You've already forked oauth2-proxy
mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-12-01 22:51:45 +02:00
Add Azure Provider
This commit is contained in:
Eelco Cramer
committed by
Jehiah Czebotar
Jehiah Czebotar
parent
d5a332c3f2
commit
10f47e325b
135
providers/azure_test.go
Normal file
135
providers/azure_test.go
Normal file
@@ -0,0 +1,135 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"github.com/bmizerany/assert"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func testAzureProvider(hostname string) *AzureProvider {
|
||||
p := NewAzureProvider(
|
||||
&ProviderData{
|
||||
ProviderName: "",
|
||||
LoginURL: &url.URL{},
|
||||
RedeemURL: &url.URL{},
|
||||
ProfileURL: &url.URL{},
|
||||
ValidateURL: &url.URL{},
|
||||
ProtectedResource: &url.URL{},
|
||||
Scope: ""})
|
||||
if hostname != "" {
|
||||
updateURL(p.Data().LoginURL, hostname)
|
||||
updateURL(p.Data().RedeemURL, hostname)
|
||||
updateURL(p.Data().ProfileURL, hostname)
|
||||
updateURL(p.Data().ValidateURL, hostname)
|
||||
updateURL(p.Data().ProtectedResource, hostname)
|
||||
}
|
||||
return p
|
||||
}
|
||||
|
||||
func TestAzureProviderDefaults(t *testing.T) {
|
||||
p := testAzureProvider("")
|
||||
assert.NotEqual(t, nil, p)
|
||||
p.Configure("")
|
||||
assert.Equal(t, "Azure", p.Data().ProviderName)
|
||||
assert.Equal(t, "common", p.Tenant)
|
||||
assert.Equal(t, "https://login.microsoftonline.com/common/oauth2/authorize",
|
||||
p.Data().LoginURL.String())
|
||||
assert.Equal(t, "https://login.microsoftonline.com/common/oauth2/token",
|
||||
p.Data().RedeemURL.String())
|
||||
assert.Equal(t, "https://graph.windows.net/me?api-version=1.6",
|
||||
p.Data().ProfileURL.String())
|
||||
assert.Equal(t, "https://graph.windows.net",
|
||||
p.Data().ProtectedResource.String())
|
||||
assert.Equal(t, "",
|
||||
p.Data().ValidateURL.String())
|
||||
assert.Equal(t, "openid", p.Data().Scope)
|
||||
}
|
||||
|
||||
func TestAzureProviderOverrides(t *testing.T) {
|
||||
p := NewAzureProvider(
|
||||
&ProviderData{
|
||||
LoginURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/oauth/auth"},
|
||||
RedeemURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/oauth/token"},
|
||||
ProfileURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/oauth/profile"},
|
||||
ValidateURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/oauth/tokeninfo"},
|
||||
ProtectedResource: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com"},
|
||||
Scope: "profile"})
|
||||
assert.NotEqual(t, nil, p)
|
||||
assert.Equal(t, "Azure", p.Data().ProviderName)
|
||||
assert.Equal(t, "https://example.com/oauth/auth",
|
||||
p.Data().LoginURL.String())
|
||||
assert.Equal(t, "https://example.com/oauth/token",
|
||||
p.Data().RedeemURL.String())
|
||||
assert.Equal(t, "https://example.com/oauth/profile",
|
||||
p.Data().ProfileURL.String())
|
||||
assert.Equal(t, "https://example.com/oauth/tokeninfo",
|
||||
p.Data().ValidateURL.String())
|
||||
assert.Equal(t, "https://example.com",
|
||||
p.Data().ProtectedResource.String())
|
||||
assert.Equal(t, "profile", p.Data().Scope)
|
||||
}
|
||||
|
||||
func TestAzureSetTenant(t *testing.T) {
|
||||
p := testAzureProvider("")
|
||||
p.Configure("example")
|
||||
assert.Equal(t, "Azure", p.Data().ProviderName)
|
||||
assert.Equal(t, "example", p.Tenant)
|
||||
assert.Equal(t, "https://login.microsoftonline.com/example/oauth2/authorize",
|
||||
p.Data().LoginURL.String())
|
||||
assert.Equal(t, "https://login.microsoftonline.com/example/oauth2/token",
|
||||
p.Data().RedeemURL.String())
|
||||
assert.Equal(t, "https://graph.windows.net/me?api-version=1.6",
|
||||
p.Data().ProfileURL.String())
|
||||
assert.Equal(t, "https://graph.windows.net",
|
||||
p.Data().ProtectedResource.String())
|
||||
assert.Equal(t, "",
|
||||
p.Data().ValidateURL.String())
|
||||
assert.Equal(t, "openid", p.Data().Scope)
|
||||
}
|
||||
|
||||
func testAzureBackend(payload string) *httptest.Server {
|
||||
path := "/me"
|
||||
query := "api-version=1.6"
|
||||
|
||||
return httptest.NewServer(http.HandlerFunc(
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
url := r.URL
|
||||
if url.Path != path || url.RawQuery != query {
|
||||
w.WriteHeader(404)
|
||||
} else if r.Header.Get("Authorization") != "Bearer imaginary_access_token" {
|
||||
w.WriteHeader(403)
|
||||
} else {
|
||||
w.WriteHeader(200)
|
||||
w.Write([]byte(payload))
|
||||
}
|
||||
}))
|
||||
}
|
||||
|
||||
func TestAzureProviderGetEmailAddress(t *testing.T) {
|
||||
b := testAzureBackend(`{ "mail": "user@windows.net" }`)
|
||||
defer b.Close()
|
||||
|
||||
b_url, _ := url.Parse(b.URL)
|
||||
p := testAzureProvider(b_url.Host)
|
||||
|
||||
session := &SessionState{AccessToken: "imaginary_access_token"}
|
||||
email, err := p.GetEmailAddress(session)
|
||||
assert.Equal(t, nil, err)
|
||||
assert.Equal(t, "user@windows.net", email)
|
||||
}
|
||||
Reference in New Issue
Block a user