Move all Keycloak unit tests to Ginkgo

2025-05-13 22:06:40 +02:00 · 2020-12-12 13:14:57 -08:00 · 2020-12-12 13:14:57 -08:00 · 0886f8035c
commit 0886f8035c
parent 3369799853
1 changed files with 110 additions and 126 deletions
--- a/providers/keycloak_test.go
+++ b/providers/keycloak_test.go
@ -7,20 +7,18 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
 	"testing"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/ginkgo/extensions/table"
 	. "github.com/onsi/gomega"
 	"github.com/stretchr/testify/assert"
 )
 const (
 	keycloakAccessToken  = "eyJKeycloak.eyJAccess.Token"
 	keycloakUserinfoPath = "/api/v3/user"
-	// Userinfo Test Cases
+	// Userinfo Test Cases querystring toggles
 	tcUIStandard      = "userinfo-standard"
 	tcUIFail          = "userinfo-fail"
 	tcUISingleGroup   = "userinfo-single-group"
@ -111,139 +109,125 @@ func testKeycloakBackend() *httptest.Server {
 }
 var _ = Describe("Keycloak Provider Tests", func() {
-	var p *KeycloakProvider
+	Context("New Provider Init", func() {
-	var b *httptest.Server
+		It("uses defaults", func() {
 			providerData := NewKeycloakProvider(&ProviderData{}).Data()
 			Expect(providerData.ProviderName).To(Equal("Keycloak"))
 			Expect(providerData.LoginURL.String()).To(Equal("https://keycloak.org/oauth/authorize"))
 			Expect(providerData.RedeemURL.String()).To(Equal("https://keycloak.org/oauth/token"))
 			Expect(providerData.ProfileURL.String()).To(Equal(""))
 			Expect(providerData.ValidateURL.String()).To(Equal("https://keycloak.org/api/v3/user"))
 			Expect(providerData.Scope).To(Equal("api"))
 		})
-	BeforeEach(func() {
+		It("overrides defaults", func() {
-		b = testKeycloakBackend()
+			p := NewKeycloakProvider(
 				&ProviderData{
 					LoginURL: &url.URL{
 						Scheme: "https",
 						Host:   "example.com",
 						Path:   "/oauth/auth"},
 					RedeemURL: &url.URL{
 						Scheme: "https",
 						Host:   "example.com",
 						Path:   "/oauth/token"},
 					ValidateURL: &url.URL{
 						Scheme: "https",
 						Host:   "example.com",
 						Path:   "/api/v3/user"},
 					Scope: "profile"})
 			providerData := p.Data()
-		var err error
+			Expect(providerData.ProviderName).To(Equal("Keycloak"))
-		p, err = testKeycloakProvider(b)
+			Expect(providerData.LoginURL.String()).To(Equal("https://example.com/oauth/auth"))
-		Expect(err).To(BeNil())
+			Expect(providerData.RedeemURL.String()).To(Equal("https://example.com/oauth/token"))
 			Expect(providerData.ProfileURL.String()).To(Equal(""))
 			Expect(providerData.ValidateURL.String()).To(Equal("https://example.com/api/v3/user"))
 			Expect(providerData.Scope).To(Equal("profile"))
 		})
 	})
-	AfterEach(func() {
+	Context("With a test HTTP Server & Provider", func() {
-		b.Close()
+		var p *KeycloakProvider
-	})
+		var b *httptest.Server
-	Context("EnrichSession", func() {
+		BeforeEach(func() {
-		type enrichSessionTableInput struct {
+			b = testKeycloakBackend()
 			testcase       string
 			expectedError  error
 			expectedEmail  string
 			expectedGroups []string
 		}
-		DescribeTable("should return expected results",
+			var err error
-			func(in enrichSessionTableInput) {
+			p, err = testKeycloakProvider(b)
-				var err error
+			Expect(err).To(BeNil())
-				p.ValidateURL, err = url.Parse(
+		})
 					fmt.Sprintf("%s%s?testcase=%s", b.URL, keycloakUserinfoPath, in.testcase),
 				)
 				Expect(err).To(BeNil())
-				session := &sessions.SessionState{AccessToken: keycloakAccessToken}
+		AfterEach(func() {
-				err = p.EnrichSession(context.Background(), session)
+			b.Close()
 		})
-				if in.expectedError != nil {
+		Context("EnrichSession", func() {
-					Expect(err).To(Equal(in.expectedError))
+			type enrichSessionTableInput struct {
-				} else {
+				testcase       string
 				expectedError  error
 				expectedEmail  string
 				expectedGroups []string
 			}
 			DescribeTable("should return expected results",
 				func(in enrichSessionTableInput) {
 					var err error
 					p.ValidateURL, err = url.Parse(
 						fmt.Sprintf("%s%s?testcase=%s", b.URL, keycloakUserinfoPath, in.testcase),
 					)
 					Expect(err).To(BeNil())
 				}
-				Expect(session.Email).To(Equal(in.expectedEmail))
+					session := &sessions.SessionState{AccessToken: keycloakAccessToken}
 					err = p.EnrichSession(context.Background(), session)
-				if in.expectedGroups != nil {
+					if in.expectedError != nil {
-					Expect(session.Groups).To(Equal(in.expectedGroups))
+						Expect(err).To(Equal(in.expectedError))
-				} else {
+					} else {
-					Expect(session.Groups).To(BeNil())
+						Expect(err).To(BeNil())
-				}
+					}
-			},
+
-			Entry("email and multiple groups", enrichSessionTableInput{
+					Expect(session.Email).To(Equal(in.expectedEmail))
-				testcase:       tcUIStandard,
+
-				expectedError:  nil,
+					if in.expectedGroups != nil {
-				expectedEmail:  "michael.bland@gsa.gov",
+						Expect(session.Groups).To(Equal(in.expectedGroups))
-				expectedGroups: []string{"test-grp1", "test-grp2"},
+					} else {
-			}),
+						Expect(session.Groups).To(BeNil())
-			Entry("email and single group", enrichSessionTableInput{
+					}
-				testcase:       tcUISingleGroup,
+				},
-				expectedError:  nil,
+				Entry("email and multiple groups", enrichSessionTableInput{
-				expectedEmail:  "michael.bland@gsa.gov",
+					testcase:       tcUIStandard,
-				expectedGroups: []string{"test-grp1"},
+					expectedError:  nil,
-			}),
+					expectedEmail:  "michael.bland@gsa.gov",
-			Entry("email and no groups", enrichSessionTableInput{
+					expectedGroups: []string{"test-grp1", "test-grp2"},
-				testcase:       tcUIMissingGroups,
+				}),
-				expectedError:  nil,
+				Entry("email and single group", enrichSessionTableInput{
-				expectedEmail:  "michael.bland@gsa.gov",
+					testcase:       tcUISingleGroup,
-				expectedGroups: nil,
+					expectedError:  nil,
-			}),
+					expectedEmail:  "michael.bland@gsa.gov",
-			Entry("missing email", enrichSessionTableInput{
+					expectedGroups: []string{"test-grp1"},
-				testcase: tcUIMissingEmail,
+				}),
-				expectedError: errors.New(
+				Entry("email and no groups", enrichSessionTableInput{
-					"unable to extract email from userinfo endpoint: type assertion to string failed"),
+					testcase:       tcUIMissingGroups,
-				expectedEmail:  "",
+					expectedError:  nil,
-				expectedGroups: []string{"test-grp1", "test-grp2"},
+					expectedEmail:  "michael.bland@gsa.gov",
-			}),
+					expectedGroups: nil,
-			Entry("request failure", enrichSessionTableInput{
+				}),
-				testcase:       tcUIFail,
+				Entry("missing email", enrichSessionTableInput{
-				expectedError:  errors.New(`unexpected status "500": `),
+					testcase: tcUIMissingEmail,
-				expectedEmail:  "",
+					expectedError: errors.New(
-				expectedGroups: nil,
+						"unable to extract email from userinfo endpoint: type assertion to string failed"),
-			}),
+					expectedEmail:  "",
-		)
+					expectedGroups: []string{"test-grp1", "test-grp2"},
 				}),
 				Entry("request failure", enrichSessionTableInput{
 					testcase:       tcUIFail,
 					expectedError:  errors.New(`unexpected status "500": `),
 					expectedEmail:  "",
 					expectedGroups: nil,
 				}),
 			)
 		})
 	})
 })
 func TestKeycloakProviderDefaults(t *testing.T) {
 	p, err := testKeycloakProvider(nil)
 	assert.NoError(t, err)
 	assert.NotEqual(t, nil, p)
 	assert.Equal(t, "Keycloak", p.Data().ProviderName)
 	assert.Equal(t, "https://keycloak.org/oauth/authorize",
 		p.Data().LoginURL.String())
 	assert.Equal(t, "https://keycloak.org/oauth/token",
 		p.Data().RedeemURL.String())
 	assert.Equal(t, "https://keycloak.org/api/v3/user",
 		p.Data().ValidateURL.String())
 	assert.Equal(t, "api", p.Data().Scope)
 }
 func TestNewKeycloakProvider(t *testing.T) {
 	g := NewWithT(t)
 	// Test that defaults are set when calling for a new provider with nothing set
 	providerData := NewKeycloakProvider(&ProviderData{}).Data()
 	g.Expect(providerData.ProviderName).To(Equal("Keycloak"))
 	g.Expect(providerData.LoginURL.String()).To(Equal("https://keycloak.org/oauth/authorize"))
 	g.Expect(providerData.RedeemURL.String()).To(Equal("https://keycloak.org/oauth/token"))
 	g.Expect(providerData.ProfileURL.String()).To(Equal(""))
 	g.Expect(providerData.ValidateURL.String()).To(Equal("https://keycloak.org/api/v3/user"))
 	g.Expect(providerData.Scope).To(Equal("api"))
 }
 func TestKeycloakProviderOverrides(t *testing.T) {
 	p := NewKeycloakProvider(
 		&ProviderData{
 			LoginURL: &url.URL{
 				Scheme: "https",
 				Host:   "example.com",
 				Path:   "/oauth/auth"},
 			RedeemURL: &url.URL{
 				Scheme: "https",
 				Host:   "example.com",
 				Path:   "/oauth/token"},
 			ValidateURL: &url.URL{
 				Scheme: "https",
 				Host:   "example.com",
 				Path:   "/api/v3/user"},
 			Scope: "profile"})
 	assert.NotEqual(t, nil, p)
 	assert.Equal(t, "Keycloak", p.Data().ProviderName)
 	assert.Equal(t, "https://example.com/oauth/auth",
 		p.Data().LoginURL.String())
 	assert.Equal(t, "https://example.com/oauth/token",
 		p.Data().RedeemURL.String())
 	assert.Equal(t, "https://example.com/api/v3/user",
 		p.Data().ValidateURL.String())
 	assert.Equal(t, "profile", p.Data().Scope)
 }