mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
118 Commits
35 Branches
98 Tags
59 MiB
 
 
 
 
 
 
Tree: fd814dd671
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fd814dd671'
${ noResults }
dex/connector/connector_oidc_test.go

144 lines
3.5 KiB
Raw Blame History

package connector
import (
"net/http"
"net/http/httptest"
"net/url"
"reflect"
"testing"
"github.com/coreos/go-oidc/oidc"
)
func TestLoginURL(t *testing.T) {
lf := func(ident oidc.Identity, sessionKey string) (redirectURL string, err error) { return }
tests := []struct {
cid string
redir string
state string
scope []string
prompt string
v url.Values
}{
// Standard example
{
cid: "fake-client-id",
redir: "http://example.com/oauth-redirect",
state: "fake-session-id",
scope: []string{"openid", "email", "profile"},
prompt: "",
v: url.Values{
"response_type": {"code"},
"state": {"fake-session-id"},
"redirect_uri": {"http://example.com/oauth-redirect"},
"scope": {"openid email profile"},
"client_id": {"fake-client-id"},
},
},
// No scope
{
cid: "fake-client-id",
redir: "http://example.com/oauth-redirect",
state: "fake-session-id",
scope: []string{},
prompt: "",
v: url.Values{
"response_type": {"code"},
"state": {"fake-session-id"},
"redirect_uri": {"http://example.com/oauth-redirect"},
"scope": {""},
"client_id": {"fake-client-id"},
},
},
// No state
{
cid: "fake-client-id",
redir: "http://example.com/oauth-redirect",
state: "",
scope: []string{},
prompt: "",
v: url.Values{
"response_type": {"code"},
"state": {""},
"redirect_uri": {"http://example.com/oauth-redirect"},
"scope": {""},
"client_id": {"fake-client-id"},
},
},
// Force prompt
{
cid: "fake-client-id",
redir: "http://example.com/oauth-redirect",
state: "fake-session-id",
scope: []string{"openid", "email", "profile"},
prompt: "select_account",
v: url.Values{
"response_type": {"code"},
"prompt": {"select_account"},
"state": {"fake-session-id"},
"redirect_uri": {"http://example.com/oauth-redirect"},
"scope": {"openid email profile"},
"client_id": {"fake-client-id"},
},
},
}
for i, tt := range tests {
cfg := oidc.ClientConfig{
Credentials: oidc.ClientCredentials{ID: tt.cid, Secret: "fake-client-secret"},
RedirectURL: tt.redir,
ProviderConfig: oidc.ProviderConfig{
AuthEndpoint: "http://example.com/authorize",
TokenEndpoint: "http://example.com/token",
},
Scope: tt.scope,
}
cl, err := oidc.NewClient(cfg)
if err != nil {
t.Errorf("test: %d. unexpected error: %v", i, err)
}
cn := &OIDCConnector{
loginFunc: lf,
client: cl,
}
lu, err := cn.LoginURL(tt.state, tt.prompt)
if err != nil {
t.Errorf("test: %d. want: no url error, got: error, error: %v", i, err)
}
u, err := url.Parse(lu)
if err != nil {
t.Errorf("test: %d. want: parsable url, got: unparsable url, error: %v", i, err)
}
got := u.Query()
if !reflect.DeepEqual(tt.v, got) {
t.Errorf("test: %d.\nwant: %v\ngot: %v", i, tt.v, got)
}
}
}
func TestRedirectError(t *testing.T) {
eu := url.URL{
Scheme: "http",
Host: "example.com:9090",
Path: "/login",
RawQuery: "foo=bar",
}
q := url.Values{"ping": []string{"pong"}}
rr := httptest.NewRecorder()
redirectError(rr, eu, q)
wantCode := http.StatusSeeOther
if wantCode != rr.Code {
t.Errorf("Incorrect code: want=%d got=%d", wantCode, rr.Code)
}
wantLoc := "http://example.com:9090/login?foo=bar&ping=pong"
gotLoc := rr.HeaderMap.Get("Location")
if wantLoc != gotLoc {
t.Errorf("Incorrect Location header: want=%s got=%s", wantLoc, gotLoc)
}
}