func setup() {
var err error
if err = configuration.Setup(""); err != nil {
panic(fmt.Errorf("Failed to setup the configuration: %s", err.Error()))
}
oauth := &oauth2.Config{
ClientID: configuration.GetKeycloakClientID(),
ClientSecret: configuration.GetKeycloakSecret(),
Scopes: []string{"user:email"},
Endpoint: oauth2.Endpoint{
AuthURL: "http://sso.demo.almighty.io/auth/realms/demo/protocol/openid-connect/auth",
TokenURL: "http://sso.demo.almighty.io/auth/realms/demo/protocol/openid-connect/token",
},
}
privateKey, err := token.ParsePrivateKey([]byte(configuration.GetTokenPrivateKey()))
if err != nil {
panic(err)
}
tokenManager := token.NewManagerWithPrivateKey(privateKey)
userRepository := account.NewUserRepository(nil)
identityRepository := account.NewIdentityRepository(nil)
loginService = &KeycloakOAuthProvider{
config: oauth,
Identities: identityRepository,
Users: userRepository,
TokenManager: tokenManager,
}
}
func getWorkItemTypeTestData(t *testing.T) []testSecureAPI {
privatekey, err := jwt.ParseRSAPrivateKeyFromPEM((configuration.GetTokenPrivateKey()))
if err != nil {
t.Fatal("Could not parse Key ", err)
}
differentPrivatekey, err := jwt.ParseRSAPrivateKeyFromPEM(([]byte(RSADifferentPrivateKeyTest)))
require.Nil(t, err)
createWITPayloadString := bytes.NewBuffer([]byte(`{"fields": {"system.administrator": {"Required": true,"Type": {"Kind": "string"}}},"name": "Epic"}`))
return []testSecureAPI{
// Create Work Item API with different parameters
{
method: http.MethodPost,
url: endpointWorkItemTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWITPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWITPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWITPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWITPayloadString,
jwtToken: "",
},
// Try fetching a random work Item Type
// We do not have security on GET hence this should return 404 not found
{
method: http.MethodGet,
url: endpointWorkItemTypes + "/someRandomTestWIT8712",
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
}, {
method: http.MethodGet,
url: fmt.Sprintf(endpointWorkItemTypesSourceLinkTypes, "someNotExistingWIT"),
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
}, {
method: http.MethodGet,
url: fmt.Sprintf(endpointWorkItemTypesTargetLinkTypes, "someNotExistingWIT"),
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
},
}
}
// The work item ID will be used to construct /api/workitems/:id/relationships/links endpoints
func getWorkItemRelationshipLinksTestData(t *testing.T, wiID string) func(t *testing.T) []testSecureAPI {
return func(t *testing.T) []testSecureAPI {
privatekey, err := jwt.ParseRSAPrivateKeyFromPEM((configuration.GetTokenPrivateKey()))
if err != nil {
t.Fatal("Could not parse Key ", err)
}
differentPrivatekey, err := jwt.ParseRSAPrivateKeyFromPEM(([]byte(RSADifferentPrivateKeyTest)))
if err != nil {
t.Fatal("Could not parse different private key ", err)
}
createWorkItemLinkPayloadString := bytes.NewBuffer([]byte(`
{
"data": {
"attributes": {
"version": 0
},
"id": "40bbdd3d-8b5d-4fd6-ac90-7236b669af04",
"relationships": {
"link_type": {
"data": {
"id": "6c5610be-30b2-4880-9fec-81e4f8e4fd76",
"type": "workitemlinktypes"
}
},
"source": {
"data": {
"id": "1234",
"type": "workitems"
}
},
"target": {
"data": {
"id": "1234",
"type": "workitems"
}
}
},
"type": "workitemlinks"
}
}
`))
relationshipsEndpoint := fmt.Sprintf(endpointWorkItemRelationshipsLinks, wiID)
testWorkItemLinksAPI := []testSecureAPI{
// Create Work Item API with different parameters
{
method: http.MethodPost,
url: relationshipsEndpoint,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: relationshipsEndpoint,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: relationshipsEndpoint,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPost,
url: relationshipsEndpoint,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: "",
},
}
return testWorkItemLinksAPI
}
}
func getWorkItemLinkTestData(t *testing.T) []testSecureAPI {
privatekey, err := jwt.ParseRSAPrivateKeyFromPEM((configuration.GetTokenPrivateKey()))
if err != nil {
t.Fatal("Could not parse Key ", err)
}
differentPrivatekey, err := jwt.ParseRSAPrivateKeyFromPEM(([]byte(RSADifferentPrivateKeyTest)))
if err != nil {
t.Fatal("Could not parse different private key ", err)
}
createWorkItemLinkPayloadString := bytes.NewBuffer([]byte(`
{
"data": {
"attributes": {
"version": 0
},
"id": "40bbdd3d-8b5d-4fd6-ac90-7236b669af04",
"relationships": {
"link_type": {
"data": {
"id": "6c5610be-30b2-4880-9fec-81e4f8e4fd76",
"type": "workitemlinktypes"
}
},
"source": {
"data": {
"id": "1234",
"type": "workitems"
}
},
"target": {
"data": {
"id": "1234",
"type": "workitems"
}
}
},
"type": "workitemlinks"
}
}
`))
testWorkItemLinksAPI := []testSecureAPI{
// Create Work Item API with different parameters
{
method: http.MethodPost,
url: endpointWorkItemLinks,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinks,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinks,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinks,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: "",
},
// Update Work Item API with different parameters
{
method: http.MethodPatch,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkPayloadString,
jwtToken: "",
},
// Delete Work Item API with different parameters
{
method: http.MethodDelete,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinks + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: "",
},
// Try fetching a random work item link
// We do not have security on GET hence this should return 404 not found
{
method: http.MethodGet,
url: endpointWorkItemLinks + "/fc591f38-a805-4abd-bfce-2460e49d8cc4",
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
},
}
return testWorkItemLinksAPI
}
func getWorkItemLinkTypeTestData(t *testing.T) []testSecureAPI {
privatekey, err := jwt.ParseRSAPrivateKeyFromPEM((configuration.GetTokenPrivateKey()))
if err != nil {
t.Fatal("Could not parse Key ", err)
}
differentPrivatekey, err := jwt.ParseRSAPrivateKeyFromPEM(([]byte(RSADifferentPrivateKeyTest)))
if err != nil {
t.Fatal("Could not parse different private key ", err)
}
createWorkItemLinkTypePayloadString := bytes.NewBuffer([]byte(`
{
"data": {
"type": "workitemlinktypes",
"id": "0270e113-7790-477f-9371-97c37d734d5d",
"attributes": {
"name": "sample",
"description": "A sample work item link type",
"version": 0,
"forward_name": "forward string name",
"reverse_name": "reverse string name"
},
"relationships": {
"link_category": {"data": {"type":"workitemlinkcategories", "id": "a75ea296-6378-4578-8573-90f11b8efb00"}},
"source_type": {"data": {"type":"workitemtypes", "id": "bug"}},
"target_type": {"data": {"type":"workitemtypes", "id": "bug"}}
}
}
}
`))
return []testSecureAPI{
// Create Work Item API with different parameters
{
method: http.MethodPost,
url: endpointWorkItemLinkTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkTypes,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: "",
},
// Update Work Item API with different parameters
{
method: http.MethodPatch,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkTypePayloadString,
jwtToken: "",
},
// Delete Work Item API with different parameters
{
method: http.MethodDelete,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkTypes + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: "",
},
// Try fetching a random work item link type
// We do not have security on GET hence this should return 404 not found
{
method: http.MethodGet,
url: endpointWorkItemLinkTypes + "/fc591f38-a805-4abd-bfce-2460e49d8cc4",
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
},
}
}
func getWorkItemLinkCategoryTestData(t *testing.T) []testSecureAPI {
privatekey, err := jwt.ParseRSAPrivateKeyFromPEM((configuration.GetTokenPrivateKey()))
if err != nil {
t.Fatal("Could not parse Key ", err)
}
differentPrivatekey, err := jwt.ParseRSAPrivateKeyFromPEM(([]byte(RSADifferentPrivateKeyTest)))
if err != nil {
t.Fatal("Could not parse different private key ", err)
}
createWorkItemLinkCategoryPayloadString := bytes.NewBuffer([]byte(`
{
"data": {
"attributes": {
"description": "A sample work item link category",
"name": "sample",
"version": 0
},
"id": "6c5610be-30b2-4880-9fec-81e4f8e4fddd",
"type": "workitemlinkcategories"
}
}
`))
return []testSecureAPI{
// Create Work Item API with different parameters
{
method: http.MethodPost,
url: endpointWorkItemLinkCategories,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkCategories,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkCategories,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPost,
url: endpointWorkItemLinkCategories,
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: "",
},
// Update Work Item API with different parameters
{
method: http.MethodPatch,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodPatch,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: createWorkItemLinkCategoryPayloadString,
jwtToken: "",
},
// Delete Work Item API with different parameters
{
method: http.MethodDelete,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getExpiredAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getMalformedAuthHeader(t, privatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: getValidAuthHeader(t, differentPrivatekey),
}, {
method: http.MethodDelete,
url: endpointWorkItemLinkCategories + "/6c5610be-30b2-4880-9fec-81e4f8e4fd76",
expectedStatusCode: http.StatusUnauthorized,
expectedErrorCode: jsonapi.ErrorCodeJWTSecurityError,
payload: nil,
jwtToken: "",
},
// Try fetching a random work item link category
// We do not have security on GET hence this should return 404 not found
{
method: http.MethodGet,
url: endpointWorkItemLinkCategories + "/fc591f38-a805-4abd-bfce-2460e49d8cc4",
expectedStatusCode: http.StatusNotFound,
expectedErrorCode: jsonapi.ErrorCodeNotFound,
payload: nil,
jwtToken: "",
},
}
}
