From 6f13cb61453fc7ed1365fa9dd7cbf78d43be473c Mon Sep 17 00:00:00 2001
From: Olivier 'reivilibre <olivier@librepush.net>
Date: Sun, 7 Jul 2024 10:23:31 +0100
Subject: [PATCH] Add tests for JWKS, Discovery and userinfo endpoints

Signed-off-by: Olivier 'reivilibre <olivier@librepush.net>
---
 ...sts__test_oidc_auth_flow__7__userinfo.snap | 11 ++++++
 ...st_oidc_auth_flow__discovery_endpoint.snap |  9 +++++
 ...s__test_oidc_auth_flow__jwks_endpoint.snap |  9 +++++
 src/tests/test_oidc_auth_flow.rs              | 36 ++++++++++++++++++-
 4 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__7__userinfo.snap
 create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__discovery_endpoint.snap
 create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__jwks_endpoint.snap

diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__7__userinfo.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__7__userinfo.snap
new file mode 100644
index 0000000..133c97f
--- /dev/null
+++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__7__userinfo.snap
@@ -0,0 +1,11 @@
+---
+source: src/tests/test_oidc_auth_flow.rs
+expression: "(headers, json)"
+---
+- access-control-allow-origin: "*"
+  access-control-expose-headers: "*"
+  content-length: "92"
+  content-type: application/json
+- name: robert
+  preferred_username: robert
+  sub: 00000000-0000-0000-0000-000000000000
diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__discovery_endpoint.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__discovery_endpoint.snap
new file mode 100644
index 0000000..0a55506
--- /dev/null
+++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__discovery_endpoint.snap
@@ -0,0 +1,9 @@
+---
+source: src/tests/test_oidc_auth_flow.rs
+expression: "(headers, text)"
+---
+- access-control-allow-origin: "*"
+  access-control-expose-headers: "*"
+  content-length: "505"
+  content-type: application/json
+- "{\"issuer\":\"http://idcoop.example.com\",\"authorization_endpoint\":\"http://idcoop.example.com/oidc/auth\",\"token_endpoint\":\"http://idcoop.example.com/oidc/token\",\"userinfo_endpoint\":\"http://idcoop.example.com/oidc/userinfo\",\"jwks_uri\":\"http://idcoop.example.com/oidc/jwks\",\"scopes_supported\":[\"openid\"],\"response_types_supported\":[\"code\"],\"response_modes_supported\":[\"query\"],\"grant_types_supported\":[\"authorization_code\"],\"subject_types_supported\":[\"public\"],\"id_token_signing_alg_values_supported\":[\"RS256\"]}"
diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__jwks_endpoint.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__jwks_endpoint.snap
new file mode 100644
index 0000000..f4c4c5e
--- /dev/null
+++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__jwks_endpoint.snap
@@ -0,0 +1,9 @@
+---
+source: src/tests/test_oidc_auth_flow.rs
+expression: "(headers, text)"
+---
+- access-control-allow-origin: "*"
+  access-control-expose-headers: "*"
+  content-length: "425"
+  content-type: application/json
+- "{\"keys\":[{\"kty\":\"RSA\",\"n\":\"w7umnDmvt2ntktJZaeaDLF4wTHeUCXkCQnGOUPTQCExdlPVQcAIjH9sJmk2dWllhRkm_81nn-x8dXqjYbCvTGC_kHSYodiPiqTLQ1pu4YcvRbQh1XPYtc_T67l29KJtow1i7gZD3QqiWUwufDm2SpoC-Dh-RdUL-SUf2V9tToy6JVzyaNbKJy7_ZpYLn74VJpwte6J0kqhSwQJ4VHnY233Zy0oZKdMWvBtJ1uy7OyHWscqPDOUtjPmsyciyPO3qo4389MiFtAJvPdJkWvNYTtg_mDXFQNsCBPTBCP4nuPNGMS0NFRwo1-A3FYq-HHhMcrGJHS_FSvlNeIDTuu5ODVQ\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"thekey\",\"alg\":\"RS256\"}]}"
diff --git a/src/tests/test_oidc_auth_flow.rs b/src/tests/test_oidc_auth_flow.rs
index 6584235..ef69ae8 100644
--- a/src/tests/test_oidc_auth_flow.rs
+++ b/src/tests/test_oidc_auth_flow.rs
@@ -9,7 +9,7 @@ use insta::assert_yaml_snapshot;
 use maplit::btreemap;
 use sqlx::types::Uuid;
 
-use crate::{passwords::create_password_hash, store::CreateUser, tests::basic_system};
+use crate::{passwords::create_password_hash, tests::basic_system};
 
 async fn dump_resp_text(
     req_name: &str,
@@ -152,4 +152,38 @@ async fn test_full_flow() {
     assert_eq!(status, 200);
     let json: BTreeMap<String, serde_json::Value> = serde_json::from_str(&text).unwrap();
     assert_yaml_snapshot!("6/token", (headers, json));
+
+    // 7. /userinfo request
+    let resp = client
+        .get("/oidc/userinfo")
+        .header(
+            "Authorization",
+            "Bearer HL4qRFKUlBqkrPTvAQ6z-xpYf2uo9sbO68miVnnz7KE",
+        )
+        .send()
+        .await;
+    let (status, headers, text) = dump_resp_text("7. /userinfo", resp).await;
+    assert_eq!(status, 200);
+    let json: BTreeMap<String, serde_json::Value> = serde_json::from_str(&text).unwrap();
+    assert_yaml_snapshot!("7/userinfo", (headers, json));
+}
+
+#[tokio::test]
+async fn test_jwks_endpoint() {
+    let sys = basic_system().await;
+    let client = TestClient::new(sys.web);
+    let resp = client.get("/oidc/jwks").send().await;
+    let (status, headers, text) = dump_resp_text("/jwks", resp).await;
+    assert_eq!(status, 200);
+    assert_yaml_snapshot!((headers, text));
+}
+
+#[tokio::test]
+async fn test_discovery_endpoint() {
+    let sys = basic_system().await;
+    let client = TestClient::new(sys.web);
+    let resp = client.get("/.well-known/openid-configuration").send().await;
+    let (status, headers, text) = dump_resp_text("discovery", resp).await;
+    assert_eq!(status, 200);
+    assert_yaml_snapshot!((headers, text));
 }