oidctestutil

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RequireAuthCodeRegexpMatch added in v0.10.0

func RequireAuthCodeRegexpMatch(
	t *testing.T,
	actualContent string,
	wantRegexp string,
	kubeClient *fake.Clientset,
	secretsClient v1.SecretInterface,
	oauthStore fositestoragei.AllFositeStorage,
	wantDownstreamGrantedScopes []string,
	wantDownstreamIDTokenSubject string,
	wantDownstreamIDTokenUsername string,
	wantDownstreamIDTokenGroups []string,
	wantDownstreamRequestedScopes []string,
	wantDownstreamPKCEChallenge string,
	wantDownstreamPKCEChallengeMethod string,
	wantDownstreamNonce string,
	wantDownstreamClientID string,
	wantDownstreamRedirectURI string,
)

func VerifyECDSAIDToken

func VerifyECDSAIDToken(
	t *testing.T,
	issuer, clientID string,
	jwtSigningKey *ecdsa.PrivateKey,
	idToken string,
) *coreosoidc.IDToken

VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.

Further validation can be done via callers via the returned coreosoidc.IDToken.

Types

type ExchangeAuthcodeAndValidateTokenArgs

type ExchangeAuthcodeAndValidateTokenArgs struct {
	Ctx                  context.Context
	Authcode             string
	PKCECodeVerifier     pkce.Code
	ExpectedIDTokenNonce nonce.Nonce
	RedirectURI          string
}

ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().

type ExpectedUpstreamStateParamFormat

type ExpectedUpstreamStateParamFormat struct {
	P string `json:"p"`
	U string `json:"u"`
	N string `json:"n"`
	C string `json:"c"`
	K string `json:"k"`
	V string `json:"v"`
}

Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.

type PasswordCredentialsGrantAndValidateTokensArgs added in v0.11.0

type PasswordCredentialsGrantAndValidateTokensArgs struct {
	Ctx      context.Context
	Username string
	Password string
}

PasswordCredentialsGrantAndValidateTokensArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.PasswordCredentialsGrantAndValidateTokensFunc().

type TestUpstreamLDAPIdentityProvider

type TestUpstreamLDAPIdentityProvider struct {
	Name             string
	URL              *url.URL
	AuthenticateFunc func(ctx context.Context, username, password string) (*authenticator.Response, bool, error)
}

func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser

func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string) (*authenticator.Response, bool, error)

func (*TestUpstreamLDAPIdentityProvider) GetName

func (*TestUpstreamLDAPIdentityProvider) GetURL

type TestUpstreamOIDCIdentityProvider

type TestUpstreamOIDCIdentityProvider struct {
	Name               string
	ClientID           string
	AuthorizationURL   url.URL
	UsernameClaim      string
	GroupsClaim        string
	Scopes             []string
	AllowPasswordGrant bool

	ExchangeAuthcodeAndValidateTokensFunc func(
		ctx context.Context,
		authcode string,
		pkceCodeVerifier pkce.Code,
		expectedIDTokenNonce nonce.Nonce,
	) (*oidctypes.Token, error)

	PasswordCredentialsGrantAndValidateTokensFunc func(
		ctx context.Context,
		username string,
		password string,
	) (*oidctypes.Token, error)
	// contains filtered or unexported fields
}

func (*TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant added in v0.11.0

func (u *TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant() bool

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(
	ctx context.Context,
	authcode string,
	pkceCodeVerifier pkce.Code,
	expectedIDTokenNonce nonce.Nonce,
	redirectURI string,
) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int

func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL

func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL

func (*TestUpstreamOIDCIdentityProvider) GetClientID

func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string

func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim

func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string

func (*TestUpstreamOIDCIdentityProvider) GetName

func (*TestUpstreamOIDCIdentityProvider) GetScopes

func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string

func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim

func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string

func (*TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (u *TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ValidateToken

type TestUpstreamOIDCIdentityProviderBuilder added in v0.11.0

type TestUpstreamOIDCIdentityProviderBuilder struct {
	// contains filtered or unexported fields
}

func NewTestUpstreamOIDCIdentityProviderBuilder added in v0.11.0

func NewTestUpstreamOIDCIdentityProviderBuilder() *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) Build added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAllowPasswordGrant added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAuthorizationURL added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithClientID added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithGroupsClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim added in v0.11.0

func (u *TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim(name string, value interface{}) *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) WithName added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithPasswordGrantError added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithScopes added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithUpstreamAuthcodeExchangeError added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithUsernameClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutGroupsClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutIDTokenClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutUsernameClaim added in v0.11.0

type UpstreamIDPListerBuilder

type UpstreamIDPListerBuilder struct {
	// contains filtered or unexported fields
}

func NewUpstreamIDPListerBuilder

func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) Build

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *ExchangeAuthcodeAndValidateTokenArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *PasswordCredentialsGrantAndValidateTokensArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens(t *testing.T)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens(t *testing.T)

func (*UpstreamIDPListerBuilder) WithActiveDirectory added in v0.11.0

func (b *UpstreamIDPListerBuilder) WithActiveDirectory(upstreamActiveDirectoryIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) WithLDAP

func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) WithOIDC

func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL