dex/connector/authproxy/authproxy_test.go

package authproxy

import (
	"log/slog"
	"net/http"
	"reflect"
	"testing"

	"github.com/dexidp/dex/connector"
)

const (
	testEmail             = "testuser@example.com"
	testGroup1            = "group1"
	testGroup2            = "group2"
	testGroup3            = "group 3"
	testGroup4            = "group 4"
	testStaticGroup1      = "static1"
	testStaticGroup2      = "static 2"
	testUsername          = "Test User"
	testPreferredUsername = "testuser"
	testUserID            = "1234567890"
)

var logger = slog.New(slog.DiscardHandler)

func TestUser(t *testing.T) {
	config := Config{}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User": {testUsername},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	// If not specified, the userID and email should fall back to the remote user
	expectEquals(t, ident.UserID, testUsername)
	expectEquals(t, ident.PreferredUsername, testUsername)
	expectEquals(t, ident.Username, testUsername)
	expectEquals(t, ident.Email, testUsername)
	expectEquals(t, len(ident.Groups), 0)
}

func TestExtraHeaders(t *testing.T) {
	config := Config{}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User-Id":    {testUserID},
		"X-Remote-User":       {testUsername},
		"X-Remote-User-Name":  {testPreferredUsername},
		"X-Remote-User-Email": {testEmail},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	expectEquals(t, ident.UserID, testUserID)
	expectEquals(t, ident.PreferredUsername, testPreferredUsername)
	expectEquals(t, ident.Username, testUsername)
	expectEquals(t, ident.Email, testEmail)
	expectEquals(t, len(ident.Groups), 0)
}

func TestSingleGroup(t *testing.T) {
	config := Config{}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User":  {testEmail},
		"X-Remote-Group": {testGroup1},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	expectEquals(t, ident.UserID, testEmail)
	expectEquals(t, len(ident.Groups), 1)
	expectEquals(t, ident.Groups[0], testGroup1)
}

func TestMultipleGroup(t *testing.T) {
	config := Config{}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User":  {testEmail},
		"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	expectEquals(t, ident.UserID, testEmail)
	expectEquals(t, len(ident.Groups), 4)
	expectEquals(t, ident.Groups[0], testGroup1)
	expectEquals(t, ident.Groups[1], testGroup2)
	expectEquals(t, ident.Groups[2], testGroup3)
	expectEquals(t, ident.Groups[3], testGroup4)
}

func TestMultipleGroupWithCustomSeparator(t *testing.T) {
	config := Config{
		GroupHeaderSeparator: ";",
	}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User":  {testEmail},
		"X-Remote-Group": {testGroup1 + ";" + testGroup2 + ";" + testGroup3 + ";" + testGroup4},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	expectEquals(t, ident.UserID, testEmail)
	expectEquals(t, len(ident.Groups), 4)
	expectEquals(t, ident.Groups[0], testGroup1)
	expectEquals(t, ident.Groups[1], testGroup2)
	expectEquals(t, ident.Groups[2], testGroup3)
	expectEquals(t, ident.Groups[3], testGroup4)
}

func TestStaticGroup(t *testing.T) {
	config := Config{
		Groups: []string{"static1", "static 2"},
	}

	conn, _ := config.Open("test", logger)
	callback := conn.(*callback)

	req, err := http.NewRequest("GET", "/", nil)
	expectNil(t, err)
	req.Header = map[string][]string{
		"X-Remote-User":  {testEmail},
		"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4},
	}

	ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)
	expectNil(t, err)

	expectEquals(t, ident.UserID, testEmail)
	expectEquals(t, len(ident.Groups), 6)
	expectEquals(t, ident.Groups[0], testGroup1)
	expectEquals(t, ident.Groups[1], testGroup2)
	expectEquals(t, ident.Groups[2], testGroup3)
	expectEquals(t, ident.Groups[3], testGroup4)
	expectEquals(t, ident.Groups[4], testStaticGroup1)
	expectEquals(t, ident.Groups[5], testStaticGroup2)
}

func expectNil(t *testing.T, a interface{}) {
	if a != nil {
		t.Errorf("Expected %+v to equal nil", a)
	}
}

func expectEquals(t *testing.T, a interface{}, b interface{}) {
	if !reflect.DeepEqual(a, b) {
		t.Errorf("Expected %+v to equal %+v", a, b)
	}
}
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`package authproxy`

			`import (`
use slog for structured logging (#3502) Signed-off-by: Sean Liao <sean+git@liao.dev> 2 years ago			`"log/slog"`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`"net/http"`
			`"reflect"`
			`"testing"`

			`"github.com/dexidp/dex/connector"`
			`)`

			`const (`
Add authproxy preferred_username header (#3950) Signed-off-by: Kot <kot@yukata.dev> 1 year ago			`testEmail = "testuser@example.com"`
			`testGroup1 = "group1"`
			`testGroup2 = "group2"`
			`testGroup3 = "group 3"`
			`testGroup4 = "group 4"`
			`testStaticGroup1 = "static1"`
			`testStaticGroup2 = "static 2"`
			`testUsername = "Test User"`
			`testPreferredUsername = "testuser"`
			`testUserID = "1234567890"`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`)`

refactor: simplify tests by using slog.DiscardHandler (#4058) Signed-off-by: Oleksandr Redko <oleksandr.red+github@gmail.com> 1 year ago			`var logger = slog.New(slog.DiscardHandler)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
			`func TestUser(t *testing.T) {`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`config := Config{}`

			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago			`"X-Remote-User": {testUsername},`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`expectNil(t, err)`

Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago			`// If not specified, the userID and email should fall back to the remote user`
			`expectEquals(t, ident.UserID, testUsername)`
			`expectEquals(t, ident.PreferredUsername, testUsername)`
Also set the username in authproxy connector (#3307) Signed-off-by: Patrick Pacher <patrick.pacher@gmail.com> 2 years ago			`expectEquals(t, ident.Username, testUsername)`
Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago			`expectEquals(t, ident.Email, testUsername)`
			`expectEquals(t, len(ident.Groups), 0)`
			`}`

			`func TestExtraHeaders(t *testing.T) {`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`config := Config{}`

			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`
Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago
			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
			`"X-Remote-User-Id": {testUserID},`
			`"X-Remote-User": {testUsername},`
Add authproxy preferred_username header (#3950) Signed-off-by: Kot <kot@yukata.dev> 1 year ago			`"X-Remote-User-Name": {testPreferredUsername},`
Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago			`"X-Remote-User-Email": {testEmail},`
			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
Add support for extra claims to authproxy connector (#2851) Signed-off-by: Matt Pryor <matt@stackhpc.com> 2 years ago			`expectNil(t, err)`

			`expectEquals(t, ident.UserID, testUserID)`
Add authproxy preferred_username header (#3950) Signed-off-by: Kot <kot@yukata.dev> 1 year ago			`expectEquals(t, ident.PreferredUsername, testPreferredUsername)`
Also set the username in authproxy connector (#3307) Signed-off-by: Patrick Pacher <patrick.pacher@gmail.com> 2 years ago			`expectEquals(t, ident.Username, testUsername)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`expectEquals(t, ident.Email, testEmail)`
			`expectEquals(t, len(ident.Groups), 0)`
			`}`

			`func TestSingleGroup(t *testing.T) {`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`config := Config{}`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
			`"X-Remote-User": {testEmail},`
			`"X-Remote-Group": {testGroup1},`
			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`expectNil(t, err)`

			`expectEquals(t, ident.UserID, testEmail)`
			`expectEquals(t, len(ident.Groups), 1)`
			`expectEquals(t, ident.Groups[0], testGroup1)`
			`}`

			`func TestMultipleGroup(t *testing.T) {`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`config := Config{}`

			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`

			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
			`"X-Remote-User": {testEmail},`
			`"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4},`
			`}`

			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
			`expectNil(t, err)`

			`expectEquals(t, ident.UserID, testEmail)`
			`expectEquals(t, len(ident.Groups), 4)`
			`expectEquals(t, ident.Groups[0], testGroup1)`
			`expectEquals(t, ident.Groups[1], testGroup2)`
			`expectEquals(t, ident.Groups[2], testGroup3)`
			`expectEquals(t, ident.Groups[3], testGroup4)`
			`}`

			`func TestMultipleGroupWithCustomSeparator(t *testing.T) {`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`config := Config{`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`GroupHeaderSeparator: ";",`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
			`"X-Remote-User": {testEmail},`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`"X-Remote-Group": {testGroup1 + ";" + testGroup2 + ";" + testGroup3 + ";" + testGroup4},`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`expectNil(t, err)`

			`expectEquals(t, ident.UserID, testEmail)`
			`expectEquals(t, len(ident.Groups), 4)`
			`expectEquals(t, ident.Groups[0], testGroup1)`
			`expectEquals(t, ident.Groups[1], testGroup2)`
			`expectEquals(t, ident.Groups[2], testGroup3)`
			`expectEquals(t, ident.Groups[3], testGroup4)`
			`}`

			`func TestStaticGroup(t *testing.T) {`
			`config := Config{`
authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`Groups: []string{"static1", "static 2"},`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`conn, _ := config.Open("test", logger)`
			`callback := conn.(*callback)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago
			`req, err := http.NewRequest("GET", "/", nil)`
			`expectNil(t, err)`
			`req.Header = map[string][]string{`
			`"X-Remote-User": {testEmail},`
			`"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4},`
			`}`

authproxy connector: add support for specifying group header separator (#3745) Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com> Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com> 9 months ago			`ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req)`
feat(connector/authproxy): support multiple groups (#2643) Signed-off-by: Marcelo Clavel <mclavel00@gmail.com> 4 years ago			`expectNil(t, err)`

			`expectEquals(t, ident.UserID, testEmail)`
			`expectEquals(t, len(ident.Groups), 6)`
			`expectEquals(t, ident.Groups[0], testGroup1)`
			`expectEquals(t, ident.Groups[1], testGroup2)`
			`expectEquals(t, ident.Groups[2], testGroup3)`
			`expectEquals(t, ident.Groups[3], testGroup4)`
			`expectEquals(t, ident.Groups[4], testStaticGroup1)`
			`expectEquals(t, ident.Groups[5], testStaticGroup2)`
			`}`

			`func expectNil(t *testing.T, a interface{}) {`
			`if a != nil {`
			`t.Errorf("Expected %+v to equal nil", a)`
			`}`
			`}`

			`func expectEquals(t *testing.T, a interface{}, b interface{}) {`
			`if !reflect.DeepEqual(a, b) {`
			`t.Errorf("Expected %+v to equal %+v", a, b)`
			`}`
			`}`