From e908ef73244f57de4d156904417e1c27bf5a6c41 Mon Sep 17 00:00:00 2001 From: Olivier 'reivilibre Date: Sun, 7 Jul 2024 10:23:39 +0100 Subject: [PATCH] Add tests for lack of auth on userinfo endpoint Signed-off-by: Olivier 'reivilibre --- ...test_oidc_auth_flow__1. no auth token.snap | 9 ++++++ ...dc_auth_flow__2. malformed auth token.snap | 9 ++++++ ...t_oidc_auth_flow__3. wrong auth token.snap | 9 ++++++ src/tests/test_oidc_auth_flow.rs | 32 +++++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__1. no auth token.snap create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__2. malformed auth token.snap create mode 100644 src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__3. wrong auth token.snap diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__1. no auth token.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__1. no auth token.snap new file mode 100644 index 0000000..049da8e --- /dev/null +++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__1. no auth token.snap @@ -0,0 +1,9 @@ +--- +source: src/tests/test_oidc_auth_flow.rs +expression: "(headers, text)" +--- +- access-control-allow-origin: "*" + access-control-expose-headers: "*" + content-length: "16" + content-type: text/plain; charset=utf-8 +- No access token. diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__2. malformed auth token.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__2. malformed auth token.snap new file mode 100644 index 0000000..c581f38 --- /dev/null +++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__2. malformed auth token.snap @@ -0,0 +1,9 @@ +--- +source: src/tests/test_oidc_auth_flow.rs +expression: "(headers, text)" +--- +- access-control-allow-origin: "*" + access-control-expose-headers: "*" + content-length: "21" + content-type: text/plain; charset=utf-8 +- Invalid access token. diff --git a/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__3. wrong auth token.snap b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__3. wrong auth token.snap new file mode 100644 index 0000000..0141afa --- /dev/null +++ b/src/tests/snapshots/idcoop__tests__test_oidc_auth_flow__3. wrong auth token.snap @@ -0,0 +1,9 @@ +--- +source: src/tests/test_oidc_auth_flow.rs +expression: "(headers, text)" +--- +- access-control-allow-origin: "*" + access-control-expose-headers: "*" + content-length: "28" + content-type: text/plain; charset=utf-8 +- Invalid application session. diff --git a/src/tests/test_oidc_auth_flow.rs b/src/tests/test_oidc_auth_flow.rs index ef69ae8..ce56130 100644 --- a/src/tests/test_oidc_auth_flow.rs +++ b/src/tests/test_oidc_auth_flow.rs @@ -187,3 +187,35 @@ async fn test_discovery_endpoint() { assert_eq!(status, 200); assert_yaml_snapshot!((headers, text)); } + +#[tokio::test] +async fn test_userinfo_bad_auth() { + let sys = basic_system().await; + let client = TestClient::new(sys.web); + + // 1. no auth token + let resp = client.get("/oidc/userinfo").send().await; + let (status, headers, text) = dump_resp_text("1. no auth token", resp).await; + assert_eq!(status, 401); + assert_yaml_snapshot!("1. no auth token", (headers, text)); + + // 2. malformed access token + let resp = client + .get("/oidc/userinfo") + .header("Authorization", "Bearer ++++") + .send() + .await; + let (status, headers, text) = dump_resp_text("2. malformed auth token", resp).await; + assert_eq!(status, 401); + assert_yaml_snapshot!("2. malformed auth token", (headers, text)); + + // 3. wrong access token + let resp = client + .get("/oidc/userinfo") + .header("Authorization", "Bearer aaaa") + .send() + .await; + let (status, headers, text) = dump_resp_text("3. wrong auth token", resp).await; + assert_eq!(status, 401); + assert_yaml_snapshot!("3. wrong auth token", (headers, text)); +}