forked from bitly/oauth2_proxy
-
Notifications
You must be signed in to change notification settings - Fork 2
/
okta_test.go
121 lines (104 loc) · 3.39 KB
/
okta_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package providers
import (
"encoding/base64"
"encoding/json"
"net/http/httptest"
"net/url"
"testing"
"github.com/stretchr/testify/assert"
)
func newOktaProvider() *OktaProvider {
return NewOktaProvider(
&ProviderData{
ProviderName: "",
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProfileURL: &url.URL{},
ValidateURL: &url.URL{},
Scope: ""})
}
func TestOktaProviderDefaults(t *testing.T) {
p := newOktaProvider()
assert.NotEqual(t, nil, p)
assert.Equal(t, "Okta", p.Data().ProviderName)
assert.Equal(t, "", p.Data().ProfileURL.String())
assert.Equal(t, "openid profile email offline_access", p.Data().Scope)
}
func TestOktaProviderOverrides(t *testing.T) {
p := newOktaProvider()
p.SetOktaDomain("example.okta.com")
assert.NotEqual(t, nil, p)
assert.Equal(t, "https://example.okta.com/oauth2/v1/authorize",
p.Data().LoginURL.String())
assert.Equal(t, "https://example.okta.com/oauth2/v1/token",
p.Data().RedeemURL.String())
assert.Equal(t, "https://example.okta.com/oauth2/v1/userinfo",
p.Data().ValidateURL.String())
}
func TestOktaProviderGetEmailAddress(t *testing.T) {
p := newOktaProvider()
body, err := json.Marshal(redeemResponse{
AccessToken: "a1234",
ExpiresIn: 10,
RefreshToken: "refresh12345",
IdToken: "ignored prefix." + base64.URLEncoding.EncodeToString([]byte(`{"email": "michael.bland@gsa.gov", "email_verified":true}`)),
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.Equal(t, nil, err)
assert.NotEqual(t, session, nil)
assert.Equal(t, "michael.bland@gsa.gov", session.Email)
assert.Equal(t, "a1234", session.AccessToken)
assert.Equal(t, "refresh12345", session.RefreshToken)
}
func TestOktaProviderGetEmailAddressInvalidEncoding(t *testing.T) {
p := newOktaProvider()
body, err := json.Marshal(redeemResponse{
AccessToken: "a1234",
IdToken: "ignored prefix." + `{"email": "michael.bland@gsa.gov"}`,
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.NotEqual(t, nil, err)
if session != nil {
t.Errorf("expect nill session %#v", session)
}
}
func TestOktaProviderGetEmailAddressInvalidJson(t *testing.T) {
p := newOktaProvider()
body, err := json.Marshal(redeemResponse{
AccessToken: "a1234",
IdToken: "ignored prefix." + base64.URLEncoding.EncodeToString([]byte(`{"email": michael.bland@gsa.gov}`)),
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.NotEqual(t, nil, err)
if session != nil {
t.Errorf("expect nill session %#v", session)
}
}
func TestOktaProviderGetEmailAddressEmailMissing(t *testing.T) {
p := newOktaProvider()
body, err := json.Marshal(redeemResponse{
AccessToken: "a1234",
IdToken: "ignored prefix." + base64.URLEncoding.EncodeToString([]byte(`{"not_email": "missing"}`)),
})
assert.Equal(t, nil, err)
var server *httptest.Server
p.RedeemURL, server = newRedeemServer(body)
defer server.Close()
session, err := p.Redeem("http://redirect/", "code1234")
assert.NotEqual(t, nil, err)
if session != nil {
t.Errorf("expect nill session %#v", session)
}
}