Skip to content

Commit

Permalink
Even more tests, crossed 50% coverage
Browse files Browse the repository at this point in the history
  • Loading branch information
@lukaszraczylo
lukaszraczylo committed Jul 26, 2024
1 parent fef55b4 commit 1148cfe
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 6 deletions.
3 changes: 1 addition & 2 deletions helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,7 @@ func (t *TraefikOidc) handleLogout(rw http.ResponseWriter, req *http.Request) {
return
}

rw.WriteHeader(http.StatusForbidden)
rw.Write([]byte("Logged out"))
http.Error(rw, "Logged out", http.StatusForbidden)
}

func (t *TraefikOidc) handleCallback(rw http.ResponseWriter, req *http.Request) (bool, string) {
Expand Down
8 changes: 5 additions & 3 deletions main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,8 +181,7 @@ func (t *TraefikOidc) ServeHTTP(rw http.ResponseWriter, req *http.Request) {

if req.URL.Path == t.logoutURLPath {
t.handleLogout(rw, req)
http.Error(rw, "Logged out", http.StatusForbidden)
return
return // Remove the http.Error call here
}

if t.redirectURL == "" {
Expand Down Expand Up @@ -300,11 +299,14 @@ func (t *TraefikOidc) buildAuthURL(redirectURL, state, nonce string) string {
"client_id": {t.clientID},
"response_type": {"code"},
"redirect_uri": {redirectURL},
"scope": {strings.Join(t.scopes, " ")},
"state": {state},
"nonce": {nonce},
}

if len(t.scopes) > 0 {
params.Set("scope", strings.Join(t.scopes, " "))
}

return fmt.Sprintf("%s?%s", t.authURL, params.Encode())
}

Expand Down
70 changes: 69 additions & 1 deletion main_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ type MockHTTPClient struct {

func (m *MockHTTPClient) RoundTrip(req *http.Request) (*http.Response, error) {
args := m.Called(req)
if args.Get(0) == nil {
return nil, args.Error(1)
}
return args.Get(0).(*http.Response), args.Error(1)
}

Expand Down Expand Up @@ -305,7 +308,7 @@ func (suite *TraefikOidcTestSuite) TestHandleLogout() {
suite.oidc.handleLogout(rw, req)

suite.Equal(http.StatusForbidden, rw.Code)
suite.Equal("Logged out", rw.Body.String())
suite.Equal("Logged out\n", rw.Body.String())
}

func (suite *TraefikOidcTestSuite) TestExtractClaims() {
Expand Down Expand Up @@ -584,3 +587,68 @@ func TestTraefikOidc_ServeHTTP(t *testing.T) {
})
}
}

func (suite *TraefikOidcTestSuite) TestBuildAuthURL_CustomScopes() {
suite.oidc.scopes = []string{"openid", "email", "custom_scope"}
authURL := suite.oidc.buildAuthURL("http://example.com/callback", "test_state", "test_nonce")
suite.Contains(authURL, "scope=openid+email+custom_scope")
}

func (suite *TraefikOidcTestSuite) TestBuildAuthURL_EmptyScopes() {
suite.oidc.scopes = []string{}
authURL := suite.oidc.buildAuthURL("http://example.com/callback", "test_state", "test_nonce")
suite.NotContains(authURL, "scope=")
}

func (suite *TraefikOidcTestSuite) TestDetermineScheme_ForceHTTPS() {
suite.oidc.forceHTTPS = true
req := httptest.NewRequest("GET", "http://example.com", nil)
scheme := suite.oidc.determineScheme(req)
suite.Equal("https", scheme)
}

func (suite *TraefikOidcTestSuite) TestHandleLogout_CustomLogoutURL() {
suite.oidc.logoutURLPath = "/custom-logout"
req := httptest.NewRequest("GET", "http://example.com/custom-logout", nil)
rw := httptest.NewRecorder()

session := sessions.NewSession(suite.mockStore, cookieName)
session.Values["id_token"] = "test_token"

suite.mockStore.On("Get", req, cookieName).Return(session, nil)
suite.mockStore.On("Save", mock.Anything, mock.Anything, mock.Anything).Return(nil)

suite.oidc.ServeHTTP(rw, req)

suite.Equal(http.StatusForbidden, rw.Code)
suite.Equal("Logged out\n", rw.Body.String())
}

func (suite *TraefikOidcTestSuite) TestVerifyToken_RateLimitReached() {
suite.oidc.limiter = rate.NewLimiter(rate.Every(time.Hour), 1) // Set a very low limit
suite.oidc.limiter.Allow() // Use up the only allowed request

err := suite.oidc.VerifyToken("some_token")
suite.Error(err)
suite.Contains(err.Error(), "rate limit exceeded")
}

func (suite *TraefikOidcTestSuite) TestVerifyToken_InvalidJWTFormat() {
invalidToken := "invalid.jwt.format"
err := suite.oidc.VerifyToken(invalidToken)
suite.Error(err)
suite.Contains(err.Error(), "failed to parse JWT")
}

func (suite *TraefikOidcTestSuite) TestDiscoverProviderMetadata_InvalidURL() {
invalidURL := "invalid-url"
httpClient := &http.Client{
Transport: suite.mockHTTPClient,
}

suite.mockHTTPClient.On("RoundTrip", mock.Anything).Return(nil, fmt.Errorf("invalid URL"))

_, err := discoverProviderMetadata(invalidURL, *httpClient)
suite.Error(err)
suite.Contains(err.Error(), "failed to fetch provider metadata")
}

0 comments on commit 1148cfe

Please sign in to comment.