traefik-forward-auth/internal/config_test.go

package tfa

import (
	"bytes"
	"os"
	"testing"
	"time"
)

/**
 * Tests
 */

func TestConfigDefaults(t *testing.T) {
	// Check defaults
	c, err := NewConfig([]string{})
	if err != nil {
		t.Error(err)
	}

	if c.LogLevel != "warn" {
		t.Error("LogLevel default should be warn, got", c.LogLevel)
	}
	if c.LogFormat != "text" {
		t.Error("LogFormat default should be text, got", c.LogFormat)
	}

	if c.AuthHost != "" {
		t.Error("AuthHost default should be empty, got", c.AuthHost)
	}
	if len(c.CookieDomains) != 0 {
		t.Error("CookieDomains default should be empty, got", c.CookieDomains)
	}
	if c.InsecureCookie != false {
		t.Error("InsecureCookie default should be false, got", c.InsecureCookie)
	}
	if c.CookieName != "_forward_auth" {
		t.Error("CookieName default should be _forward_auth, got", c.CookieName)
	}
	if c.CSRFCookieName != "_forward_auth_csrf" {
		t.Error("CSRFCookieName default should be _forward_auth_csrf, got", c.CSRFCookieName)
	}
	if c.DefaultAction != "auth" {
		t.Error("DefaultAction default should be auth, got", c.DefaultAction)
	}
	if len(c.Domains) != 0 {
		t.Error("Domain default should be empty, got", c.Domains)
	}
	if c.Lifetime != time.Second*time.Duration(43200) {
		t.Error("Lifetime default should be 43200, got", c.Lifetime)
	}
	if c.Path != "/_oauth" {
		t.Error("Path default should be /_oauth, got", c.Path)
	}
	if len(c.Whitelist) != 0 {
		t.Error("Whitelist default should be empty, got", c.Whitelist)
	}

	if c.Providers.Google.Prompt != "" {
		t.Error("Providers.Google.Prompt default should be empty, got", c.Providers.Google.Prompt)
	}
}

func TestConfigParseArgs(t *testing.T) {
	c, err := NewConfig([]string{
		"--cookie-name=cookiename",
		"--csrf-cookie-name", "\"csrfcookiename\"",
		"--rule.1.action=allow",
		"--rule.1.rule=PathPrefix(`/one`)",
		"--rule.two.action=auth",
		"--rule.two.rule=\"Host(`two.com`) && Path(`/two`)\"",
	})
	if err != nil {
		t.Error(err)
	}

	// Check normal flags
	if c.CookieName != "cookiename" {
		t.Error("CookieName default should be cookiename, got", c.CookieName)
	}
	if c.CSRFCookieName != "csrfcookiename" {
		t.Error("CSRFCookieName default should be csrfcookiename, got", c.CSRFCookieName)
	}

	// Check rules
	if len(c.Rules) != 2 {
		t.Error("Should create 2 rules, got:", len(c.Rules))
	}

	// First rule
	if rule, ok := c.Rules["1"]; !ok {
		t.Error("Could not find rule key '1'")
	} else {
		if rule.Action != "allow" {
			t.Error("First rule action should be allow, got:", rule.Action)
		}
		if rule.Rule != "PathPrefix(`/one`)" {
			t.Error("First rule rule should be PathPrefix(`/one`), got:", rule.Rule)
		}
		if rule.Provider != "google" {
			t.Error("First rule provider should be google, got:", rule.Provider)
		}
	}

	// Second rule
	if rule, ok := c.Rules["two"]; !ok {
		t.Error("Could not find rule key '1'")
	} else {
		if rule.Action != "auth" {
			t.Error("Second rule action should be auth, got:", rule.Action)
		}
		if rule.Rule != "Host(`two.com`) && Path(`/two`)" {
			t.Error("Second rule rule should be Host(`two.com`) && Path(`/two`), got:", rule.Rule)
		}
		if rule.Provider != "google" {
			t.Error("Second rule provider should be google, got:", rule.Provider)
		}
	}
}

func TestConfigParseUnknownFlags(t *testing.T) {
	_, err := NewConfig([]string{
		"--unknown=_oauthpath2",
	})
	if err.Error() != "unknown flag: unknown" {
		t.Error("Error should be \"unknown flag: unknown\", got:", err)
	}
}

func TestConfigFlagBackwardsCompatability(t *testing.T) {
	c, err := NewConfig([]string{
		"--client-id=clientid",
		"--client-secret=verysecret",
		"--prompt=prompt",
		"--lifetime=200",
		"--cookie-secure=false",
	})
	if err != nil {
		t.Error(err)
	}

	if c.ClientIdLegacy != "clientid" {
		t.Error("ClientIdLegacy should be clientid, got", c.ClientIdLegacy)
	}
	if c.Providers.Google.ClientId != "clientid" {
		t.Error("Providers.Google.ClientId should be clientid, got", c.Providers.Google.ClientId)
	}
	if c.ClientSecretLegacy != "verysecret" {
		t.Error("ClientSecretLegacy should be verysecret, got", c.ClientSecretLegacy)
	}
	if c.Providers.Google.ClientSecret != "verysecret" {
		t.Error("Providers.Google.ClientSecret should be verysecret, got", c.Providers.Google.ClientSecret)
	}
	if c.PromptLegacy != "prompt" {
		t.Error("PromptLegacy should be prompt, got", c.PromptLegacy)
	}
	if c.Providers.Google.Prompt != "prompt" {
		t.Error("Providers.Google.Prompt should be prompt, got", c.Providers.Google.Prompt)
	}

	// "cookie-secure" used to be a standard go bool flag that could take
	// true, TRUE, 1, false, FALSE, 0 etc. values.
	// Here we're checking that format is still suppoted
	if c.CookieSecureLegacy != "false" || c.InsecureCookie != true {
		t.Error("Setting cookie-secure=false should set InsecureCookie true, got", c.InsecureCookie)
	}
	c, err = NewConfig([]string{"--cookie-secure=TRUE"})
	if err != nil {
		t.Error(err)
	}
	if c.CookieSecureLegacy != "TRUE" || c.InsecureCookie != false {
		t.Error("Setting cookie-secure=TRUE should set InsecureCookie false, got", c.InsecureCookie)
	}
}

func TestConfigParseIni(t *testing.T) {
	c, err := NewConfig([]string{
		"--config=../test/config0",
		"--config=../test/config1",
		"--csrf-cookie-name=csrfcookiename",
	})
	if err != nil {
		t.Error(err)
	}

	if c.CookieName != "inicookiename" {
		t.Error("CookieName should be read as inicookiename from ini file, got", c.CookieName)
	}
	if c.CSRFCookieName != "csrfcookiename" {
		t.Error("CSRFCookieName argument should override ini file, got", c.CSRFCookieName)
	}
	if c.Path != "/two" {
		t.Error("Path in second ini file should override first ini file, got", c.Path)
	}
}

func TestConfigFileBackwardsCompatability(t *testing.T) {
	c, err := NewConfig([]string{
		"--config=../test/config-legacy",
	})
	if err != nil {
		t.Error(err)
	}

	if c.Path != "/two" {
		t.Error("Path in legacy config file should be read, got", c.Path)
	}
}

func TestConfigParseEnvironment(t *testing.T) {
	os.Setenv("COOKIE_NAME", "env_cookie_name")
	c, err := NewConfig([]string{})
	if err != nil {
		t.Error(err)
	}

	if c.CookieName != "env_cookie_name" {
		t.Error("CookieName should be read as env_cookie_name from environment, got", c.CookieName)
	}
}

func TestConfigTransformation(t *testing.T) {
	c, err := NewConfig([]string{
		"--url-path=_oauthpath",
		"--secret=verysecret",
		"--lifetime=200",
	})
	if err != nil {
		t.Error(err)
	}

	if c.Path != "/_oauthpath" {
		t.Error("Path should add slash to front to get /_oauthpath, got:", c.Path)
	}

	if c.SecretString != "verysecret" {
		t.Error("SecretString should be verysecret, got:", c.SecretString)
	}
	if bytes.Compare(c.Secret, []byte("verysecret")) != 0 {
		t.Error("Secret should be []byte(verysecret), got:", string(c.Secret))
	}

	if c.LifetimeString != 200 {
		t.Error("LifetimeString should be 200, got:", c.LifetimeString)
	}
	if c.Lifetime != time.Second*time.Duration(200) {
		t.Error("Lifetime default should be 200, got", c.Lifetime)
	}
}

func TestConfigCommaSeparatedList(t *testing.T) {
	list := CommaSeparatedList{}

	err := list.UnmarshalFlag("one,two")
	if err != nil {
		t.Error(err)
	}
	if len(list) != 2 || list[0] != "one" || list[1] != "two" {
		t.Error("Expected UnmarshalFlag to provide CommaSeparatedList{one,two}, got", list)
	}

	marshal, err := list.MarshalFlag()
	if err != nil {
		t.Error(err)
	}
	if marshal != "one,two" {
		t.Error("Expected MarshalFlag to provide \"one,two\", got", list)
	}
}
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00			`package tfa`

			`import (`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`"bytes"`
			`"os"`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00			`"testing"`
			`"time"`
			`)`

			`/**`
			`* Tests`
			`*/`

			`func TestConfigDefaults(t *testing.T) {`
			`// Check defaults`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00			`c, err := NewConfig([]string{})`
			`if err != nil {`
			`t.Error(err)`
			`}`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00
			`if c.LogLevel != "warn" {`
			`t.Error("LogLevel default should be warn, got", c.LogLevel)`
			`}`
			`if c.LogFormat != "text" {`
			`t.Error("LogFormat default should be text, got", c.LogFormat)`
			`}`

			`if c.AuthHost != "" {`
			`t.Error("AuthHost default should be empty, got", c.AuthHost)`
			`}`
			`if len(c.CookieDomains) != 0 {`
			`t.Error("CookieDomains default should be empty, got", c.CookieDomains)`
			`}`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`if c.InsecureCookie != false {`
			`t.Error("InsecureCookie default should be false, got", c.InsecureCookie)`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00			`}`
			`if c.CookieName != "_forward_auth" {`
			`t.Error("CookieName default should be _forward_auth, got", c.CookieName)`
			`}`
			`if c.CSRFCookieName != "_forward_auth_csrf" {`
			`t.Error("CSRFCookieName default should be _forward_auth_csrf, got", c.CSRFCookieName)`
			`}`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`if c.DefaultAction != "auth" {`
			`t.Error("DefaultAction default should be auth, got", c.DefaultAction)`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00			`}`
			`if len(c.Domains) != 0 {`
			`t.Error("Domain default should be empty, got", c.Domains)`
			`}`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`if c.Lifetime != time.Second*time.Duration(43200) {`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00			`t.Error("Lifetime default should be 43200, got", c.Lifetime)`
			`}`
			`if c.Path != "/_oauth" {`
			`t.Error("Path default should be /_oauth, got", c.Path)`
			`}`
			`if len(c.Whitelist) != 0 {`
			`t.Error("Whitelist default should be empty, got", c.Whitelist)`
			`}`

			`if c.Providers.Google.Prompt != "" {`
			`t.Error("Providers.Google.Prompt default should be empty, got", c.Providers.Google.Prompt)`
			`}`
			`}`

Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`func TestConfigParseArgs(t *testing.T) {`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00			`c, err := NewConfig([]string{`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`"--cookie-name=cookiename",`
			`"--csrf-cookie-name", "\"csrfcookiename\"",`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00			`"--rule.1.action=allow",`
			"--rule.1.rule=PathPrefix(`/one`)",
			`"--rule.two.action=auth",`
			"--rule.two.rule=\"Host(`two.com`) && Path(`/two`)\"",
			`})`
			`if err != nil {`
			`t.Error(err)`
			`}`

			`// Check normal flags`
			`if c.CookieName != "cookiename" {`
			`t.Error("CookieName default should be cookiename, got", c.CookieName)`
			`}`
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`if c.CSRFCookieName != "csrfcookiename" {`
			`t.Error("CSRFCookieName default should be csrfcookiename, got", c.CSRFCookieName)`
			`}`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00
			`// Check rules`
			`if len(c.Rules) != 2 {`
			`t.Error("Should create 2 rules, got:", len(c.Rules))`
			`}`

			`// First rule`
			`if rule, ok := c.Rules["1"]; !ok {`
			`t.Error("Could not find rule key '1'")`
			`} else {`
			`if rule.Action != "allow" {`
			`t.Error("First rule action should be allow, got:", rule.Action)`
			`}`
			if rule.Rule != "PathPrefix(`/one`)" {
			t.Error("First rule rule should be PathPrefix(`/one`), got:", rule.Rule)
			`}`
			`if rule.Provider != "google" {`
			`t.Error("First rule provider should be google, got:", rule.Provider)`
			`}`
			`}`

			`// Second rule`
			`if rule, ok := c.Rules["two"]; !ok {`
			`t.Error("Could not find rule key '1'")`
			`} else {`
			`if rule.Action != "auth" {`
			`t.Error("Second rule action should be auth, got:", rule.Action)`
			`}`
			if rule.Rule != "Host(`two.com`) && Path(`/two`)" {
			t.Error("Second rule rule should be Host(`two.com`) && Path(`/two`), got:", rule.Rule)
			`}`
			`if rule.Provider != "google" {`
			`t.Error("Second rule provider should be google, got:", rule.Provider)`
			`}`
			`}`
			`}`

Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`func TestConfigParseUnknownFlags(t *testing.T) {`
			`_, err := NewConfig([]string{`
			`"--unknown=_oauthpath2",`
			`})`
			`if err.Error() != "unknown flag: unknown" {`
			`t.Error("Error should be \"unknown flag: unknown\", got:", err)`
			`}`
			`}`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`func TestConfigFlagBackwardsCompatability(t *testing.T) {`
			`c, err := NewConfig([]string{`
			`"--client-id=clientid",`
			`"--client-secret=verysecret",`
			`"--prompt=prompt",`
			`"--lifetime=200",`
			`"--cookie-secure=false",`
			`})`
			`if err != nil {`
			`t.Error(err)`
			`}`
Use new rule config + tidy ups 2019-04-17 11:29:35 +01:00
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`if c.ClientIdLegacy != "clientid" {`
			`t.Error("ClientIdLegacy should be clientid, got", c.ClientIdLegacy)`
			`}`
			`if c.Providers.Google.ClientId != "clientid" {`
			`t.Error("Providers.Google.ClientId should be clientid, got", c.Providers.Google.ClientId)`
			`}`
			`if c.ClientSecretLegacy != "verysecret" {`
			`t.Error("ClientSecretLegacy should be verysecret, got", c.ClientSecretLegacy)`
			`}`
			`if c.Providers.Google.ClientSecret != "verysecret" {`
			`t.Error("Providers.Google.ClientSecret should be verysecret, got", c.Providers.Google.ClientSecret)`
			`}`
			`if c.PromptLegacy != "prompt" {`
			`t.Error("PromptLegacy should be prompt, got", c.PromptLegacy)`
			`}`
			`if c.Providers.Google.Prompt != "prompt" {`
			`t.Error("Providers.Google.Prompt should be prompt, got", c.Providers.Google.Prompt)`
			`}`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`// "cookie-secure" used to be a standard go bool flag that could take`
			`// true, TRUE, 1, false, FALSE, 0 etc. values.`
			`// Here we're checking that format is still suppoted`
			`if c.CookieSecureLegacy != "false" \|\| c.InsecureCookie != true {`
			`t.Error("Setting cookie-secure=false should set InsecureCookie true, got", c.InsecureCookie)`
			`}`
			`c, err = NewConfig([]string{"--cookie-secure=TRUE"})`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`if c.CookieSecureLegacy != "TRUE" \|\| c.InsecureCookie != false {`
			`t.Error("Setting cookie-secure=TRUE should set InsecureCookie false, got", c.InsecureCookie)`
			`}`
			`}`

			`func TestConfigParseIni(t *testing.T) {`
			`c, err := NewConfig([]string{`
			`"--config=../test/config0",`
			`"--config=../test/config1",`
			`"--csrf-cookie-name=csrfcookiename",`
			`})`
			`if err != nil {`
			`t.Error(err)`
			`}`

			`if c.CookieName != "inicookiename" {`
			`t.Error("CookieName should be read as inicookiename from ini file, got", c.CookieName)`
			`}`
			`if c.CSRFCookieName != "csrfcookiename" {`
			`t.Error("CSRFCookieName argument should override ini file, got", c.CSRFCookieName)`
			`}`
			`if c.Path != "/two" {`
			`t.Error("Path in second ini file should override first ini file, got", c.Path)`
			`}`
			`}`
Refactor progress - move directory structure - string based rule definition - use traefik rule parsing - drop toml config - new flag library - implement go dep 2019-04-12 16:12:13 +01:00
Add more v2 tests + fixes + improve legacy config parsing 2019-04-18 15:07:39 +01:00			`func TestConfigFileBackwardsCompatability(t *testing.T) {`
			`c, err := NewConfig([]string{`
			`"--config=../test/config-legacy",`
			`})`
			`if err != nil {`
			`t.Error(err)`
			`}`

			`if c.Path != "/two" {`
			`t.Error("Path in legacy config file should be read, got", c.Path)`
			`}`
			`}`

			`func TestConfigParseEnvironment(t *testing.T) {`
			`os.Setenv("COOKIE_NAME", "env_cookie_name")`
			`c, err := NewConfig([]string{})`
			`if err != nil {`
			`t.Error(err)`
			`}`

			`if c.CookieName != "env_cookie_name" {`
			`t.Error("CookieName should be read as env_cookie_name from environment, got", c.CookieName)`
			`}`
			`}`

			`func TestConfigTransformation(t *testing.T) {`
			`c, err := NewConfig([]string{`
			`"--url-path=_oauthpath",`
			`"--secret=verysecret",`
			`"--lifetime=200",`
			`})`
			`if err != nil {`
			`t.Error(err)`
			`}`

			`if c.Path != "/_oauthpath" {`
			`t.Error("Path should add slash to front to get /_oauthpath, got:", c.Path)`
			`}`

			`if c.SecretString != "verysecret" {`
			`t.Error("SecretString should be verysecret, got:", c.SecretString)`
			`}`
			`if bytes.Compare(c.Secret, []byte("verysecret")) != 0 {`
			`t.Error("Secret should be []byte(verysecret), got:", string(c.Secret))`
			`}`

			`if c.LifetimeString != 200 {`
			`t.Error("LifetimeString should be 200, got:", c.LifetimeString)`
			`}`
			`if c.Lifetime != time.Second*time.Duration(200) {`
			`t.Error("Lifetime default should be 200, got", c.Lifetime)`
			`}`
			`}`

			`func TestConfigCommaSeparatedList(t *testing.T) {`
			`list := CommaSeparatedList{}`

			`err := list.UnmarshalFlag("one,two")`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`if len(list) != 2 \|\| list[0] != "one" \|\| list[1] != "two" {`
			`t.Error("Expected UnmarshalFlag to provide CommaSeparatedList{one,two}, got", list)`
			`}`

			`marshal, err := list.MarshalFlag()`
			`if err != nil {`
			`t.Error(err)`
			`}`
			`if marshal != "one,two" {`
			`t.Error("Expected MarshalFlag to provide \"one,two\", got", list)`
			`}`
			`}`