2021-08-19 19:11:30 +03:00
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2022-01-02 16:12:35 +03:00
package auth
2021-08-19 19:11:30 +03:00
import (
"testing"
2022-01-02 16:12:35 +03:00
"code.gitea.io/gitea/models/auth"
2022-05-20 17:08:52 +03:00
"code.gitea.io/gitea/models/db"
2021-11-12 17:36:47 +03:00
"code.gitea.io/gitea/models/unittest"
2021-11-24 12:49:20 +03:00
user_model "code.gitea.io/gitea/models/user"
2021-08-19 19:11:30 +03:00
"code.gitea.io/gitea/services/auth/source/oauth2"
2022-01-14 18:03:31 +03:00
"github.com/golang-jwt/jwt/v4"
2021-08-19 19:11:30 +03:00
"github.com/stretchr/testify/assert"
)
2022-01-02 16:12:35 +03:00
func createAndParseToken ( t * testing . T , grant * auth . OAuth2Grant ) * oauth2 . OIDCToken {
2021-08-25 23:50:38 +03:00
signingKey , err := oauth2 . CreateJWTSigningKey ( "HS256" , make ( [ ] byte , 32 ) )
2021-08-19 19:11:30 +03:00
assert . NoError ( t , err )
assert . NotNil ( t , signingKey )
2022-05-20 17:08:52 +03:00
response , terr := newAccessTokenResponse ( db . DefaultContext , grant , signingKey , signingKey )
2021-08-19 19:11:30 +03:00
assert . Nil ( t , terr )
assert . NotNil ( t , response )
parsedToken , err := jwt . ParseWithClaims ( response . IDToken , & oauth2 . OIDCToken { } , func ( token * jwt . Token ) ( interface { } , error ) {
assert . NotNil ( t , token . Method )
assert . Equal ( t , signingKey . SigningMethod ( ) . Alg ( ) , token . Method . Alg ( ) )
return signingKey . VerifyKey ( ) , nil
} )
assert . NoError ( t , err )
assert . True ( t , parsedToken . Valid )
oidcToken , ok := parsedToken . Claims . ( * oauth2 . OIDCToken )
assert . True ( t , ok )
assert . NotNil ( t , oidcToken )
return oidcToken
}
func TestNewAccessTokenResponse_OIDCToken ( t * testing . T ) {
2021-11-12 17:36:47 +03:00
assert . NoError ( t , unittest . PrepareTestDatabase ( ) )
2021-08-19 19:11:30 +03:00
2022-05-20 17:08:52 +03:00
grants , err := auth . GetOAuth2GrantsByUserID ( db . DefaultContext , 3 )
2021-08-19 19:11:30 +03:00
assert . NoError ( t , err )
assert . Len ( t , grants , 1 )
// Scopes: openid
oidcToken := createAndParseToken ( t , grants [ 0 ] )
assert . Empty ( t , oidcToken . Name )
assert . Empty ( t , oidcToken . PreferredUsername )
assert . Empty ( t , oidcToken . Profile )
assert . Empty ( t , oidcToken . Picture )
assert . Empty ( t , oidcToken . Website )
assert . Empty ( t , oidcToken . UpdatedAt )
assert . Empty ( t , oidcToken . Email )
assert . False ( t , oidcToken . EmailVerified )
2021-11-24 12:49:20 +03:00
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 5 } ) . ( * user_model . User )
2022-05-20 17:08:52 +03:00
grants , err = auth . GetOAuth2GrantsByUserID ( db . DefaultContext , user . ID )
2021-08-19 19:11:30 +03:00
assert . NoError ( t , err )
assert . Len ( t , grants , 1 )
// Scopes: openid profile email
oidcToken = createAndParseToken ( t , grants [ 0 ] )
assert . Equal ( t , user . FullName , oidcToken . Name )
assert . Equal ( t , user . Name , oidcToken . PreferredUsername )
assert . Equal ( t , user . HTMLURL ( ) , oidcToken . Profile )
assert . Equal ( t , user . AvatarLink ( ) , oidcToken . Picture )
assert . Equal ( t , user . Website , oidcToken . Website )
assert . Equal ( t , user . UpdatedUnix , oidcToken . UpdatedAt )
assert . Equal ( t , user . Email , oidcToken . Email )
assert . Equal ( t , user . IsActive , oidcToken . EmailVerified )
}