2019-04-12 16:12:13 +01:00
|
|
|
package tfa
|
|
|
|
|
|
|
|
import (
|
2019-04-18 15:07:39 +01:00
|
|
|
"bytes"
|
|
|
|
"os"
|
2019-04-12 16:12:13 +01:00
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
)
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Tests
|
|
|
|
*/
|
|
|
|
|
|
|
|
func TestConfigDefaults(t *testing.T) {
|
|
|
|
// Check defaults
|
2019-04-17 11:29:35 +01:00
|
|
|
c, err := NewConfig([]string{})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
2019-04-12 16:12:13 +01:00
|
|
|
|
|
|
|
if c.LogLevel != "warn" {
|
|
|
|
t.Error("LogLevel default should be warn, got", c.LogLevel)
|
|
|
|
}
|
|
|
|
if c.LogFormat != "text" {
|
|
|
|
t.Error("LogFormat default should be text, got", c.LogFormat)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.AuthHost != "" {
|
|
|
|
t.Error("AuthHost default should be empty, got", c.AuthHost)
|
|
|
|
}
|
|
|
|
if len(c.CookieDomains) != 0 {
|
|
|
|
t.Error("CookieDomains default should be empty, got", c.CookieDomains)
|
|
|
|
}
|
2019-04-18 15:07:39 +01:00
|
|
|
if c.InsecureCookie != false {
|
|
|
|
t.Error("InsecureCookie default should be false, got", c.InsecureCookie)
|
2019-04-12 16:12:13 +01:00
|
|
|
}
|
|
|
|
if c.CookieName != "_forward_auth" {
|
|
|
|
t.Error("CookieName default should be _forward_auth, got", c.CookieName)
|
|
|
|
}
|
|
|
|
if c.CSRFCookieName != "_forward_auth_csrf" {
|
|
|
|
t.Error("CSRFCookieName default should be _forward_auth_csrf, got", c.CSRFCookieName)
|
|
|
|
}
|
2019-04-18 15:07:39 +01:00
|
|
|
if c.DefaultAction != "auth" {
|
|
|
|
t.Error("DefaultAction default should be auth, got", c.DefaultAction)
|
2019-04-12 16:12:13 +01:00
|
|
|
}
|
|
|
|
if len(c.Domains) != 0 {
|
|
|
|
t.Error("Domain default should be empty, got", c.Domains)
|
|
|
|
}
|
2019-04-18 15:07:39 +01:00
|
|
|
if c.Lifetime != time.Second*time.Duration(43200) {
|
2019-04-12 16:12:13 +01:00
|
|
|
t.Error("Lifetime default should be 43200, got", c.Lifetime)
|
|
|
|
}
|
|
|
|
if c.Path != "/_oauth" {
|
|
|
|
t.Error("Path default should be /_oauth, got", c.Path)
|
|
|
|
}
|
|
|
|
if len(c.Whitelist) != 0 {
|
|
|
|
t.Error("Whitelist default should be empty, got", c.Whitelist)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.Providers.Google.Prompt != "" {
|
|
|
|
t.Error("Providers.Google.Prompt default should be empty, got", c.Providers.Google.Prompt)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
func TestConfigParseArgs(t *testing.T) {
|
2019-04-17 11:29:35 +01:00
|
|
|
c, err := NewConfig([]string{
|
2019-04-18 15:07:39 +01:00
|
|
|
"--cookie-name=cookiename",
|
|
|
|
"--csrf-cookie-name", "\"csrfcookiename\"",
|
2019-04-17 11:29:35 +01:00
|
|
|
"--rule.1.action=allow",
|
|
|
|
"--rule.1.rule=PathPrefix(`/one`)",
|
|
|
|
"--rule.two.action=auth",
|
|
|
|
"--rule.two.rule=\"Host(`two.com`) && Path(`/two`)\"",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check normal flags
|
|
|
|
if c.CookieName != "cookiename" {
|
|
|
|
t.Error("CookieName default should be cookiename, got", c.CookieName)
|
|
|
|
}
|
2019-04-18 15:07:39 +01:00
|
|
|
if c.CSRFCookieName != "csrfcookiename" {
|
|
|
|
t.Error("CSRFCookieName default should be csrfcookiename, got", c.CSRFCookieName)
|
|
|
|
}
|
2019-04-17 11:29:35 +01:00
|
|
|
|
|
|
|
// Check rules
|
|
|
|
if len(c.Rules) != 2 {
|
|
|
|
t.Error("Should create 2 rules, got:", len(c.Rules))
|
|
|
|
}
|
|
|
|
|
|
|
|
// First rule
|
|
|
|
if rule, ok := c.Rules["1"]; !ok {
|
|
|
|
t.Error("Could not find rule key '1'")
|
|
|
|
} else {
|
|
|
|
if rule.Action != "allow" {
|
|
|
|
t.Error("First rule action should be allow, got:", rule.Action)
|
|
|
|
}
|
|
|
|
if rule.Rule != "PathPrefix(`/one`)" {
|
|
|
|
t.Error("First rule rule should be PathPrefix(`/one`), got:", rule.Rule)
|
|
|
|
}
|
|
|
|
if rule.Provider != "google" {
|
|
|
|
t.Error("First rule provider should be google, got:", rule.Provider)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Second rule
|
|
|
|
if rule, ok := c.Rules["two"]; !ok {
|
|
|
|
t.Error("Could not find rule key '1'")
|
|
|
|
} else {
|
|
|
|
if rule.Action != "auth" {
|
|
|
|
t.Error("Second rule action should be auth, got:", rule.Action)
|
|
|
|
}
|
|
|
|
if rule.Rule != "Host(`two.com`) && Path(`/two`)" {
|
|
|
|
t.Error("Second rule rule should be Host(`two.com`) && Path(`/two`), got:", rule.Rule)
|
|
|
|
}
|
|
|
|
if rule.Provider != "google" {
|
|
|
|
t.Error("Second rule provider should be google, got:", rule.Provider)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
func TestConfigParseUnknownFlags(t *testing.T) {
|
|
|
|
_, err := NewConfig([]string{
|
|
|
|
"--unknown=_oauthpath2",
|
|
|
|
})
|
|
|
|
if err.Error() != "unknown flag: unknown" {
|
|
|
|
t.Error("Error should be \"unknown flag: unknown\", got:", err)
|
|
|
|
}
|
|
|
|
}
|
2019-04-17 11:29:35 +01:00
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
func TestConfigFlagBackwardsCompatability(t *testing.T) {
|
|
|
|
c, err := NewConfig([]string{
|
|
|
|
"--client-id=clientid",
|
|
|
|
"--client-secret=verysecret",
|
|
|
|
"--prompt=prompt",
|
|
|
|
"--lifetime=200",
|
|
|
|
"--cookie-secure=false",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
2019-04-17 11:29:35 +01:00
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
if c.ClientIdLegacy != "clientid" {
|
|
|
|
t.Error("ClientIdLegacy should be clientid, got", c.ClientIdLegacy)
|
|
|
|
}
|
|
|
|
if c.Providers.Google.ClientId != "clientid" {
|
|
|
|
t.Error("Providers.Google.ClientId should be clientid, got", c.Providers.Google.ClientId)
|
|
|
|
}
|
|
|
|
if c.ClientSecretLegacy != "verysecret" {
|
|
|
|
t.Error("ClientSecretLegacy should be verysecret, got", c.ClientSecretLegacy)
|
|
|
|
}
|
|
|
|
if c.Providers.Google.ClientSecret != "verysecret" {
|
|
|
|
t.Error("Providers.Google.ClientSecret should be verysecret, got", c.Providers.Google.ClientSecret)
|
|
|
|
}
|
|
|
|
if c.PromptLegacy != "prompt" {
|
|
|
|
t.Error("PromptLegacy should be prompt, got", c.PromptLegacy)
|
|
|
|
}
|
|
|
|
if c.Providers.Google.Prompt != "prompt" {
|
|
|
|
t.Error("Providers.Google.Prompt should be prompt, got", c.Providers.Google.Prompt)
|
|
|
|
}
|
2019-04-12 16:12:13 +01:00
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
// "cookie-secure" used to be a standard go bool flag that could take
|
|
|
|
// true, TRUE, 1, false, FALSE, 0 etc. values.
|
|
|
|
// Here we're checking that format is still suppoted
|
|
|
|
if c.CookieSecureLegacy != "false" || c.InsecureCookie != true {
|
|
|
|
t.Error("Setting cookie-secure=false should set InsecureCookie true, got", c.InsecureCookie)
|
|
|
|
}
|
|
|
|
c, err = NewConfig([]string{"--cookie-secure=TRUE"})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
if c.CookieSecureLegacy != "TRUE" || c.InsecureCookie != false {
|
|
|
|
t.Error("Setting cookie-secure=TRUE should set InsecureCookie false, got", c.InsecureCookie)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigParseIni(t *testing.T) {
|
|
|
|
c, err := NewConfig([]string{
|
|
|
|
"--config=../test/config0",
|
|
|
|
"--config=../test/config1",
|
|
|
|
"--csrf-cookie-name=csrfcookiename",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.CookieName != "inicookiename" {
|
|
|
|
t.Error("CookieName should be read as inicookiename from ini file, got", c.CookieName)
|
|
|
|
}
|
|
|
|
if c.CSRFCookieName != "csrfcookiename" {
|
|
|
|
t.Error("CSRFCookieName argument should override ini file, got", c.CSRFCookieName)
|
|
|
|
}
|
|
|
|
if c.Path != "/two" {
|
|
|
|
t.Error("Path in second ini file should override first ini file, got", c.Path)
|
|
|
|
}
|
|
|
|
}
|
2019-04-12 16:12:13 +01:00
|
|
|
|
2019-04-18 15:07:39 +01:00
|
|
|
func TestConfigFileBackwardsCompatability(t *testing.T) {
|
|
|
|
c, err := NewConfig([]string{
|
|
|
|
"--config=../test/config-legacy",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.Path != "/two" {
|
|
|
|
t.Error("Path in legacy config file should be read, got", c.Path)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigParseEnvironment(t *testing.T) {
|
|
|
|
os.Setenv("COOKIE_NAME", "env_cookie_name")
|
|
|
|
c, err := NewConfig([]string{})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.CookieName != "env_cookie_name" {
|
|
|
|
t.Error("CookieName should be read as env_cookie_name from environment, got", c.CookieName)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigTransformation(t *testing.T) {
|
|
|
|
c, err := NewConfig([]string{
|
|
|
|
"--url-path=_oauthpath",
|
|
|
|
"--secret=verysecret",
|
|
|
|
"--lifetime=200",
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.Path != "/_oauthpath" {
|
|
|
|
t.Error("Path should add slash to front to get /_oauthpath, got:", c.Path)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.SecretString != "verysecret" {
|
|
|
|
t.Error("SecretString should be verysecret, got:", c.SecretString)
|
|
|
|
}
|
|
|
|
if bytes.Compare(c.Secret, []byte("verysecret")) != 0 {
|
|
|
|
t.Error("Secret should be []byte(verysecret), got:", string(c.Secret))
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.LifetimeString != 200 {
|
|
|
|
t.Error("LifetimeString should be 200, got:", c.LifetimeString)
|
|
|
|
}
|
|
|
|
if c.Lifetime != time.Second*time.Duration(200) {
|
|
|
|
t.Error("Lifetime default should be 200, got", c.Lifetime)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConfigCommaSeparatedList(t *testing.T) {
|
|
|
|
list := CommaSeparatedList{}
|
|
|
|
|
|
|
|
err := list.UnmarshalFlag("one,two")
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
if len(list) != 2 || list[0] != "one" || list[1] != "two" {
|
|
|
|
t.Error("Expected UnmarshalFlag to provide CommaSeparatedList{one,two}, got", list)
|
|
|
|
}
|
|
|
|
|
|
|
|
marshal, err := list.MarshalFlag()
|
|
|
|
if err != nil {
|
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
if marshal != "one,two" {
|
|
|
|
t.Error("Expected MarshalFlag to provide \"one,two\", got", list)
|
|
|
|
}
|
|
|
|
}
|