nicolas
/
keycloak-client
mirror of https://github.com/nmasse-itix/keycloak-client.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 Commits
1 Branch
2 Tags
14 MiB
 
Tree: e9e97ce93e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e9e97ce93e'
${ noResults }
keycloak-client/oidc_verifier_test.go

114 lines
3.0 KiB
Raw Blame History

package keycloak
//go:generate mockgen -destination=./mock/authmanager.go -package=mock -mock_names=AuthorizationManager=AuthorizationManager github.com/cloudtrust/common-service/security AuthorizationManager
import (
"context"
"encoding/json"
"net/http"
"net/http/httptest"
"net/url"
"strings"
"testing"
"time"
http_transport "github.com/go-kit/kit/transport/http"
"github.com/gorilla/mux"
"github.com/stretchr/testify/assert"
)
func decodeRequest(_ context.Context, req *http.Request) (interface{}, error) {
res := map[string]string{"realm": mux.Vars(req)["realm"], "host": req.Host}
return res, nil
}
func encodeReply(_ context.Context, w http.ResponseWriter, rep interface{}) error {
if rep == nil {
w.WriteHeader(404)
return nil
}
w.Header().Set("Content-Type", "application/json; charset=utf-8")
w.WriteHeader(200)
var json, err = json.Marshal(rep)
if err == nil {
w.Write(json)
}
return nil
}
func errorHandler(_ context.Context, _ error, w http.ResponseWriter) {
w.WriteHeader(500)
}
func endpoint(_ context.Context, request interface{}) (response interface{}, err error) {
var query = request.(map[string]string)
if !strings.Contains(query["realm"], "realm") {
return nil, nil
}
return map[string]string{
"issuer": "http://" + query["host"] + "/auth/realms/" + query["realm"],
"authorization_endpoint": "",
"token_endpoint": "",
"jwks_uri": "",
"userinfo_endpoint": "",
}, nil
}
func TestGetOidcVerifier(t *testing.T) {
verifierHandler := http_transport.NewServer(endpoint, decodeRequest, encodeReply, http_transport.ServerErrorEncoder(errorHandler))
r := mux.NewRouter()
r.Handle("/auth/realms/{realm}/.well-known/openid-configuration", verifierHandler)
ts := httptest.NewServer(r)
defer ts.Close()
url, _ := url.Parse(ts.URL)
{
// First test with a verifier which hardly expires
verifier := NewVerifierCache(url, time.Minute, 10*time.Minute)
{
// Unknown realm: can't get verifier
_, err := verifier.GetOidcVerifier("unknown")
assert.NotNil(t, err)
}
v1, e := verifier.GetOidcVerifier("realm1")
assert.Nil(t, e)
{
// Ask for the same realm before its verifier expires
v2, _ := verifier.GetOidcVerifier("realm1")
assert.Equal(t, v1, v2)
}
{
// Ask for a different verifier
v3, _ := verifier.GetOidcVerifier("realm2")
assert.NotEqual(t, v1, v3)
}
time.Sleep(100 * time.Millisecond)
assert.NotNil(t, v1.Verify("abcdef"))
}
{
// Now, test with a verifier which quickly expires on error
verifier := NewVerifierCache(url, time.Minute, time.Millisecond)
v1, _ := verifier.GetOidcVerifier("realm1")
time.Sleep(100 * time.Millisecond)
{
// Ask for the same realm before its verifier expires
v2, _ := verifier.GetOidcVerifier("realm1")
assert.Equal(t, v1, v2)
}
{
// Verify an invalid token
assert.NotNil(t, v1.Verify("abcdef"))
// Ask for the same realm before its verifier expires but after an error occured
v2, _ := verifier.GetOidcVerifier("realm1")
assert.NotEqual(t, v1, v2)
}
}
}