mirror of https://github.com/dexidp/dex.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
5.1 KiB
184 lines
5.1 KiB
package authproxy |
|
|
|
import ( |
|
"log/slog" |
|
"net/http" |
|
"reflect" |
|
"testing" |
|
|
|
"github.com/dexidp/dex/connector" |
|
) |
|
|
|
const ( |
|
testEmail = "testuser@example.com" |
|
testGroup1 = "group1" |
|
testGroup2 = "group2" |
|
testGroup3 = "group 3" |
|
testGroup4 = "group 4" |
|
testStaticGroup1 = "static1" |
|
testStaticGroup2 = "static 2" |
|
testUsername = "Test User" |
|
testPreferredUsername = "testuser" |
|
testUserID = "1234567890" |
|
) |
|
|
|
var logger = slog.New(slog.DiscardHandler) |
|
|
|
func TestUser(t *testing.T) { |
|
config := Config{} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User": {testUsername}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
// If not specified, the userID and email should fall back to the remote user |
|
expectEquals(t, ident.UserID, testUsername) |
|
expectEquals(t, ident.PreferredUsername, testUsername) |
|
expectEquals(t, ident.Username, testUsername) |
|
expectEquals(t, ident.Email, testUsername) |
|
expectEquals(t, len(ident.Groups), 0) |
|
} |
|
|
|
func TestExtraHeaders(t *testing.T) { |
|
config := Config{} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User-Id": {testUserID}, |
|
"X-Remote-User": {testUsername}, |
|
"X-Remote-User-Name": {testPreferredUsername}, |
|
"X-Remote-User-Email": {testEmail}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
expectEquals(t, ident.UserID, testUserID) |
|
expectEquals(t, ident.PreferredUsername, testPreferredUsername) |
|
expectEquals(t, ident.Username, testUsername) |
|
expectEquals(t, ident.Email, testEmail) |
|
expectEquals(t, len(ident.Groups), 0) |
|
} |
|
|
|
func TestSingleGroup(t *testing.T) { |
|
config := Config{} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User": {testEmail}, |
|
"X-Remote-Group": {testGroup1}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
expectEquals(t, ident.UserID, testEmail) |
|
expectEquals(t, len(ident.Groups), 1) |
|
expectEquals(t, ident.Groups[0], testGroup1) |
|
} |
|
|
|
func TestMultipleGroup(t *testing.T) { |
|
config := Config{} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User": {testEmail}, |
|
"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
expectEquals(t, ident.UserID, testEmail) |
|
expectEquals(t, len(ident.Groups), 4) |
|
expectEquals(t, ident.Groups[0], testGroup1) |
|
expectEquals(t, ident.Groups[1], testGroup2) |
|
expectEquals(t, ident.Groups[2], testGroup3) |
|
expectEquals(t, ident.Groups[3], testGroup4) |
|
} |
|
|
|
func TestMultipleGroupWithCustomSeparator(t *testing.T) { |
|
config := Config{ |
|
GroupHeaderSeparator: ";", |
|
} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User": {testEmail}, |
|
"X-Remote-Group": {testGroup1 + ";" + testGroup2 + ";" + testGroup3 + ";" + testGroup4}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
expectEquals(t, ident.UserID, testEmail) |
|
expectEquals(t, len(ident.Groups), 4) |
|
expectEquals(t, ident.Groups[0], testGroup1) |
|
expectEquals(t, ident.Groups[1], testGroup2) |
|
expectEquals(t, ident.Groups[2], testGroup3) |
|
expectEquals(t, ident.Groups[3], testGroup4) |
|
} |
|
|
|
func TestStaticGroup(t *testing.T) { |
|
config := Config{ |
|
Groups: []string{"static1", "static 2"}, |
|
} |
|
|
|
conn, _ := config.Open("test", logger) |
|
callback := conn.(*callback) |
|
|
|
req, err := http.NewRequest("GET", "/", nil) |
|
expectNil(t, err) |
|
req.Header = map[string][]string{ |
|
"X-Remote-User": {testEmail}, |
|
"X-Remote-Group": {testGroup1 + ", " + testGroup2 + ", " + testGroup3 + ", " + testGroup4}, |
|
} |
|
|
|
ident, err := callback.HandleCallback(connector.Scopes{OfflineAccess: true, Groups: true}, req) |
|
expectNil(t, err) |
|
|
|
expectEquals(t, ident.UserID, testEmail) |
|
expectEquals(t, len(ident.Groups), 6) |
|
expectEquals(t, ident.Groups[0], testGroup1) |
|
expectEquals(t, ident.Groups[1], testGroup2) |
|
expectEquals(t, ident.Groups[2], testGroup3) |
|
expectEquals(t, ident.Groups[3], testGroup4) |
|
expectEquals(t, ident.Groups[4], testStaticGroup1) |
|
expectEquals(t, ident.Groups[5], testStaticGroup2) |
|
} |
|
|
|
func expectNil(t *testing.T, a interface{}) { |
|
if a != nil { |
|
t.Errorf("Expected %+v to equal nil", a) |
|
} |
|
} |
|
|
|
func expectEquals(t *testing.T, a interface{}, b interface{}) { |
|
if !reflect.DeepEqual(a, b) { |
|
t.Errorf("Expected %+v to equal %+v", a, b) |
|
} |
|
}
|
|
|