-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Print warning if an expected scope is missing (#124)
Should make it easier to debug scope-related issues even if the user didn't enable verbose logs. UDENG-4347
- Loading branch information
Showing
14 changed files
with
165 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
...ing_still_allowed_if_token_is_missing_scopes/cache/provider_url/test-user@email.com.cache
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Definitely an encrypted token |
3 changes: 3 additions & 0 deletions
3
...IsAuthenticated/golden/authenticating_still_allowed_if_token_is_missing_scopes/first_call
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
access: next | ||
data: '{}' | ||
err: <nil> |
3 changes: 3 additions & 0 deletions
3
...sAuthenticated/golden/authenticating_still_allowed_if_token_is_missing_scopes/second_call
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
access: granted | ||
data: '{"userinfo":{"name":"test-user@email.com","uuid":"test-user-id","dir":"/home/test-user@email.com","shell":"/usr/bin/bash","gecos":"test-user@email.com","groups":[{"name":"remote-group","ugid":"12345"},{"name":"linux-local-group","ugid":""}]}}' | ||
err: <nil> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package consts | ||
|
||
import "github.com/coreos/go-oidc/v3/oidc" | ||
|
||
var ( | ||
// DefaultScopes contains the OIDC scopes that we require for all providers. | ||
// Provider implementations can append additional scopes. | ||
DefaultScopes = []string{oidc.ScopeOpenID, "profile", "email"} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
package msentraid | ||
|
||
import "strings" | ||
|
||
// AllExpectedScopes returns all the default expected scopes for a new provider. | ||
func AllExpectedScopes() string { | ||
return strings.Join(New().expectedScopes, " ") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package msentraid_test | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
"github.com/ubuntu/authd-oidc-brokers/internal/providers/msentraid" | ||
"golang.org/x/oauth2" | ||
) | ||
|
||
func TestNew(t *testing.T) { | ||
p := msentraid.New() | ||
|
||
require.NotEmpty(t, p, "New should return a non-empty provider") | ||
} | ||
|
||
func TestCheckTokenScopes(t *testing.T) { | ||
t.Parallel() | ||
|
||
tests := map[string]struct { | ||
scopes string | ||
noExtraScopeField bool | ||
|
||
wantErr bool | ||
}{ | ||
"success when checking all scopes are present": {scopes: msentraid.AllExpectedScopes()}, | ||
"success even if getting more scopes than requested": {scopes: msentraid.AllExpectedScopes() + " extra-scope"}, | ||
|
||
"error with missing scopes": {scopes: "profile email", wantErr: true}, | ||
"error without extra scope field": {noExtraScopeField: true, wantErr: true}, | ||
"error with empty scopes": {scopes: "", wantErr: true}, | ||
} | ||
for name, tc := range tests { | ||
t.Run(name, func(t *testing.T) { | ||
t.Parallel() | ||
|
||
p := msentraid.New() | ||
|
||
token := &oauth2.Token{} | ||
if !tc.noExtraScopeField { | ||
token = token.WithExtra(map[string]interface{}{"scope": any(tc.scopes)}) | ||
} | ||
|
||
err := p.CheckTokenScopes(token) | ||
if tc.wantErr { | ||
require.Error(t, err, "CheckTokenScopes should return an error") | ||
return | ||
} | ||
|
||
require.NoError(t, err, "CheckTokenScopes should not return an error") | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters