#298 test presence and absence of tokens

vouch · Jul 30, 2020 · 8c46f0f · 8c46f0f
1 parent 250e269
commit 8c46f0f
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 6 deletions.
diff --git a/config/testing/jwtmanager_has_idp_token_claims.yml b/config/testing/jwtmanager_has_idp_token_claims.yml
@@ -0,0 +1,31 @@
+vouch:
+  testing: true
+  logLevel: debug
+  listen: 0.0.0.0
+  port: 9090
+
+  allowAllUsers: true
+
+  headers:
+    claims:
+      - groups
+      - boolean_claim
+      - family_name
+      - http://www.example.com/favorite_color
+    accesstoken: X-Vouch-IdP-AccessToken
+    idtoken: X-Vouch-IdP-IdToken
+
+  cookie:
+    name: vouchTestingCookie
+
+  session:
+    name: VouchTestingSession
+
+  jwt:
+    secret: testing
+
+oauth:
+  provider: indieauth
+  client_id: http://vouch.github.io
+  auth_url: https://indielogin.com/auth
+  callback_url: http://vouch.github.io:9090/auth
diff --git a/handlers/handlers_test.go b/handlers/handlers_test.go
@@ -11,6 +11,7 @@ OR CONDITIONS OF ANY KIND, either express or implied.
 package handlers
 
 import (
+	"encoding/json"
 	"os"
 	"path/filepath"
 	"testing"
@@ -30,17 +31,12 @@ var (
 	token = &oauth2.Token{AccessToken: "123"}
 )
 
+// setUp load config file and then call Configure() for dependent packages
 func setUp(configFile string) {
 	os.Setenv("VOUCH_CONFIG", filepath.Join(os.Getenv("VOUCH_ROOT"), configFile))
 	cfg.InitForTestPurposes()
 
-	// cfg.Cfg.AllowAllUsers = false
-	// cfg.Cfg.WhiteList = make([]string, 0)
-	// cfg.Cfg.TeamWhiteList = make([]string, 0)
-	// cfg.Cfg.Domains = []string{"domain1"}
-
 	Configure()
-
 	domains.Configure()
 	jwtmanager.Configure()
 	cookie.Configure()
@@ -115,3 +111,73 @@ func TestVerifyUserNegative(t *testing.T) {
 	assert.False(t, ok)
 	assert.NotNil(t, err)
 }
+
+// copied from jwtmanager_test.go
+// it should live there but circular imports are resolved if it lives here
+var (
+	u1 = structs.User{
+		Username: "test@testing.com",
+		Name:     "Test Name",
+	}
+	t1 = structs.PTokens{
+		PAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRvaXU4In0.eyJzdWIiOiJuZnlmZSIsImF1ZCI6ImltX29pY19jbGllbnQiLCJqdGkiOiJUOU4xUklkRkVzUE45enU3ZWw2eng2IiwiaXNzIjoiaHR0cHM6XC9cL3Nzby5tZXljbG91ZC5uZXQ6OTAzMSIsImlhdCI6MTM5MzczNzA3MSwiZXhwIjoxMzkzNzM3MzcxLCJub25jZSI6ImNiYTU2NjY2LTRiMTItNDU2YS04NDA3LTNkMzAyM2ZhMTAwMiIsImF0X2hhc2giOiJrdHFvZVBhc2praVY5b2Z0X3o5NnJBIn0.g1Jc9DohWFfFG3ppWfvW16ib6YBaONC5VMs8J61i5j5QLieY-mBEeVi1D3vr5IFWCfivY4hZcHtoJHgZk1qCumkAMDymsLGX-IGA7yFU8LOjUdR4IlCPlZxZ_vhqr_0gQ9pCFKDkiOv1LVv5x3YgAdhHhpZhxK6rWxojg2RddzvZ9Xi5u2V1UZ0jukwyG2d4PRzDn7WoRNDGwYOEt4qY7lv_NO2TY2eAklP-xYBWu0b9FBElapnstqbZgAXdndNs-Wqp4gyQG5D0owLzxPErR9MnpQfgNcai-PlWI_UrvoopKNbX0ai2zfkuQ-qh6Xn8zgkiaYDHzq4gzwRfwazaqA",
+		PIdToken:     "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRvaXU4In0.eyJzdWIiOiJuZnlmZSIsImF1ZCI6ImltX29pY19jbGllbnQiLCJqdGkiOiJUOU4xUklkRkVzUE45enU3ZWw2eng2IiwiaXNzIjoiaHR0cHM6XC9cL3Nzby5tZXljbG91ZC5uZXQ6OTAzMSIsImlhdCI6MTM5MzczNzA3MSwiZXhwIjoxMzkzNzM3MzcxLCJub25jZSI6ImNiYTU2NjY2LTRiMTItNDU2YS04NDA3LTNkMzAyM2ZhMTAwMiIsImF0X2hhc2giOiJrdHFvZVBhc2praVY5b2Z0X3o5NnJBIn0.g1Jc9DohWFfFG3ppWfvW16ib6YBaONC5VMs8J61i5j5QLieY-mBEeVi1D3vr5IFWCfivY4hZcHtoJHgZk1qCumkAMDymsLGX-IGA7yFU8LOjUdR4IlCPlZxZ_vhqr_0gQ9pCFKDkiOv1LVv5x3YgAdhHhpZhxK6rWxojg2RddzvZ9Xi5u2V1UZ0jukwyG2d4PRzDn7WoRNDGwYOEt4qY7lv_NO2TY2eAklP-xYBWu0b9FBElapnstqbZgAXdndNs-Wqp4gyQG5D0owLzxPErR9MnpQfgNcai-PlWI_UrvoopKNbX0ai2zfkuQ-qh6Xn8zgkiaYDHzq4gzwRfwazaqA",
+	}
+
+	lc jwtmanager.VouchClaims
+
+	claimjson = `{
+		"sub": "f:a95afe53-60ba-4ac6-af15-fab870e72f3d:mrtester",
+		"groups": ["Website Users", "Test Group"],
+		"given_name": "Mister",
+		"family_name": "Tester",
+		"email": "mrtester@test.int"
+	}`
+	customClaims = structs.CustomClaims{}
+)
+
+// copied from jwtmanager_test.go
+func init() {
+	// log.SetLevel(log.DebugLevel)
+
+	lc = jwtmanager.VouchClaims{
+		u1.Username,
+		jwtmanager.Sites,
+		customClaims.Claims,
+		t1.PAccessToken,
+		t1.PIdToken,
+		jwtmanager.StandardClaims,
+	}
+	json.Unmarshal([]byte(claimjson), &customClaims.Claims)
+}
+
+func TestParsedIdPTokens(t *testing.T) {
+	tests := []struct {
+		name          string
+		configFile    string
+		wantIDPTokens bool
+	}{
+		{"no IdP tokens", "/config/testing/handler_claims.yml", false},
+		{"wants IdP tokens", "/config/testing/jwtmanager_has_idp_token_claims.yml", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			setUp(tt.configFile)
+			uts := jwtmanager.CreateUserTokenString(u1, customClaims, t1)
+			utsParsed, _ := jwtmanager.ParseTokenString(uts)
+			utsPtokens, _ := jwtmanager.PTokenClaims(utsParsed)
+
+			if tt.wantIDPTokens {
+				if t1.PIdToken != utsPtokens.PIdToken || t1.PAccessToken != utsPtokens.PAccessToken {
+					t.Errorf("got PIdToken = %s, PAccessToken = %s, \nwant %s , %s", utsPtokens.PIdToken, utsPtokens.PAccessToken, t1.PIdToken, t1.PAccessToken)
+				}
+			} else {
+				if utsPtokens.PIdToken != "" || utsPtokens.PAccessToken != "" {
+					t.Errorf("PIdToken and PAccessToken = should be '' got '%s', '%s'", utsPtokens.PIdToken, utsPtokens.PAccessToken)
+				}
+			}
+		})
+	}
+
+}