50 lines
1.3 KiB
Go
50 lines
1.3 KiB
Go
package oidc
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/config"
|
|
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/oidc/oidctest"
|
|
)
|
|
|
|
func TestClientExchangeAgainstStub(t *testing.T) {
|
|
t.Parallel()
|
|
stub := oidctest.New(t)
|
|
cfg := &config.OIDCConfig{
|
|
Issuer: stub.URL(), ClientID: "test-client", ClientSecret: "x",
|
|
Scopes: []string{"openid"}, RoleClaim: "groups",
|
|
RoleMapping: map[string]string{"rm-admins": "admin"},
|
|
}
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
|
defer cancel()
|
|
c, err := New(ctx, cfg, "http://rm.example")
|
|
if err != nil {
|
|
t.Fatalf("new client: %v", err)
|
|
}
|
|
code := stub.MintCode(map[string]any{
|
|
"sub": "abc",
|
|
"preferred_username": "alice",
|
|
"email": "alice@example.com",
|
|
"groups": []string{"rm-admins"},
|
|
})
|
|
verifier, _, err := PKCEPair()
|
|
if err != nil {
|
|
t.Fatalf("pkce: %v", err)
|
|
}
|
|
claims, raw, err := c.Exchange(ctx, code, verifier)
|
|
if err != nil {
|
|
t.Fatalf("exchange: %v", err)
|
|
}
|
|
if claims.Subject != "abc" || claims.PreferredUsername != "alice" {
|
|
t.Errorf("claims: %+v", claims)
|
|
}
|
|
if c.MapRole(claims.Roles) != "admin" {
|
|
t.Errorf("role: got %q", c.MapRole(claims.Roles))
|
|
}
|
|
if raw == "" {
|
|
t.Error("raw id_token must be non-empty")
|
|
}
|
|
}
|