mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 19:06:33 +02:00
7558d5b0de
- authorize: build whitelist from policy's URLs instead of strings. - internal/httputil: merged httputil and https package. - internal/config: merged config and policy packages. - internal/metrics: removed unused measure struct. - proxy/clients: refactor Addr fields to be urls. - proxy: remove unused extend deadline function. - proxy: use handler middleware for reverse proxy leg. - proxy: change the way websocket requests are made (route based). General improvements - omitted value from range in several cases where for loop could be simplified. - added error checking to many tests. - standardize url parsing. - remove unnecessary return statements. - proxy: add self-signed certificate support. #179 - proxy: add skip tls certificate verification. #179 - proxy: Refactor websocket support to be route based. #204
93 lines
2.6 KiB
Go
93 lines
2.6 KiB
Go
package authenticate
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/pomerium/pomerium/internal/config"
|
|
)
|
|
|
|
func newTestOptions(t *testing.T) *config.Options {
|
|
opts, err := config.NewOptions("https://authenticate.example", "https://authorize.example")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
opts.ClientID = "client-id"
|
|
opts.Provider = "google"
|
|
opts.ClientSecret = "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw="
|
|
opts.CookieSecret = "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw="
|
|
return opts
|
|
}
|
|
|
|
func TestOptions_Validate(t *testing.T) {
|
|
good := newTestOptions(t)
|
|
badRedirectURL := newTestOptions(t)
|
|
badRedirectURL.AuthenticateURL = nil
|
|
emptyClientID := newTestOptions(t)
|
|
emptyClientID.ClientID = ""
|
|
emptyClientSecret := newTestOptions(t)
|
|
emptyClientSecret.ClientSecret = ""
|
|
emptyCookieSecret := newTestOptions(t)
|
|
emptyCookieSecret.CookieSecret = ""
|
|
invalidCookieSecret := newTestOptions(t)
|
|
invalidCookieSecret.CookieSecret = "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw^"
|
|
shortCookieLength := newTestOptions(t)
|
|
shortCookieLength.CookieSecret = "gN3xnvfsAwfCXxnJorGLKUG4l2wC8sS8nfLMhcStPg=="
|
|
badSharedKey := newTestOptions(t)
|
|
badSharedKey.SharedKey = ""
|
|
badAuthenticateURL := newTestOptions(t)
|
|
badAuthenticateURL.AuthenticateURL = nil
|
|
|
|
tests := []struct {
|
|
name string
|
|
o *config.Options
|
|
wantErr bool
|
|
}{
|
|
{"minimum options", good, false},
|
|
{"nil options", &config.Options{}, true},
|
|
{"bad redirect url", badRedirectURL, true},
|
|
{"no cookie secret", emptyCookieSecret, true},
|
|
{"invalid cookie secret", invalidCookieSecret, true},
|
|
{"short cookie secret", shortCookieLength, true},
|
|
{"no shared secret", badSharedKey, true},
|
|
{"no client id", emptyClientID, true},
|
|
{"no client secret", emptyClientSecret, true},
|
|
{"empty authenticate url", badAuthenticateURL, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
if err := ValidateOptions(*tt.o); (err != nil) != tt.wantErr {
|
|
t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestNew(t *testing.T) {
|
|
good := newTestOptions(t)
|
|
|
|
badRedirectURL := newTestOptions(t)
|
|
badRedirectURL.AuthenticateURL = nil
|
|
|
|
tests := []struct {
|
|
name string
|
|
opts *config.Options
|
|
// want *Authenticate
|
|
wantErr bool
|
|
}{
|
|
{"good", good, false},
|
|
{"empty opts", &config.Options{}, true},
|
|
{"fails to validate", badRedirectURL, true},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
_, err := New(*tt.opts)
|
|
if (err != nil) != tt.wantErr {
|
|
t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr)
|
|
return
|
|
}
|
|
// if !reflect.DeepEqual(got, tt.want) {
|
|
// t.Errorf("New() = %v, want %v", got, tt.want)
|
|
// }
|
|
})
|
|
}
|
|
}
|