: []user.User{
user.User{
ID: "ID-admin",
Email: "Admin@example.com",
Admin: true,
},
},
want: adminschema.State{
AdminUserCreated: true,
},
},
{
want: adminschema.State{
AdminUserCreated: false,
},
},
}
for i, tt := range tests {
func() {
f := makeAdminAPITestFixtures()
defer f.close()
for _, usr := range tt.addUsers {
err := f.ur.Create(nil, usr)
if err != nil {
t.Fatalf("case %d: err != nil: %v", i, err)
}
}
got, err := f.adClient.State.Get().Do()
if err != nil {
t.Errorf("case %d: err != nil: %q", i, err)
}
if diff := pretty.Compare(tt.want, got); diff != "" {
t.Errorf("case %d: Compare(want, got) = %v", i, diff)
}
}()
}
}
Reference in a new issue Copy permalink