func TestKeycloakAuthorizationRedirect(t *testing.T) {
resource.Require(t, resource.UnitTest)
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/api/login/authorize"),
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
// The user clicks login while on ALM UI.
// Therefore the referer would be an ALM URL.
refererUrl := "https://alm-url.example.org/path"
req.Header.Add("referer", refererUrl)
prms := url.Values{}
ctx := context.Background()
goaCtx := goa.NewContext(goa.WithAction(ctx, "LoginTest"), rw, req, prms)
authorizeCtx, err := app.NewAuthorizeLoginContext(goaCtx, goa.New("LoginService"))
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
err = loginService.Perform(authorizeCtx)
assert.Equal(t, 307, rw.Code)
assert.Contains(t, rw.Header().Get("Location"), configuration.GetKeycloakEndpointAuth())
}
func TestInvalidState(t *testing.T) {
resource.Require(t, resource.UnitTest)
// Setup request context
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/api/login/authorize"),
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
// The OAuth 'state' is sent as a query parameter by calling /api/login/authorize?code=_SOME_CODE_&state=_SOME_STATE_
// The request originates from Keycloak after a valid authorization by the end user.
// This is not where the redirection should happen on failure.
refererKeyclaokUrl := "https://keycloak-url.example.org/path-of-login"
req.Header.Add("referer", refererKeyclaokUrl)
prms := url.Values{
"state": {},
"code": {"doesnt_matter_what_is_here"},
}
ctx := context.Background()
goaCtx := goa.NewContext(goa.WithAction(ctx, "LoginTest"), rw, req, prms)
authorizeCtx, err := app.NewAuthorizeLoginContext(goaCtx, goa.New("LoginService"))
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
err = loginService.Perform(authorizeCtx)
assert.Equal(t, 401, rw.Code)
}
// StartAeOK runs the method Start of the given controller with the given parameters.
// It returns the response writer so it's possible to inspect the response headers.
// If ctx is nil then context.Background() is used.
// If service is nil then a default service is created.
func StartAeOK(t goatest.TInterface, ctx context.Context, service *goa.Service, ctrl app.AeController) http.ResponseWriter {
// Setup service
var (
logBuf bytes.Buffer
resp interface{}
respSetter goatest.ResponseSetterFunc = func(r interface{}) { resp = r }
)
if service == nil {
service = goatest.Service(&logBuf, respSetter)
} else {
logger := log.New(&logBuf, "", log.Ltime)
service.WithLogger(goa.NewLogger(logger))
newEncoder := func(io.Writer) goa.Encoder { return respSetter }
service.Encoder = goa.NewHTTPEncoder() // Make sure the code ends up using this decoder
service.Encoder.Register(newEncoder, "*/*")
}
// Setup request context
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/_ah/start"),
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
prms := url.Values{}
if ctx == nil {
ctx = context.Background()
}
goaCtx := goa.NewContext(goa.WithAction(ctx, "AeTest"), rw, req, prms)
startCtx, err := app.NewStartAeContext(goaCtx, service)
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
// Perform action
err = ctrl.Start(startCtx)
// Validate response
if err != nil {
t.Fatalf("controller returned %s, logs:\n%s", err, logBuf.String())
}
if rw.Code != 200 {
t.Errorf("invalid response status code: got %+v, expected 200", rw.Code)
}
// Return results
return rw
}
// searchByURL copies much of the codebase from search_testing.go->ShowSearchOK
// and customises the values to add custom Host in the call.
func searchByURL(t *testing.T, customHost, queryString string) *app.SearchWorkItemList {
service := getServiceAsUser()
var resp interface{}
var respSetter goatest.ResponseSetterFunc = func(r interface{}) { resp = r }
newEncoder := func(io.Writer) goa.Encoder { return respSetter }
service.Encoder = goa.NewHTTPEncoder()
service.Encoder.Register(newEncoder, "*/*")
rw := httptest.NewRecorder()
query := url.Values{}
u := &url.URL{
Path: fmt.Sprintf("/api/search"),
RawQuery: query.Encode(),
Host: customHost,
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
prms := url.Values{}
prms["q"] = []string{queryString} // any value will do
ctx := service.Context
goaCtx := goa.NewContext(goa.WithAction(ctx, "SearchTest"), rw, req, prms)
showCtx, err := app.NewShowSearchContext(goaCtx, service)
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
ctrl := NewSearchController(service, gormapplication.NewGormDB(DB))
// Perform action
err = ctrl.Show(showCtx)
// Validate response
if err != nil {
t.Fatalf("controller returned %s", err)
}
if rw.Code != 200 {
t.Fatalf("invalid response status code: got %+v, expected 200", rw.Code)
}
mt, ok := resp.(*app.SearchWorkItemList)
if !ok {
t.Fatalf("invalid response media: got %+v, expected instance of app.SearchWorkItemList", resp)
}
return mt
}
// ShowBottleOK Show runs the method Show of the given controller with the given parameters.
// It returns the response writer so it's possible to inspect the response headers and the media type struct written to the response.
// If ctx is nil then context.Background() is used.
// If service is nil then a default service is created.
func ShowBottleOK(t *testing.T, ctx context.Context, service *goa.Service, ctrl app.BottleController, id int) (http.ResponseWriter, *app.Bottle) {
// Setup service
var (
logBuf bytes.Buffer
resp interface{}
respSetter goatest.ResponseSetterFunc = func(r interface{}) { resp = r }
)
if service == nil {
service = goatest.Service(&logBuf, respSetter)
} else {
logger := log.New(&logBuf, "", log.Ltime)
service.WithLogger(goa.NewLogger(logger))
newEncoder := func(io.Writer) goa.Encoder { return respSetter }
service.Encoder = goa.NewHTTPEncoder() // Make sure the code ends up using this decoder
service.Encoder.Register(newEncoder, "*/*")
}
// Setup request context
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/bottles/%v", id),
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
prms := url.Values{}
prms["id"] = []string{fmt.Sprintf("%v", id)}
if ctx == nil {
ctx = context.Background()
}
goaCtx := goa.NewContext(goa.WithAction(ctx, "BottleTest"), rw, req, prms)
showCtx, err := app.NewShowBottleContext(goaCtx, service)
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
// Perform action
err = ctrl.Show(showCtx)
// Validate response
if err != nil {
t.Fatalf("controller returned %s, logs:\n%s", err, logBuf.String())
}
if rw.Code != 200 {
t.Errorf("invalid response status code: got %+v, expected 200", rw.Code)
}
var mt *app.Bottle
if resp != nil {
var ok bool
mt, ok = resp.(*app.Bottle)
if !ok {
t.Errorf("invalid response media: got %+v, expected instance of app.Bottle", resp)
}
err = mt.Validate()
if err != nil {
t.Errorf("invalid response media type: %s", err)
}
}
// Return results
return rw, mt
}
// CreateBottleCreated Create runs the method Create of the given controller with the given parameters and payload.
// It returns the response writer so it's possible to inspect the response headers.
// If ctx is nil then context.Background() is used.
// If service is nil then a default service is created.
func CreateBottleCreated(t *testing.T, ctx context.Context, service *goa.Service, ctrl app.BottleController, payload *app.CreateBottlePayload) http.ResponseWriter {
// Setup service
var (
logBuf bytes.Buffer
resp interface{}
respSetter goatest.ResponseSetterFunc = func(r interface{}) { resp = r }
)
if service == nil {
service = goatest.Service(&logBuf, respSetter)
} else {
logger := log.New(&logBuf, "", log.Ltime)
service.WithLogger(goa.NewLogger(logger))
newEncoder := func(io.Writer) goa.Encoder { return respSetter }
service.Encoder = goa.NewHTTPEncoder() // Make sure the code ends up using this decoder
service.Encoder.Register(newEncoder, "*/*")
}
// Validate payload
err := payload.Validate()
if err != nil {
e, ok := err.(*goa.Error)
if !ok {
panic(err) // bug
}
if e.Status != 201 {
t.Errorf("unexpected payload validation error: %+v", e)
}
return nil
}
// Setup request context
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/bottles"),
}
req, err := http.NewRequest("POST", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
prms := url.Values{}
if ctx == nil {
ctx = context.Background()
}
goaCtx := goa.NewContext(goa.WithAction(ctx, "BottleTest"), rw, req, prms)
createCtx, err := app.NewCreateBottleContext(goaCtx, service)
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
createCtx.Payload = payload
// Perform action
err = ctrl.Create(createCtx)
// Validate response
if err != nil {
t.Fatalf("controller returned %s, logs:\n%s", err, logBuf.String())
}
if rw.Code != 201 {
t.Errorf("invalid response status code: got %+v, expected 201", rw.Code)
}
// Return results
return rw
}
logger = new(testLogger)
service = newService(logger)
var err error
req, err = http.NewRequest("POST", "/goo?param=value", strings.NewReader(`{"payload":42}`))
Ω(err).ShouldNot(HaveOccurred())
rw = new(testResponseWriter)
params = url.Values{"query": []string{"value"}}
ctrl := service.NewController("test")
ctx = goa.NewContext(ctrl.Context, rw, req, params)
goa.ContextRequest(ctx).Payload = payload
})
It("logs requests", func() {
// Add Action name to the context to make sure we log it properly.
ctx = goa.WithAction(ctx, "goo")
h := func(ctx context.Context, rw http.ResponseWriter, req *http.Request) error {
return service.Send(ctx, 200, "ok")
}
lg := middleware.LogRequest(true)(h)
Ω(lg(ctx, rw, req)).ShouldNot(HaveOccurred())
Ω(logger.InfoEntries).Should(HaveLen(4))
Ω(logger.InfoEntries[0].Data).Should(HaveLen(10))
Ω(logger.InfoEntries[0].Data[0]).Should(Equal("req_id"))
Ω(logger.InfoEntries[0].Data[2]).Should(Equal("POST"))
Ω(logger.InfoEntries[0].Data[3]).Should(Equal("/goo?param=value"))
Ω(logger.InfoEntries[1].Data).Should(HaveLen(4))
Ω(logger.InfoEntries[1].Data[0]).Should(Equal("req_id"))
func TestInvalidOAuthAuthorizationCode(t *testing.T) {
// When a valid referrer talks to our system and provides
// an invalid OAuth2.0 code, the access token exchange
// fails. In such a scenario, there is response redirection
// to the valid referer, ie, the URL where the request originated from.
// Currently, this should be something like https://demo.almighty.org/somepage/
resource.Require(t, resource.UnitTest)
// Setup request context
rw := httptest.NewRecorder()
u := &url.URL{
Path: fmt.Sprintf("/api/login/authorize"),
}
req, err := http.NewRequest("GET", u.String(), nil)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
// The user clicks login while on ALM UI.
// Therefore the referer would be an ALM URL.
refererUrl := "https://alm-url.example.org/path"
req.Header.Add("referer", refererUrl)
prms := url.Values{}
ctx := context.Background()
goaCtx := goa.NewContext(goa.WithAction(ctx, "LoginTest"), rw, req, prms)
authorizeCtx, err := app.NewAuthorizeLoginContext(goaCtx, goa.New("LoginService"))
if err != nil {
panic("invalid test data " + err.Error()) // bug
}
err = loginService.Perform(authorizeCtx)
assert.Equal(t, 307, rw.Code) // redirect to keycloak login page.
locationString := rw.HeaderMap["Location"][0]
locationUrl, err := url.Parse(locationString)
if err != nil {
t.Fatal("Redirect URL is in a wrong format ", err)
}
t.Log(locationString)
allQueryParameters := locationUrl.Query()
// Avoiding panics.
assert.NotNil(t, allQueryParameters)
assert.NotNil(t, allQueryParameters["state"][0])
returnedState := allQueryParameters["state"][0]
prms = url.Values{
"state": {returnedState},
"code": {"INVALID_OAUTH2.0_CODE"},
}
ctx = context.Background()
rw = httptest.NewRecorder()
req, err = http.NewRequest("GET", u.String(), nil)
// The OAuth code is sent as a query parameter by calling /api/login/authorize?code=_SOME_CODE_&state=_SOME_STATE_
// The request originates from Keycloak after a valid authorization by the end user.
// This is not where the redirection should happen on failure.
refererKeycloakUrl := "https://keycloak-url.example.org/path-of-login"
req.Header.Add("referer", refererKeycloakUrl)
if err != nil {
panic("invalid test " + err.Error()) // bug
}
goaCtx = goa.NewContext(goa.WithAction(ctx, "LoginTest"), rw, req, prms)
authorizeCtx, err = app.NewAuthorizeLoginContext(goaCtx, goa.New("LoginService"))
err = loginService.Perform(authorizeCtx)
locationString = rw.HeaderMap["Location"][0]
locationUrl, err = url.Parse(locationString)
if err != nil {
t.Fatal("Redirect URL is in a wrong format ", err)
}
t.Log(locationString)
allQueryParameters = locationUrl.Query()
assert.Equal(t, 307, rw.Code) // redirect to ALM page where login was clicked.
// Avoiding panics.
assert.NotNil(t, allQueryParameters)
assert.NotNil(t, allQueryParameters["error"])
assert.Equal(t, allQueryParameters["error"][0], InvalidCodeError)
returnedErrorReason := allQueryParameters["error"][0]
assert.NotEmpty(t, returnedErrorReason)
assert.NotContains(t, locationString, refererKeycloakUrl)
assert.Contains(t, locationString, refererUrl)
}