Merge pull request #1622 from chlunde/dex-microsoft-tests

connector/microsoft: Add basic tests
This commit is contained in:
Nándor István Krácser 2020-01-13 09:37:33 +01:00 committed by GitHub
commit 1cdb2b1d74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 99 additions and 6 deletions

View file

@ -31,7 +31,6 @@ const (
)
const (
apiURL = "https://graph.microsoft.com"
// Microsoft requires this scope to access user's profile
scopeUser = "user.read"
// Microsoft requires this scope to list groups the user is a member of
@ -54,6 +53,8 @@ type Config struct {
// Open returns a strategy for logging in through Microsoft.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
m := microsoftConnector{
apiURL: "https://login.microsoftonline.com",
graphURL: "https://graph.microsoft.com",
redirectURI: c.RedirectURI,
clientID: c.ClientID,
clientSecret: c.ClientSecret,
@ -94,6 +95,8 @@ var (
)
type microsoftConnector struct {
apiURL string
graphURL string
redirectURI string
clientID string
clientSecret string
@ -123,8 +126,8 @@ func (c *microsoftConnector) oauth2Config(scopes connector.Scopes) *oauth2.Confi
ClientID: c.clientID,
ClientSecret: c.clientSecret,
Endpoint: oauth2.Endpoint{
AuthURL: "https://login.microsoftonline.com/" + c.tenant + "/oauth2/v2.0/authorize",
TokenURL: "https://login.microsoftonline.com/" + c.tenant + "/oauth2/v2.0/token",
AuthURL: c.apiURL + "/" + c.tenant + "/oauth2/v2.0/authorize",
TokenURL: c.apiURL + "/" + c.tenant + "/oauth2/v2.0/token",
},
Scopes: microsoftScopes,
RedirectURL: c.redirectURI,
@ -296,7 +299,7 @@ type user struct {
func (c *microsoftConnector) user(ctx context.Context, client *http.Client) (u user, err error) {
// https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_get
req, err := http.NewRequest("GET", apiURL+"/v1.0/me?$select=id,displayName,userPrincipalName", nil)
req, err := http.NewRequest("GET", c.graphURL+"/v1.0/me?$select=id,displayName,userPrincipalName", nil)
if err != nil {
return u, fmt.Errorf("new req: %v", err)
}
@ -355,7 +358,7 @@ func (c *microsoftConnector) getGroupIDs(ctx context.Context, client *http.Clien
in := &struct {
SecurityEnabledOnly bool `json:"securityEnabledOnly"`
}{c.onlySecurityGroups}
reqURL := apiURL + "/v1.0/me/getMemberGroups"
reqURL := c.graphURL + "/v1.0/me/getMemberGroups"
for {
var out []string
var next string
@ -383,7 +386,7 @@ func (c *microsoftConnector) getGroupNames(ctx context.Context, client *http.Cli
IDs []string `json:"ids"`
Types []string `json:"types"`
}{ids, []string{"group"}}
reqURL := apiURL + "/v1.0/directoryObjects/getByIds"
reqURL := c.graphURL + "/v1.0/directoryObjects/getByIds"
for {
var out []group
var next string

View file

@ -0,0 +1,90 @@
package microsoft
import (
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"os"
"reflect"
"testing"
"github.com/dexidp/dex/connector"
)
type testResponse struct {
data interface{}
}
const tenant = "9b1c3439-a67e-4e92-bb0d-0571d44ca965"
var dummyToken = testResponse{data: map[string]interface{}{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9",
"expires_in": "30",
}}
func TestUserIdentityFromGraphAPI(t *testing.T) {
s := newTestServer(map[string]testResponse{
"/v1.0/me?$select=id,displayName,userPrincipalName": {
data: user{ID: "S56767889", Name: "Jane Doe", Email: "jane.doe@example.com"},
},
"/" + tenant + "/oauth2/v2.0/token": dummyToken,
})
defer s.Close()
req, _ := http.NewRequest("GET", s.URL, nil)
c := microsoftConnector{apiURL: s.URL, graphURL: s.URL, tenant: tenant}
identity, err := c.HandleCallback(connector.Scopes{Groups: false}, req)
expectNil(t, err)
expectEquals(t, identity.Username, "Jane Doe")
expectEquals(t, identity.UserID, "S56767889")
expectEquals(t, identity.PreferredUsername, "")
expectEquals(t, identity.Email, "jane.doe@example.com")
expectEquals(t, identity.EmailVerified, true)
expectEquals(t, len(identity.Groups), 0)
}
func TestUserGroupsFromGraphAPI(t *testing.T) {
s := newTestServer(map[string]testResponse{
"/v1.0/me?$select=id,displayName,userPrincipalName": {data: user{}},
"/v1.0/me/getMemberGroups": {data: map[string]interface{}{
"value": []string{"a", "b"},
}},
"/" + tenant + "/oauth2/v2.0/token": dummyToken,
})
defer s.Close()
req, _ := http.NewRequest("GET", s.URL, nil)
c := microsoftConnector{apiURL: s.URL, graphURL: s.URL, tenant: tenant}
identity, err := c.HandleCallback(connector.Scopes{Groups: true}, req)
expectNil(t, err)
expectEquals(t, identity.Groups, []string{"a", "b"})
}
func newTestServer(responses map[string]testResponse) *httptest.Server {
s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
response, found := responses[r.RequestURI]
if !found {
fmt.Fprintf(os.Stderr, "Mock response for %q not found\n", r.RequestURI)
http.NotFound(w, r)
return
}
w.Header().Add("Content-Type", "application/json")
json.NewEncoder(w).Encode(response.data)
}))
return s
}
func expectNil(t *testing.T, a interface{}) {
if a != nil {
t.Errorf("Expected %+v to equal nil", a)
}
}
func expectEquals(t *testing.T, a interface{}, b interface{}) {
if !reflect.DeepEqual(a, b) {
t.Errorf("Expected %+v to equal %+v", a, b)
}
}