oauth2-proxy/pkg/apis/options/cookie_test.go

package options

import (
	"os"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestCookieGetSecret(t *testing.T) {
	t.Run("returns secret when Secret is set", func(t *testing.T) {
		c := &Cookie{
			Secret:     "my-secret",
			SecretFile: "",
		}
		secret, err := c.GetSecret()
		assert.NoError(t, err)
		assert.Equal(t, "my-secret", secret)
	})

	t.Run("returns secret when both Secret and SecretFile are set", func(t *testing.T) {
		c := &Cookie{
			Secret:     "my-secret",
			SecretFile: "/some/file",
		}
		secret, err := c.GetSecret()
		assert.NoError(t, err)
		assert.Equal(t, "my-secret", secret)
	})

	t.Run("reads from file when only SecretFile is set", func(t *testing.T) {
		// Create a temporary file
		tmpfile, err := os.CreateTemp("", "cookie-secret-test")
		assert.NoError(t, err)
		defer os.Remove(tmpfile.Name())

		_, err = tmpfile.Write([]byte("file-secret"))
		assert.NoError(t, err)
		tmpfile.Close()

		c := &Cookie{
			Secret:     "",
			SecretFile: tmpfile.Name(),
		}
		secret, err := c.GetSecret()
		assert.NoError(t, err)
		assert.Equal(t, "file-secret", secret)
	})

	t.Run("returns error when file does not exist", func(t *testing.T) {
		c := &Cookie{
			Secret:     "",
			SecretFile: "/nonexistent/file",
		}
		secret, err := c.GetSecret()
		assert.Error(t, err)
		assert.Equal(t, "", secret)
		assert.Contains(t, err.Error(), "could not read cookie secret file")
	})

	t.Run("returns empty when both Secret and SecretFile are empty", func(t *testing.T) {
		c := &Cookie{
			Secret:     "",
			SecretFile: "",
		}
		secret, err := c.GetSecret()
		assert.NoError(t, err)
		assert.Equal(t, "", secret)
	})
}
feat(cookie): add feature support for cookie-secret-file (#3104) * feat: add feature support for cookie-secret-file --------- Signed-off-by: Jan Larwig <jan@larwig.com> Co-Authored-By: Sandy Chen <Yuxuan.Chen@morganstanley.com> Co-authored-by: Jan Larwig <jan@larwig.com> 2025-07-23 01:59:55 +09:00			`package options`

			`import (`
			`"os"`
			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestCookieGetSecret(t *testing.T) {`
			`t.Run("returns secret when Secret is set", func(t *testing.T) {`
			`c := &Cookie{`
			`Secret: "my-secret",`
			`SecretFile: "",`
			`}`
			`secret, err := c.GetSecret()`
			`assert.NoError(t, err)`
			`assert.Equal(t, "my-secret", secret)`
			`})`

			`t.Run("returns secret when both Secret and SecretFile are set", func(t *testing.T) {`
			`c := &Cookie{`
			`Secret: "my-secret",`
			`SecretFile: "/some/file",`
			`}`
			`secret, err := c.GetSecret()`
			`assert.NoError(t, err)`
			`assert.Equal(t, "my-secret", secret)`
			`})`

			`t.Run("reads from file when only SecretFile is set", func(t *testing.T) {`
			`// Create a temporary file`
			`tmpfile, err := os.CreateTemp("", "cookie-secret-test")`
			`assert.NoError(t, err)`
			`defer os.Remove(tmpfile.Name())`

			`_, err = tmpfile.Write([]byte("file-secret"))`
			`assert.NoError(t, err)`
			`tmpfile.Close()`

			`c := &Cookie{`
			`Secret: "",`
			`SecretFile: tmpfile.Name(),`
			`}`
			`secret, err := c.GetSecret()`
			`assert.NoError(t, err)`
			`assert.Equal(t, "file-secret", secret)`
			`})`

			`t.Run("returns error when file does not exist", func(t *testing.T) {`
			`c := &Cookie{`
			`Secret: "",`
			`SecretFile: "/nonexistent/file",`
			`}`
			`secret, err := c.GetSecret()`
			`assert.Error(t, err)`
			`assert.Equal(t, "", secret)`
			`assert.Contains(t, err.Error(), "could not read cookie secret file")`
			`})`

			`t.Run("returns empty when both Secret and SecretFile are empty", func(t *testing.T) {`
			`c := &Cookie{`
			`Secret: "",`
			`SecretFile: "",`
			`}`
			`secret, err := c.GetSecret()`
			`assert.NoError(t, err)`
			`assert.Equal(t, "", secret)`
			`})`
			`}`