authenticate: use gRPC for service endpoints (#39)

* authenticate: set cookie secure as default. * authenticate: remove single flight provider. * authenticate/providers: Rename “ProviderData” to “IdentityProvider” * authenticate/providers: Fixed an issue where scopes were not being overwritten * proxy/authenticate : http client code removed. * proxy: standardized session variable names between services. * docs: change basic docker-config to be an “all-in-one” example with no nginx load. * docs: nginx balanced docker compose example with intra-ingress settings. * license: attribution for adaptation of goji’s middleware pattern.
2025-05-19 12:07:18 +02:00 · 2019-02-08 10:10:38 -08:00 · 2019-02-08 10:10:38 -08:00 · c886b924e7
commit c886b924e7
parent 9ca3ff4fa2
54 changed files with 2184 additions and 1463 deletions
--- a/proto/authenticate/mock_authenticate/authenticate_mock_test.go
+++ b/proto/authenticate/mock_authenticate/authenticate_mock_test.go
@ -0,0 +1,142 @@
+package mock_authenticate_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/golang/mock/gomock"
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/ptypes"
+	pb "github.com/pomerium/pomerium/proto/authenticate"
+
+	mock "github.com/pomerium/pomerium/proto/authenticate/mock_authenticate"
+)
+
+var fixedDate = time.Date(2009, 11, 17, 20, 34, 58, 651387237, time.UTC)
+
+// rpcMsg implements the gomock.Matcher interface
+type rpcMsg struct {
+	msg proto.Message
+}
+
+func (r *rpcMsg) Matches(msg interface{}) bool {
+	m, ok := msg.(proto.Message)
+	if !ok {
+		return false
+	}
+	return proto.Equal(m, r.msg)
+}
+
+func (r *rpcMsg) String() string {
+	return fmt.Sprintf("is %s", r.msg)
+}
+func TestValidate(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	mockAuthenticateClient := mock.NewMockAuthenticatorClient(ctrl)
+	req := &pb.ValidateRequest{IdToken: "unit_test"}
+	mockAuthenticateClient.EXPECT().Validate(
+		gomock.Any(),
+		&rpcMsg{msg: req},
+	).Return(&pb.ValidateReply{IsValid: false}, nil)
+	testValidate(t, mockAuthenticateClient)
+}
+
+func testValidate(t *testing.T, client pb.AuthenticatorClient) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+	r, err := client.Validate(ctx, &pb.ValidateRequest{IdToken: "unit_test"})
+	if err != nil || r.IsValid != false {
+		t.Errorf("mocking failed")
+	}
+	t.Log("Reply : ", r.IsValid)
+}
+
+func TestAuthenticate(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	mockAuthenticateClient := mock.NewMockAuthenticatorClient(ctrl)
+	mockExpire, err := ptypes.TimestampProto(fixedDate)
+	if err != nil {
+		t.Fatalf("%v failed converting timestampe", err)
+	}
+	req := &pb.AuthenticateRequest{Code: "unit_test"}
+	mockAuthenticateClient.EXPECT().Authenticate(
+		gomock.Any(),
+		&rpcMsg{msg: req},
+	).Return(&pb.AuthenticateReply{
+		AccessToken:  "mocked access token",
+		RefreshToken: "mocked refresh token",
+		IdToken:      "mocked id token",
+		User:         "user1",
+		Email:        "test@email.com",
+		Expiry:       mockExpire,
+	}, nil)
+	testAuthenticate(t, mockAuthenticateClient)
+}
+
+func testAuthenticate(t *testing.T, client pb.AuthenticatorClient) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+	r, err := client.Authenticate(ctx, &pb.AuthenticateRequest{Code: "unit_test"})
+	if err != nil {
+		t.Errorf("mocking failed %v", err)
+	}
+	if r.AccessToken != "mocked access token" {
+		t.Errorf("authenticate: invalid access token")
+	}
+	if r.RefreshToken != "mocked refresh token" {
+		t.Errorf("authenticate: invalid refresh token")
+	}
+	if r.IdToken != "mocked id token" {
+		t.Errorf("authenticate: invalid id token")
+	}
+	if r.User != "user1" {
+		t.Errorf("authenticate: invalid user")
+	}
+	if r.Email != "test@email.com" {
+		t.Errorf("authenticate: invalid email")
+	}
+}
+
+func TestRefresh(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+	mockRefreshClient := mock.NewMockAuthenticatorClient(ctrl)
+	mockExpire, err := ptypes.TimestampProto(fixedDate)
+	if err != nil {
+		t.Fatalf("%v failed converting timestampe", err)
+	}
+	req := &pb.RefreshRequest{RefreshToken: "unit_test"}
+	mockRefreshClient.EXPECT().Refresh(
+		gomock.Any(),
+		&rpcMsg{msg: req},
+	).Return(&pb.RefreshReply{
+		AccessToken: "mocked access token",
+		Expiry:      mockExpire,
+	}, nil)
+	testRefresh(t, mockRefreshClient)
+}
+
+func testRefresh(t *testing.T, client pb.AuthenticatorClient) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+	r, err := client.Refresh(ctx, &pb.RefreshRequest{RefreshToken: "unit_test"})
+	if err != nil {
+		t.Errorf("mocking failed %v", err)
+	}
+	if r.AccessToken != "mocked access token" {
+		t.Errorf("Refresh: invalid access token")
+	}
+	respExpire, err := ptypes.Timestamp(r.Expiry)
+	if err != nil {
+		t.Fatalf("%v failed converting timestampe", err)
+	}
+
+	if respExpire != fixedDate {
+		t.Errorf("Refresh: bad expiry got:%v want:%v", respExpire, fixedDate)
+	}
+
+}
--- a/proto/authenticate/mock_authenticate/mock_authenticate.go
+++ b/proto/authenticate/mock_authenticate/mock_authenticate.go
@ -0,0 +1,97 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/pomerium/pomerium/proto/authenticate (interfaces: AuthenticatorClient)
+
+// Package mock_authenticate is a generated GoMock package.
+package mock_authenticate
+
+import (
+	context "context"
+	reflect "reflect"
+
+	gomock "github.com/golang/mock/gomock"
+	authenticate "github.com/pomerium/pomerium/proto/authenticate"
+	grpc "google.golang.org/grpc"
+)
+
+// MockAuthenticatorClient is a mock of AuthenticatorClient interface
+type MockAuthenticatorClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockAuthenticatorClientMockRecorder
+}
+
+// MockAuthenticatorClientMockRecorder is the mock recorder for MockAuthenticatorClient
+type MockAuthenticatorClientMockRecorder struct {
+	mock *MockAuthenticatorClient
+}
+
+// NewMockAuthenticatorClient creates a new mock instance
+func NewMockAuthenticatorClient(ctrl *gomock.Controller) *MockAuthenticatorClient {
+	mock := &MockAuthenticatorClient{ctrl: ctrl}
+	mock.recorder = &MockAuthenticatorClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockAuthenticatorClient) EXPECT() *MockAuthenticatorClientMockRecorder {
+	return m.recorder
+}
+
+// Authenticate mocks base method
+func (m *MockAuthenticatorClient) Authenticate(arg0 context.Context, arg1 *authenticate.AuthenticateRequest, arg2 ...grpc.CallOption) (*authenticate.AuthenticateReply, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Authenticate", varargs...)
+	ret0, _ := ret[0].(*authenticate.AuthenticateReply)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Authenticate indicates an expected call of Authenticate
+func (mr *MockAuthenticatorClientMockRecorder) Authenticate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Authenticate", reflect.TypeOf((*MockAuthenticatorClient)(nil).Authenticate), varargs...)
+}
+
+// Refresh mocks base method
+func (m *MockAuthenticatorClient) Refresh(arg0 context.Context, arg1 *authenticate.RefreshRequest, arg2 ...grpc.CallOption) (*authenticate.RefreshReply, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Refresh", varargs...)
+	ret0, _ := ret[0].(*authenticate.RefreshReply)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Refresh indicates an expected call of Refresh
+func (mr *MockAuthenticatorClientMockRecorder) Refresh(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Refresh", reflect.TypeOf((*MockAuthenticatorClient)(nil).Refresh), varargs...)
+}
+
+// Validate mocks base method
+func (m *MockAuthenticatorClient) Validate(arg0 context.Context, arg1 *authenticate.ValidateRequest, arg2 ...grpc.CallOption) (*authenticate.ValidateReply, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Validate", varargs...)
+	ret0, _ := ret[0].(*authenticate.ValidateReply)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Validate indicates an expected call of Validate
+func (mr *MockAuthenticatorClientMockRecorder) Validate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Validate", reflect.TypeOf((*MockAuthenticatorClient)(nil).Validate), varargs...)
+}