Multiple provider support + OIDC provider

2019-09-18 17:55:52 +01:00
parent 5dfd4f2878
commit c9289d6fc1
16 changed files with 1043 additions and 278 deletions
--- a/internal/provider/google_test.go
+++ b/internal/provider/google_test.go
@ -0,0 +1,151 @@
+package provider
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// Tests
+
+func TestGoogleName(t *testing.T) {
+	p := Google{}
+	assert.Equal(t, "google", p.Name())
+}
+
+func TestGoogleSetup(t *testing.T) {
+	assert := assert.New(t)
+	p := Google{}
+
+	// Check validation
+	err := p.Setup()
+	if assert.Error(err) {
+		assert.Equal("providers.google.client-id, providers.google.client-secret must be set", err.Error())
+	}
+
+	// Check setup
+	p = Google{
+		ClientID:     "id",
+		ClientSecret: "secret",
+	}
+	err = p.Setup()
+	assert.Nil(err)
+	assert.Equal("https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email", p.Scope)
+	assert.Equal("", p.Prompt)
+
+	assert.Equal(&url.URL{
+		Scheme: "https",
+		Host:   "accounts.google.com",
+		Path:   "/o/oauth2/auth",
+	}, p.LoginURL)
+
+	assert.Equal(&url.URL{
+		Scheme: "https",
+		Host:   "www.googleapis.com",
+		Path:   "/oauth2/v3/token",
+	}, p.TokenURL)
+
+	assert.Equal(&url.URL{
+		Scheme: "https",
+		Host:   "www.googleapis.com",
+		Path:   "/oauth2/v2/userinfo",
+	}, p.UserURL)
+}
+
+func TestGoogleGetLoginURL(t *testing.T) {
+	assert := assert.New(t)
+	p := Google{
+		ClientID:     "idtest",
+		ClientSecret: "sectest",
+		Scope:        "scopetest",
+		Prompt:       "consent select_account",
+		LoginURL: &url.URL{
+			Scheme: "https",
+			Host:   "google.com",
+			Path:   "/auth",
+		},
+	}
+
+	// Check url
+	uri, err := url.Parse(p.GetLoginURL("http://example.com/_oauth", "state"))
+	assert.Nil(err)
+	assert.Equal("https", uri.Scheme)
+	assert.Equal("google.com", uri.Host)
+	assert.Equal("/auth", uri.Path)
+
+	// Check query string
+	qs := uri.Query()
+	expectedQs := url.Values{
+		"client_id":     []string{"idtest"},
+		"redirect_uri":  []string{"http://example.com/_oauth"},
+		"response_type": []string{"code"},
+		"scope":         []string{"scopetest"},
+		"prompt":        []string{"consent select_account"},
+		"state":         []string{"state"},
+	}
+	assert.Equal(expectedQs, qs)
+}
+
+func TestGoogleExchangeCode(t *testing.T) {
+	assert := assert.New(t)
+
+	// Setup server
+	expected := url.Values{
+		"client_id":     []string{"idtest"},
+		"client_secret": []string{"sectest"},
+		"code":          []string{"code"},
+		"grant_type":    []string{"authorization_code"},
+		"redirect_uri":  []string{"http://example.com/_oauth"},
+	}
+	server, serverURL := NewOAuthServer(t, map[string]string{
+		"token": expected.Encode(),
+	})
+	defer server.Close()
+
+	// Setup provider
+	p := Google{
+		ClientID:     "idtest",
+		ClientSecret: "sectest",
+		Scope:        "scopetest",
+		Prompt:       "consent select_account",
+		TokenURL: &url.URL{
+			Scheme: serverURL.Scheme,
+			Host:   serverURL.Host,
+			Path:   "/token",
+		},
+	}
+
+	token, err := p.ExchangeCode("http://example.com/_oauth", "code")
+	assert.Nil(err)
+	assert.Equal("123456789", token)
+}
+
+func TestGoogleGetUser(t *testing.T) {
+	assert := assert.New(t)
+
+	// Setup server
+	server, serverURL := NewOAuthServer(t, nil)
+	defer server.Close()
+
+	// Setup provider
+	p := Google{
+		ClientID:     "idtest",
+		ClientSecret: "sectest",
+		Scope:        "scopetest",
+		Prompt:       "consent select_account",
+		UserURL: &url.URL{
+			Scheme: serverURL.Scheme,
+			Host:   serverURL.Host,
+			Path:   "/userinfo",
+		},
+	}
+
+	user, err := p.GetUser("123456789")
+	assert.Nil(err)
+
+	assert.Equal("1", user.ID)
+	assert.Equal("example@example.com", user.Email)
+	assert.True(user.Verified)
+	assert.Equal("example.com", user.Hd)
+}