mirror of
https://github.com/teamhanko/hanko.git
synced 2025-10-27 22:27:23 +08:00
125 lines
5.2 KiB
Go
125 lines
5.2 KiB
Go
package thirdparty
|
|
|
|
import (
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/teamhanko/hanko/backend/config"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestThirdParty_GenerateState(t *testing.T) {
|
|
cfg := &config.Config{
|
|
Secrets: config.Secrets{Keys: []string{"thirty-two-byte-long-test-secret"}},
|
|
ThirdParty: config.ThirdParty{
|
|
ErrorRedirectURL: "https://example.com/error",
|
|
},
|
|
}
|
|
|
|
state, err := GenerateState(cfg, "test-provider", "https://example.com")
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, state)
|
|
}
|
|
|
|
func TestThirdParty_GenerateState_Error(t *testing.T) {
|
|
|
|
redirectTo := "https://example.com"
|
|
|
|
tests := []struct {
|
|
name string
|
|
provider string
|
|
redirectTo string
|
|
secret string
|
|
errorRedirectUrl string
|
|
expectedError string
|
|
}{
|
|
{
|
|
name: "provider is not present",
|
|
secret: "test-secret",
|
|
provider: "",
|
|
redirectTo: redirectTo,
|
|
errorRedirectUrl: redirectTo,
|
|
expectedError: "provider must be present",
|
|
},
|
|
{
|
|
name: "provider is not present",
|
|
secret: "",
|
|
provider: "test-provider",
|
|
redirectTo: redirectTo,
|
|
errorRedirectUrl: redirectTo,
|
|
expectedError: "could not instantiate aesgcm",
|
|
},
|
|
}
|
|
for _, testData := range tests {
|
|
t.Run(testData.name, func(t *testing.T) {
|
|
cfg := &config.Config{
|
|
Secrets: config.Secrets{Keys: []string{testData.secret}},
|
|
ThirdParty: config.ThirdParty{ErrorRedirectURL: testData.errorRedirectUrl},
|
|
}
|
|
_, err := GenerateState(cfg, testData.provider, testData.redirectTo)
|
|
assert.NotNil(t, err)
|
|
assert.True(t, strings.Contains(err.Error(), testData.expectedError))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestThirdParty_VerifyState(t *testing.T) {
|
|
cfg := &config.Config{
|
|
Secrets: config.Secrets{Keys: []string{"thirty-two-byte-long-test-secret"}},
|
|
ThirdParty: config.ThirdParty{ErrorRedirectURL: "https://example.com/error"},
|
|
}
|
|
|
|
state := "HmD7wlGQ7bF_4MGtmFRQuuSGTshHETDs4RQa64JAx-6EsmNsUjaQwYNOnjWUs6qIOuQMBTKapDGVXVCk00pX2vSS-x-WVqdzZ8KyeQ-9IHu2mwb-AeRbb2QPE-GFnvp2wrbCskKvWvtOfipyeTsnYY5iM90DxssaUtvKnawaB5_MNNekfKyiOeepIkKjUfSJ6-yTR7AAA4B9jwOfDRB4zdV8kKPVJlGVBJFosL11YWJaLxRGQR69nah3Jf9Z6bSAGXxWp24PoBYhij-dH4JyDCcU7D-NeT2A8qFFFjQ1m28C8fsr6zqb4w=="
|
|
|
|
validState, err := VerifyState(cfg, state, state)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, validState)
|
|
require.Equal(t, "test-provider", validState.Provider)
|
|
require.Equal(t, "https://example.com", validState.RedirectTo)
|
|
require.NotEmpty(t, validState.Nonce)
|
|
require.True(t, time.Now().UTC().Before(validState.ExpiresAt))
|
|
}
|
|
func TestThirdParty_VerifyState_Error(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
state string
|
|
expectedState string
|
|
expectedError string
|
|
}{
|
|
{
|
|
name: "error on invalid state",
|
|
state: "invalid_state",
|
|
expectedError: "could not decode state",
|
|
},
|
|
{
|
|
name: "error on invalid expected state",
|
|
state: "ctj9hAU6kFkdc-g5ZXWGHbbnE1NSoQ55afdcYWLImTc5C5gGdeaknPDvZ560LJ07uA8I7X2ssPBKkkQb5xDnDHykmQtEp1hBp0uP_PdQdNJZ7FVXb0MpVWMrCv9nZp_fquLQvzjdm2nGRP9VKPt6S_7XNqg_mMA_ri9g7XWuNgJUqUE0PW7TGB9otsD2E7FQNowAl_vY-q0mYYIdkl0qb3lxWxnSzP51ewVv5VTeI7Mfr1gXyxWyTdqTnl_s5azaRq6w8J2SSX1_GTppX49zqCidPVIqYp6IyvotyOz-ePmvTg7tizBsaQ==",
|
|
expectedState: "invalid_state",
|
|
expectedError: "could not decode expectedState",
|
|
},
|
|
{
|
|
name: "error on nonce mismatch",
|
|
state: "ctj9hAU6kFkdc-g5ZXWGHbbnE1NSoQ55afdcYWLImTc5C5gGdeaknPDvZ560LJ07uA8I7X2ssPBKkkQb5xDnDHykmQtEp1hBp0uP_PdQdNJZ7FVXb0MpVWMrCv9nZp_fquLQvzjdm2nGRP9VKPt6S_7XNqg_mMA_ri9g7XWuNgJUqUE0PW7TGB9otsD2E7FQNowAl_vY-q0mYYIdkl0qb3lxWxnSzP51ewVv5VTeI7Mfr1gXyxWyTdqTnl_s5azaRq6w8J2SSX1_GTppX49zqCidPVIqYp6IyvotyOz-ePmvTg7tizBsaQ==",
|
|
expectedState: "Fs1SEytL1YuZJvBCyfF3Iydpl3-aC95bDsIb3VIcbq3sZjhn6iQaNFVNQZG1Maz2bI7Zkz3UvEIrIFohIotDqoR057mBnDKHVeg-TZKLXfviPJqfkOldfNPTpJgO9e4biYGxPx6qkmabk83eO77Qe3rJ2XM6FznQqPoMjq1vOBBJXjBUPeu3KtF1l7ONpHHVCV1Sr0cm0qQ4q5nPYgjI227AOa_MOOIDKfwqxb-jQT_9n0vLtVen9aYFbr_i_57r5aC3nCxnBgq7gXDq7z-E5NDRW23E0x-5CpQdDhElmtoeu4XRx1jOfw==",
|
|
expectedError: "could not verify state",
|
|
},
|
|
{
|
|
name: "error on expired state",
|
|
state: "UHPShpOq0byNI-A1vvUROLsPjNhGF5Xxdme4llZrnCvXfyZP_RnhRq490XPqKGKeWa621MtAUsV7N6C4OGx-EXK1TaLWNIYfFmByIEIlPSkpMVTFEUedY5UaFXwhWhuQb4Ci0r3QlPCLmQnPin1O4Vb59K2KieJwTvVnZzY3Y3Avj-D91acTMRGN6OabuIDDOH4nl0qDJABkZ6tnYk735ot8s3oyvJmZgmsW0qLOC_OoNMGZqLUTQzCrEayJ-gTXKr6HSvClN-4KGi4htHHLwYjrSCr_6tnQxDhZvNq7GKgXUEXfeUmZGQ==",
|
|
expectedState: "UHPShpOq0byNI-A1vvUROLsPjNhGF5Xxdme4llZrnCvXfyZP_RnhRq490XPqKGKeWa621MtAUsV7N6C4OGx-EXK1TaLWNIYfFmByIEIlPSkpMVTFEUedY5UaFXwhWhuQb4Ci0r3QlPCLmQnPin1O4Vb59K2KieJwTvVnZzY3Y3Avj-D91acTMRGN6OabuIDDOH4nl0qDJABkZ6tnYk735ot8s3oyvJmZgmsW0qLOC_OoNMGZqLUTQzCrEayJ-gTXKr6HSvClN-4KGi4htHHLwYjrSCr_6tnQxDhZvNq7GKgXUEXfeUmZGQ==",
|
|
expectedError: "state is expired",
|
|
},
|
|
}
|
|
for _, testData := range tests {
|
|
t.Run(testData.name, func(t *testing.T) {
|
|
cfg := &config.Config{
|
|
Secrets: config.Secrets{Keys: []string{"thirty-two-byte-long-test-secret"}},
|
|
}
|
|
_, err := VerifyState(cfg, testData.state, testData.expectedState)
|
|
assert.NotNil(t, err)
|
|
assert.True(t, strings.Contains(err.Error(), testData.expectedError))
|
|
})
|
|
}
|
|
}
|