mirror of
https://github.com/h44z/wg-portal.git
synced 2026-05-28 17:06:18 +00:00
80 lines
2.2 KiB
Go
80 lines
2.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/url"
|
|
"testing"
|
|
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
func authCodeValues(t *testing.T, options []oauth2.AuthCodeOption) url.Values {
|
|
t.Helper()
|
|
|
|
config := oauth2.Config{
|
|
ClientID: "client-id",
|
|
Endpoint: oauth2.Endpoint{AuthURL: "https://example.com/auth"},
|
|
RedirectURL: "https://wg.example.com/callback",
|
|
}
|
|
authCodeURL, err := url.Parse(config.AuthCodeURL("state", options...))
|
|
if err != nil {
|
|
t.Fatalf("failed to parse auth code URL: %v", err)
|
|
}
|
|
|
|
return authCodeURL.Query()
|
|
}
|
|
|
|
func TestOidcAuthenticatorPKCES256Options(t *testing.T) {
|
|
authenticator := OidcAuthenticator{usePKCE: true, pkceMethod: "S256"}
|
|
|
|
options, verifier := authenticator.PKCEAuthCodeOptions()
|
|
if verifier == "" {
|
|
t.Fatal("expected verifier")
|
|
}
|
|
|
|
values := authCodeValues(t, options)
|
|
|
|
if values.Get("code_challenge") == "" {
|
|
t.Fatal("expected code_challenge")
|
|
}
|
|
if values.Get("code_challenge_method") != "S256" {
|
|
t.Fatalf("expected S256 challenge method, got %q", values.Get("code_challenge_method"))
|
|
}
|
|
|
|
tokenOptions := authenticator.PKCETokenOptions(verifier)
|
|
if len(tokenOptions) != 1 {
|
|
t.Fatalf("expected one token option, got %d", len(tokenOptions))
|
|
}
|
|
|
|
}
|
|
|
|
func TestOidcAuthenticatorPKCEPlainOptions(t *testing.T) {
|
|
authenticator := OidcAuthenticator{usePKCE: true, pkceMethod: "plain"}
|
|
|
|
options, verifier := authenticator.PKCEAuthCodeOptions()
|
|
values := authCodeValues(t, options)
|
|
|
|
if values.Get("code_challenge") != verifier {
|
|
t.Fatalf("expected plain challenge %q, got %q", verifier, values.Get("code_challenge"))
|
|
}
|
|
if values.Get("code_challenge_method") != "plain" {
|
|
t.Fatalf("expected plain challenge method, got %q", values.Get("code_challenge_method"))
|
|
}
|
|
}
|
|
|
|
func TestOidcAuthenticatorPKCEDisabled(t *testing.T) {
|
|
authenticator := OidcAuthenticator{usePKCE: false, pkceMethod: "S256"}
|
|
|
|
options, verifier := authenticator.PKCEAuthCodeOptions()
|
|
if len(options) != 0 {
|
|
t.Fatalf("expected no auth code options, got %d", len(options))
|
|
}
|
|
if verifier != "" {
|
|
t.Fatalf("expected empty verifier, got %q", verifier)
|
|
}
|
|
|
|
tokenOptions := authenticator.PKCETokenOptions(oauth2.GenerateVerifier())
|
|
if len(tokenOptions) != 0 {
|
|
t.Fatalf("expected no token options, got %d", len(tokenOptions))
|
|
}
|
|
}
|