Documentation ¶
Overview ¶
Package authtest provides a wrapped httptest.Server that will respond to auth0 requests. The most common request is related to authentication and token verification, to authenticate requests to the BFF server, use this package's token generation methods to create a token that will be validated by the authentication middleware. Note that you will have to configure the Authenticate middleware to use the correct TLS client.
This module also provides a singleton authtest.Server that can be used on demand from both tests and live server code by calling the package level functions authtest.Serve() and authtest.Close respectively. This ensures that tests do not require injection of the authentication mechanism. The first time that authtest.Serve is called a new server will be created; and the first time authtest.Close is called, the server will be closed. Note however that a new server will not be created on subsequent calls, so it's important to ensure that Close is not called before the tests are complete.
Index ¶
- Constants
- func Close()
- func NewRoleList(names []string) *management.RoleList
- func NewRoles() *management.RoleList
- func NewUserRoles() map[string]*management.RoleList
- func NewUsers() map[string]*management.User
- type Claims
- type Config
- type OpenIDConfiguration
- type RoleParams
- type Server
- func (s *Server) AssignUserRoles(w http.ResponseWriter, r *http.Request)
- func (s *Server) Client() *http.Client
- func (s *Server) Close()
- func (s *Server) Config() config.AuthConfig
- func (s *Server) CreateUser(w http.ResponseWriter, r *http.Request)
- func (s *Server) GenerateTicket(w http.ResponseWriter, r *http.Request)
- func (s *Server) GetRoles(w http.ResponseWriter, r *http.Request)
- func (s *Server) GetUser() *management.User
- func (s *Server) GetUserAppMetadata() *map[string]interface{}
- func (s *Server) GetUserRoles() (names []string)
- func (s *Server) JWKS(w http.ResponseWriter, r *http.Request)
- func (s *Server) ListUserRoles(w http.ResponseWriter, r *http.Request)
- func (s *Server) ListUsers(w http.ResponseWriter, r *http.Request)
- func (s *Server) NewToken(permissions ...string) (tks string, err error)
- func (s *Server) NewTokenWithClaims(claims *Claims) (tks string, err error)
- func (s *Server) OpenIDConfiguration(w http.ResponseWriter, r *http.Request)
- func (s *Server) PatchUser(w http.ResponseWriter, r *http.Request)
- func (s *Server) RemoveUserRoles(w http.ResponseWriter, r *http.Request)
- func (s *Server) ResetUserAppMetadata()
- func (s *Server) ResetUserEmail()
- func (s *Server) RetrieveUser(w http.ResponseWriter, r *http.Request)
- func (s *Server) Roles(w http.ResponseWriter, r *http.Request)
- func (s *Server) SetUserAppMetadata(appdata *map[string]interface{})
- func (s *Server) SetUserEmail(email string)
- func (s *Server) SetUserRoles(roles []string)
- func (s *Server) UserRoles(w http.ResponseWriter, r *http.Request)
- func (s *Server) Users(w http.ResponseWriter, r *http.Request)
Constants ¶
const ( KeyID = "StyqeY8Kl4Eam28KsUs" ClientID = "a5laOSr0NOX1L53yBaNtumKOoExFxptc" ClientSecret = "me4JZSvBvPSnBaM0h0AoXgXPn1VBiBMz0bL7E/sV1isndP9lZ5ptm5NWA9IkKwEb" Audience = "http://localhost" ConnectionName = "Username-Password-Authentication" RedirectURL = "https://localhost/auth/callback" Name = "Leopold Wentzel" Email = "leopold.wentzel@gmail.com" UserID = "test|abcdefg1234567890" UserRole = "Organization Collaborator" OrgID = "b1b9e9b1-9a44-4317-aefa-473971b4df42" MainNetVASP = "87d92fd1-53cf-47d8-85b1-048e8a38ced9" TestNetVASP = "d0082f55-d3ba-4726-a46d-85e3f5a2911f" Scope = "openid profile email" )
Variables ¶
This section is empty.
Functions ¶
func Close ¶
func Close()
Close shuts down the single authtest server and cleans it up. This method should only be called once when tests are completed. When the singleton server is shutdown it can no longer be created a second time because of the use of sync.Once.
func NewRoleList ¶ added in v1.5.4
func NewRoleList(names []string) *management.RoleList
NewRoleList initializes a role list with the given role names.
func NewRoles ¶ added in v1.5.4
func NewRoles() *management.RoleList
NewRoles creates some default roles for testing.
func NewUserRoles ¶ added in v1.5.4
func NewUserRoles() map[string]*management.RoleList
NewUserRoles creates some default user roles for testing.
func NewUsers ¶ added in v1.5.1
func NewUsers() map[string]*management.User
NewUsers creates some default users for testing.
Types ¶
type Claims ¶
type Claims struct { jwt.RegisteredClaims Email string `json:"https://vaspdirectory.net/email"` OrgID string `json:"https://vaspdirectory.net/orgid"` VASPs map[string]string `json:"https://vaspdirectory.net/vasps"` Organizations []string `json:"https://vaspdirectory.net/organizations"` Scope string `json:"scope"` Permissions []string `json:"permissions"` }
Claims must be defined here both to ensure we can use jwt and to ensure there are no recursive imports. That means this claims struct MUST be kept up to date with the auth.Claims struct that uses this package for testing.
type Config ¶
type Config struct { Domain string `envconfig:"AUTH0_DOMAIN"` ClientID string `envconfig:"AUTH0_CLIENT_ID"` ClientSecret string `envconfig:"AUTH0_CLIENT_SECRET"` TokenCache string `envconfig:"AUTH0_TOKEN_CACHE"` }
Config stores the client ID and secrets for accessing auth0 in order to conduct "live" tests against our actual development auth0 tenant. If this config is zero or invalid then the live tests should be skipped.
func (Config) AuthConfig ¶
func (c Config) AuthConfig() config.AuthConfig
type OpenIDConfiguration ¶
type OpenIDConfiguration struct { Issuer string `json:"issuer"` AuthorizationEP string `json:"authorization_endpoint"` TokenEP string `json:"token_endpoint"` DeviceAuthorizationEP string `json:"device_authorization_endpoint"` UserInfoEP string `json:"userinfo_endpoint"` MFAChallengeEP string `json:"mfa_challenge_endpoint"` JWKSURI string `json:"jwks_uri"` RegistrationEP string `json:"registration_endpoint"` RevocationEP string `json:"revocation_endpoint"` ScopesSupported []string `json:"scopes_supported"` ResponseTypesSupported []string `json:"response_types_supported"` CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"` ResponseModesSupported []string `json:"response_modes_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenSigningAlgValues []string `json:"id_token_signing_alg_values_supported"` TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"` ClaimsSupported []string `json:"claims_supported"` RequestURIPArameterSupported bool `json:"request_uri_parameter_supported"` }
func NewOpenIDConfiguration ¶
func NewOpenIDConfiguration(u *url.URL) *OpenIDConfiguration
type RoleParams ¶ added in v1.6.0
type RoleParams struct {
Roles []string `json:"roles"`
}
type Server ¶
Server wraps an httptest.Server to provide a default handler for auth0 requests.
func New ¶
New starts and returns a new Auth0 server using TLS. The caller should call close when finished, to shut it down. The server can also issue tokens for authentication.
func Serve ¶
Serve creates the singleton authtest server if it does not already exist and returns it for use in tests and test dependency injection. If creating the server resulted in an error then the error is returned. Once Close is called, this method will return nil since the server is a singleton and can only be created once. Ensure that Close is not called until the tests are complete.
func (*Server) AssignUserRoles ¶ added in v1.5.4
func (s *Server) AssignUserRoles(w http.ResponseWriter, r *http.Request)
func (*Server) Config ¶
func (s *Server) Config() config.AuthConfig
Config returns an AuthConfig that can be used to setup middleware.
func (*Server) CreateUser ¶ added in v1.6.0
func (s *Server) CreateUser(w http.ResponseWriter, r *http.Request)
func (*Server) GenerateTicket ¶ added in v1.6.0
func (s *Server) GenerateTicket(w http.ResponseWriter, r *http.Request)
func (*Server) GetRoles ¶ added in v1.5.4
func (s *Server) GetRoles(w http.ResponseWriter, r *http.Request)
func (*Server) GetUser ¶ added in v1.5.1
func (s *Server) GetUser() *management.User
Expose the user record to the tests.
func (*Server) GetUserAppMetadata ¶ added in v1.5.1
Expose the test user's app metadata to the tests.
func (*Server) GetUserRoles ¶ added in v1.6.0
Get the current user's roles.
func (*Server) ListUserRoles ¶ added in v1.5.4
func (s *Server) ListUserRoles(w http.ResponseWriter, r *http.Request)
func (*Server) ListUsers ¶ added in v1.6.0
func (s *Server) ListUsers(w http.ResponseWriter, r *http.Request)
func (*Server) NewTokenWithClaims ¶
NewTokenWithClaims allows test user to specifically configure their claims.
func (*Server) OpenIDConfiguration ¶
func (s *Server) OpenIDConfiguration(w http.ResponseWriter, r *http.Request)
func (*Server) PatchUser ¶ added in v1.6.1
func (s *Server) PatchUser(w http.ResponseWriter, r *http.Request)
func (*Server) RemoveUserRoles ¶ added in v1.5.4
func (s *Server) RemoveUserRoles(w http.ResponseWriter, r *http.Request)
func (*Server) ResetUserAppMetadata ¶ added in v1.6.0
func (s *Server) ResetUserAppMetadata()
Reset the test user's app metadata to the default.
func (*Server) ResetUserEmail ¶ added in v1.6.0
func (s *Server) ResetUserEmail()
Reset the current user email to the default.
func (*Server) RetrieveUser ¶ added in v1.6.1
func (s *Server) RetrieveUser(w http.ResponseWriter, r *http.Request)
func (*Server) Roles ¶ added in v1.5.4
func (s *Server) Roles(w http.ResponseWriter, r *http.Request)
func (*Server) SetUserAppMetadata ¶ added in v1.6.0
Update the test user with unstructured app metadata.
func (*Server) SetUserEmail ¶ added in v1.6.0
Set the current user email.
func (*Server) SetUserRoles ¶ added in v1.6.0
Set the current user's roles.