oidctestutil

package
v0.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2023 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FilterClientSecretCreateActions added in v0.20.0

func FilterClientSecretCreateActions(actions []kubetesting.Action) []kubetesting.Action

FilterClientSecretCreateActions ignores any reads made to get a storage secret corresponding to an OIDCClient, since these are normal actions when the request is using a dynamic client's client_id, and we don't need to make assertions about these Secrets since they are not related to session storage.

func RequireAuthCodeRegexpMatch added in v0.10.0

func RequireAuthCodeRegexpMatch(
	t *testing.T,
	actualContent string,
	wantRegexp string,
	kubeClient *fake.Clientset,
	secretsClient v1.SecretInterface,
	oauthStore fositestoragei.AllFositeStorage,
	wantDownstreamGrantedScopes []string,
	wantDownstreamIDTokenSubject string,
	wantDownstreamIDTokenUsername string,
	wantDownstreamIDTokenGroups []string,
	wantDownstreamRequestedScopes []string,
	wantDownstreamPKCEChallenge string,
	wantDownstreamPKCEChallengeMethod string,
	wantDownstreamNonce string,
	wantDownstreamClientID string,
	wantDownstreamRedirectURI string,
	wantCustomSessionData *psession.CustomSessionData,
	wantDownstreamAdditionalClaims map[string]interface{},
)

func VerifyECDSAIDToken

func VerifyECDSAIDToken(
	t *testing.T,
	issuer, clientID string,
	jwtSigningKey *ecdsa.PrivateKey,
	idToken string,
) *coreosoidc.IDToken

VerifyECDSAIDToken verifies that the provided idToken was issued via the provided jwtSigningKey. It also performs some light validation on the claims, i.e., it makes sure the provided idToken has the provided issuer and clientID.

Further validation can be done via callers via the returned coreosoidc.IDToken.

Types

type ExchangeAuthcodeAndValidateTokenArgs

type ExchangeAuthcodeAndValidateTokenArgs struct {
	Ctx                  context.Context
	Authcode             string
	PKCECodeVerifier     pkce.Code
	ExpectedIDTokenNonce nonce.Nonce
	RedirectURI          string
}

ExchangeAuthcodeAndValidateTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ExchangeAuthcodeAndValidateTokensFunc().

type ExpectedUpstreamStateParamFormat

type ExpectedUpstreamStateParamFormat struct {
	P string `json:"p"`
	U string `json:"u"`
	T string `json:"t"`
	N string `json:"n"`
	C string `json:"c"`
	K string `json:"k"`
	V string `json:"v"`
}

Declare a separate type from the production code to ensure that the state param's contents was serialized in the format that we expect, with the json keys that we expect, etc. This also ensure that the order of the serialized fields is the same, which doesn't really matter expect that we can make simpler equality assertions about the redirect URL in this test.

type PasswordCredentialsGrantAndValidateTokensArgs added in v0.11.0

type PasswordCredentialsGrantAndValidateTokensArgs struct {
	Ctx      context.Context
	Username string
	Password string
}

PasswordCredentialsGrantAndValidateTokensArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.PasswordCredentialsGrantAndValidateTokensFunc().

type PerformRefreshArgs added in v0.13.0

type PerformRefreshArgs struct {
	Ctx              context.Context
	RefreshToken     string
	DN               string
	ExpectedUsername string
	ExpectedSubject  string
}

PerformRefreshArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.PerformRefreshFunc().

type RevokeTokenArgs added in v0.13.0

type RevokeTokenArgs struct {
	Ctx       context.Context
	Token     string
	TokenType provider.RevocableTokenType
}

RevokeTokenArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.RevokeTokenArgsFunc().

type TestUpstreamLDAPIdentityProvider

type TestUpstreamLDAPIdentityProvider struct {
	Name             string
	ResourceUID      types.UID
	URL              *url.URL
	AuthenticateFunc func(ctx context.Context, username, password string) (*authenticators.Response, bool, error)

	PerformRefreshErr    error
	PerformRefreshGroups []string
	// contains filtered or unexported fields
}

func (*TestUpstreamLDAPIdentityProvider) AuthenticateUser

func (u *TestUpstreamLDAPIdentityProvider) AuthenticateUser(ctx context.Context, username, password string, grantedScopes []string) (*authenticators.Response, bool, error)

func (*TestUpstreamLDAPIdentityProvider) GetName

func (*TestUpstreamLDAPIdentityProvider) GetResourceUID added in v0.13.0

func (u *TestUpstreamLDAPIdentityProvider) GetResourceUID() types.UID

func (*TestUpstreamLDAPIdentityProvider) GetURL

func (*TestUpstreamLDAPIdentityProvider) PerformRefresh added in v0.13.0

func (u *TestUpstreamLDAPIdentityProvider) PerformRefresh(ctx context.Context, storedRefreshAttributes provider.RefreshAttributes) ([]string, error)

func (*TestUpstreamLDAPIdentityProvider) PerformRefreshArgs added in v0.13.0

func (u *TestUpstreamLDAPIdentityProvider) PerformRefreshArgs(call int) *PerformRefreshArgs

func (*TestUpstreamLDAPIdentityProvider) PerformRefreshCallCount added in v0.13.0

func (u *TestUpstreamLDAPIdentityProvider) PerformRefreshCallCount() int

type TestUpstreamOIDCIdentityProvider

type TestUpstreamOIDCIdentityProvider struct {
	Name                     string
	ClientID                 string
	ResourceUID              types.UID
	AuthorizationURL         url.URL
	UserInfoURL              bool
	RevocationURL            *url.URL
	UsernameClaim            string
	GroupsClaim              string
	Scopes                   []string
	AdditionalAuthcodeParams map[string]string
	AdditionalClaimMappings  map[string]string
	AllowPasswordGrant       bool

	ExchangeAuthcodeAndValidateTokensFunc func(
		ctx context.Context,
		authcode string,
		pkceCodeVerifier pkce.Code,
		expectedIDTokenNonce nonce.Nonce,
	) (*oidctypes.Token, error)

	PasswordCredentialsGrantAndValidateTokensFunc func(
		ctx context.Context,
		username string,
		password string,
	) (*oidctypes.Token, error)

	PerformRefreshFunc func(ctx context.Context, refreshToken string) (*oauth2.Token, error)

	RevokeTokenFunc func(ctx context.Context, refreshToken string, tokenType provider.RevocableTokenType) error

	ValidateTokenAndMergeWithUserInfoFunc func(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error)
	// contains filtered or unexported fields
}

func (*TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant added in v0.11.0

func (u *TestUpstreamOIDCIdentityProvider) AllowsPasswordGrant() bool

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokens(
	ctx context.Context,
	authcode string,
	pkceCodeVerifier pkce.Code,
	expectedIDTokenNonce nonce.Nonce,
	redirectURI string,
) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensArgs(call int) *ExchangeAuthcodeAndValidateTokenArgs

func (*TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount

func (u *TestUpstreamOIDCIdentityProvider) ExchangeAuthcodeAndValidateTokensCallCount() int

func (*TestUpstreamOIDCIdentityProvider) GetAdditionalAuthcodeParams added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) GetAdditionalAuthcodeParams() map[string]string

func (*TestUpstreamOIDCIdentityProvider) GetAdditionalClaimMappings added in v0.22.0

func (u *TestUpstreamOIDCIdentityProvider) GetAdditionalClaimMappings() map[string]string

func (*TestUpstreamOIDCIdentityProvider) GetAuthorizationURL

func (u *TestUpstreamOIDCIdentityProvider) GetAuthorizationURL() *url.URL

func (*TestUpstreamOIDCIdentityProvider) GetClientID

func (u *TestUpstreamOIDCIdentityProvider) GetClientID() string

func (*TestUpstreamOIDCIdentityProvider) GetGroupsClaim

func (u *TestUpstreamOIDCIdentityProvider) GetGroupsClaim() string

func (*TestUpstreamOIDCIdentityProvider) GetName

func (*TestUpstreamOIDCIdentityProvider) GetResourceUID added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) GetResourceUID() types.UID

func (*TestUpstreamOIDCIdentityProvider) GetRevocationURL added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) GetRevocationURL() *url.URL

func (*TestUpstreamOIDCIdentityProvider) GetScopes

func (u *TestUpstreamOIDCIdentityProvider) GetScopes() []string

func (*TestUpstreamOIDCIdentityProvider) GetUsernameClaim

func (u *TestUpstreamOIDCIdentityProvider) GetUsernameClaim() string

func (*TestUpstreamOIDCIdentityProvider) HasUserInfoURL added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) HasUserInfoURL() bool

func (*TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (u *TestUpstreamOIDCIdentityProvider) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) PerformRefresh added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error)

func (*TestUpstreamOIDCIdentityProvider) PerformRefreshArgs added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) PerformRefreshArgs(call int) *PerformRefreshArgs

func (*TestUpstreamOIDCIdentityProvider) PerformRefreshCallCount added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) PerformRefreshCallCount() int

func (*TestUpstreamOIDCIdentityProvider) RevokeToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProvider) RevokeTokenArgs added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) RevokeTokenArgs(call int) *RevokeTokenArgs

func (*TestUpstreamOIDCIdentityProvider) RevokeTokenCallCount added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) RevokeTokenCallCount() int

func (*TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfo added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfo(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce, requireIDToken bool, requireUserInfo bool) (*oidctypes.Token, error)

func (*TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfoArgs added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfoArgs(call int) *ValidateTokenAndMergeWithUserInfoArgs

func (*TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfoCallCount added in v0.13.0

func (u *TestUpstreamOIDCIdentityProvider) ValidateTokenAndMergeWithUserInfoCallCount() int

type TestUpstreamOIDCIdentityProviderBuilder added in v0.11.0

type TestUpstreamOIDCIdentityProviderBuilder struct {
	// contains filtered or unexported fields
}

func NewTestUpstreamOIDCIdentityProviderBuilder added in v0.11.0

func NewTestUpstreamOIDCIdentityProviderBuilder() *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) Build added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAccessToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAdditionalAuthcodeParams added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAdditionalClaimMappings added in v0.22.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAllowPasswordGrant added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithAuthorizationURL added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithClientID added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithEmptyAccessToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithEmptyRefreshToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithGroupsClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim added in v0.11.0

func (u *TestUpstreamOIDCIdentityProviderBuilder) WithIDTokenClaim(name string, value interface{}) *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) WithName added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithPasswordGrantError added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithPerformRefreshError added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithRefreshToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithRefreshedTokens added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithResourceUID added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithRevokeTokenError added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithScopes added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithUpstreamAuthcodeExchangeError added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithUserInfoURL added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithUsernameClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithValidateTokenAndMergeWithUserInfoError added in v0.13.0

func (u *TestUpstreamOIDCIdentityProviderBuilder) WithValidateTokenAndMergeWithUserInfoError(err error) *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) WithValidatedAndMergedWithUserInfoTokens added in v0.13.0

func (u *TestUpstreamOIDCIdentityProviderBuilder) WithValidatedAndMergedWithUserInfoTokens(tokens *oidctypes.Token) *TestUpstreamOIDCIdentityProviderBuilder

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutAccessToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutGroupsClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutIDTokenClaim added in v0.11.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutRefreshToken added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutUserInfoURL added in v0.13.0

func (*TestUpstreamOIDCIdentityProviderBuilder) WithoutUsernameClaim added in v0.11.0

type UpstreamIDPListerBuilder

type UpstreamIDPListerBuilder struct {
	// contains filtered or unexported fields
}

func NewUpstreamIDPListerBuilder

func NewUpstreamIDPListerBuilder() *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) Build

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToExchangeAuthcodeAndValidateTokens(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *ExchangeAuthcodeAndValidateTokenArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToPasswordCredentialsGrantAndValidateTokens(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *PasswordCredentialsGrantAndValidateTokensArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToPerformRefresh added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToPerformRefresh(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *PerformRefreshArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToRevokeToken added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToRevokeToken(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *RevokeTokenArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyOneCallToValidateToken added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyOneCallToValidateToken(
	t *testing.T,
	expectedPerformedByUpstreamName string,
	expectedArgs *ValidateTokenAndMergeWithUserInfoArgs,
)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToExchangeAuthcodeAndValidateTokens(t *testing.T)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPasswordCredentialsGrantAndValidateTokens(t *testing.T)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPerformRefresh added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToPerformRefresh(t *testing.T)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToRevokeToken added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToRevokeToken(t *testing.T)

func (*UpstreamIDPListerBuilder) RequireExactlyZeroCallsToValidateToken added in v0.13.0

func (b *UpstreamIDPListerBuilder) RequireExactlyZeroCallsToValidateToken(t *testing.T)

func (*UpstreamIDPListerBuilder) WithActiveDirectory added in v0.11.0

func (b *UpstreamIDPListerBuilder) WithActiveDirectory(upstreamActiveDirectoryIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) WithLDAP

func (b *UpstreamIDPListerBuilder) WithLDAP(upstreamLDAPIdentityProviders ...*TestUpstreamLDAPIdentityProvider) *UpstreamIDPListerBuilder

func (*UpstreamIDPListerBuilder) WithOIDC

func (b *UpstreamIDPListerBuilder) WithOIDC(upstreamOIDCIdentityProviders ...*TestUpstreamOIDCIdentityProvider) *UpstreamIDPListerBuilder

type UpstreamStateParamBuilder added in v0.18.0

type UpstreamStateParamBuilder ExpectedUpstreamStateParamFormat

func (UpstreamStateParamBuilder) Build added in v0.18.0

func (*UpstreamStateParamBuilder) WithAuthorizeRequestParams added in v0.18.0

func (b *UpstreamStateParamBuilder) WithAuthorizeRequestParams(params string) *UpstreamStateParamBuilder

func (*UpstreamStateParamBuilder) WithCSRF added in v0.18.0

func (*UpstreamStateParamBuilder) WithNonce added in v0.18.0

func (*UpstreamStateParamBuilder) WithPKCE added in v0.18.0

func (*UpstreamStateParamBuilder) WithStateVersion added in v0.18.0

func (b *UpstreamStateParamBuilder) WithStateVersion(version string) *UpstreamStateParamBuilder

func (*UpstreamStateParamBuilder) WithUpstreamIDPType added in v0.18.0

func (b *UpstreamStateParamBuilder) WithUpstreamIDPType(upstreamIDPType string) *UpstreamStateParamBuilder

type ValidateRefreshArgs added in v0.13.0

type ValidateRefreshArgs struct {
	Ctx              context.Context
	Tok              *oauth2.Token
	StoredAttributes provider.RefreshAttributes
}

type ValidateTokenAndMergeWithUserInfoArgs added in v0.13.0

type ValidateTokenAndMergeWithUserInfoArgs struct {
	Ctx                  context.Context
	Tok                  *oauth2.Token
	ExpectedIDTokenNonce nonce.Nonce
	RequireIDToken       bool
	RequireUserInfo      bool
}

ValidateTokenAndMergeWithUserInfoArgs is used to spy on calls to TestUpstreamOIDCIdentityProvider.ValidateTokenAndMergeWithUserInfoFunc().

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL