package authenticate import ( "context" "errors" "reflect" "testing" "time" "github.com/pomerium/pomerium/internal/identity" "github.com/golang/protobuf/ptypes" "github.com/pomerium/pomerium/internal/cryptutil" "github.com/pomerium/pomerium/internal/sessions" pb "github.com/pomerium/pomerium/proto/authenticate" ) var fixedDate = time.Date(2009, 11, 17, 20, 34, 58, 651387237, time.UTC) func TestAuthenticate_Validate(t *testing.T) { tests := []struct { name string idToken string mp *identity.MockProvider want bool wantErr bool }{ {"good", "example", &identity.MockProvider{}, false, false}, {"error", "error", &identity.MockProvider{ValidateError: errors.New("err")}, false, true}, {"not error", "not error", &identity.MockProvider{ValidateError: nil}, false, false}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { p := &Authenticate{provider: tt.mp} got, err := p.Validate(context.Background(), &pb.ValidateRequest{IdToken: tt.idToken}) if (err != nil) != tt.wantErr { t.Errorf("Authenticate.Validate() error = %v, wantErr %v", err, tt.wantErr) return } if !reflect.DeepEqual(got.IsValid, tt.want) { t.Errorf("Authenticate.Validate() = %v, want %v", got.IsValid, tt.want) } }) } } func TestAuthenticate_Refresh(t *testing.T) { fixedProtoTime, err := ptypes.TimestampProto(fixedDate) if err != nil { t.Fatal("failed to parse timestamp") } tests := []struct { name string mock *identity.MockProvider originalSession *pb.Session want *pb.Session wantErr bool }{ {"good", &identity.MockProvider{ RefreshResponse: &sessions.SessionState{ AccessToken: "updated", RefreshDeadline: fixedDate, }}, &pb.Session{ AccessToken: "original", RefreshDeadline: fixedProtoTime, }, &pb.Session{ AccessToken: "updated", RefreshDeadline: fixedProtoTime, }, false}, {"test error", &identity.MockProvider{RefreshError: errors.New("hi")}, &pb.Session{RefreshToken: "refresh token", RefreshDeadline: fixedProtoTime}, nil, true}, {"test catch nil", nil, nil, nil, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { p := &Authenticate{provider: tt.mock} got, err := p.Refresh(context.Background(), tt.originalSession) if (err != nil) != tt.wantErr { t.Errorf("Authenticate.Refresh() error = %v, wantErr %v", err, tt.wantErr) } if !reflect.DeepEqual(got, tt.want) { t.Errorf("Authenticate.Refresh() = %v, want %v", got, tt.want) } }) } } func TestAuthenticate_Authenticate(t *testing.T) { secret := cryptutil.GenerateKey() c, err := cryptutil.NewCipher(secret) if err != nil { t.Fatalf("expected to be able to create cipher: %v", err) } newSecret := cryptutil.GenerateKey() c2, err := cryptutil.NewCipher(newSecret) if err != nil { t.Fatalf("expected to be able to create cipher: %v", err) } rt := time.Now().Add(1 * time.Hour).Truncate(time.Second).UTC() vtProto, err := ptypes.TimestampProto(rt) if err != nil { t.Fatal("failed to parse timestamp") } want := &sessions.SessionState{ AccessToken: "token1234", RefreshToken: "refresh4321", RefreshDeadline: rt, Email: "user@domain.com", User: "user", } goodReply := &pb.Session{ AccessToken: "token1234", RefreshToken: "refresh4321", RefreshDeadline: vtProto, Email: "user@domain.com", User: "user"} ciphertext, err := sessions.MarshalSession(want, c) if err != nil { t.Fatalf("expected to be encode session: %v", err) } tests := []struct { name string cipher cryptutil.Cipher code string want *pb.Session wantErr bool }{ {"good", c, ciphertext, goodReply, false}, {"bad cipher", c2, ciphertext, nil, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { p := &Authenticate{cipher: tt.cipher} got, err := p.Authenticate(context.Background(), &pb.AuthenticateRequest{Code: tt.code}) if (err != nil) != tt.wantErr { t.Errorf("Authenticate.Authenticate() error = %v, wantErr %v", err, tt.wantErr) return } if !reflect.DeepEqual(got, tt.want) { t.Errorf("Authenticate.Authenticate() = got: \n%vwant:\n%v", got, tt.want) } }) } }