1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-24 05:26:55 +02:00
oauth2-proxy/providers/gitlab_test.go

168 lines
4.2 KiB
Go
Raw Normal View History

2016-02-17 06:19:52 -06:00
package providers
import (
"context"
2016-02-17 06:19:52 -06:00
"net/http"
"net/http/httptest"
"net/url"
"testing"
2020-03-29 14:54:36 +01:00
"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions"
"github.com/stretchr/testify/assert"
2016-02-17 06:19:52 -06:00
)
func testGitLabProvider(hostname string) *GitLabProvider {
p := NewGitLabProvider(
&ProviderData{
ProviderName: "",
LoginURL: &url.URL{},
RedeemURL: &url.URL{},
ProfileURL: &url.URL{},
ValidateURL: &url.URL{},
Scope: ""})
if hostname != "" {
updateURL(p.Data().LoginURL, hostname)
updateURL(p.Data().RedeemURL, hostname)
updateURL(p.Data().ProfileURL, hostname)
updateURL(p.Data().ValidateURL, hostname)
}
2016-02-17 06:19:52 -06:00
return p
}
func testGitLabBackend() *httptest.Server {
userInfo := `
{
"nickname": "FooBar",
"email": "foo@bar.com",
"email_verified": false,
"groups": ["foo", "bar"]
}
`
authHeader := "Bearer gitlab_access_token"
2016-02-17 06:19:52 -06:00
return httptest.NewServer(http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/oauth/userinfo" {
if r.Header["Authorization"][0] == authHeader {
w.WriteHeader(200)
w.Write([]byte(userInfo))
} else {
w.WriteHeader(401)
}
2016-02-17 06:19:52 -06:00
} else {
w.WriteHeader(404)
2016-02-17 06:19:52 -06:00
}
}))
}
func TestGitLabProviderBadToken(t *testing.T) {
b := testGitLabBackend()
defer b.Close()
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
session := &sessions.SessionState{AccessToken: "unexpected_gitlab_access_token"}
_, err := p.GetEmailAddress(context.Background(), session)
assert.NotEqual(t, nil, err)
2016-02-17 06:19:52 -06:00
}
func TestGitLabProviderUnverifiedEmailDenied(t *testing.T) {
b := testGitLabBackend()
defer b.Close()
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
_, err := p.GetEmailAddress(context.Background(), session)
assert.NotEqual(t, nil, err)
2016-02-17 06:19:52 -06:00
}
func TestGitLabProviderUnverifiedEmailAllowed(t *testing.T) {
b := testGitLabBackend()
2016-02-17 06:19:52 -06:00
defer b.Close()
2018-11-29 14:26:41 +00:00
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
2016-02-17 06:19:52 -06:00
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
email, err := p.GetEmailAddress(context.Background(), session)
2016-02-17 06:19:52 -06:00
assert.Equal(t, nil, err)
assert.Equal(t, "foo@bar.com", email)
2016-02-17 06:19:52 -06:00
}
func TestGitLabProviderUsername(t *testing.T) {
b := testGitLabBackend()
2016-02-17 06:19:52 -06:00
defer b.Close()
2018-11-29 14:26:41 +00:00
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
2016-02-17 06:19:52 -06:00
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
username, err := p.GetUserName(context.Background(), session)
assert.Equal(t, nil, err)
assert.Equal(t, "FooBar", username)
}
func TestGitLabProviderGroupMembershipValid(t *testing.T) {
b := testGitLabBackend()
defer b.Close()
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
p.Groups = []string{"foo"}
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
email, err := p.GetEmailAddress(context.Background(), session)
assert.Equal(t, nil, err)
assert.Equal(t, "foo@bar.com", email)
}
func TestGitLabProviderGroupMembershipMissing(t *testing.T) {
b := testGitLabBackend()
defer b.Close()
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
p.Groups = []string{"baz"}
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
_, err := p.GetEmailAddress(context.Background(), session)
2016-02-17 06:19:52 -06:00
assert.NotEqual(t, nil, err)
}
func TestGitLabProviderEmailDomainValid(t *testing.T) {
b := testGitLabBackend()
2016-02-17 06:19:52 -06:00
defer b.Close()
2018-11-29 14:26:41 +00:00
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
p.EmailDomains = []string{"bar.com"}
2016-02-17 06:19:52 -06:00
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
email, err := p.GetEmailAddress(context.Background(), session)
assert.Equal(t, nil, err)
assert.Equal(t, "foo@bar.com", email)
}
func TestGitLabProviderEmailDomainInvalid(t *testing.T) {
b := testGitLabBackend()
defer b.Close()
bURL, _ := url.Parse(b.URL)
p := testGitLabProvider(bURL.Host)
p.AllowUnverifiedEmail = true
p.EmailDomains = []string{"baz.com"}
session := &sessions.SessionState{AccessToken: "gitlab_access_token"}
_, err := p.GetEmailAddress(context.Background(), session)
2016-02-17 06:19:52 -06:00
assert.NotEqual(t, nil, err)
}