File: test_oidc_auth_provider.rb

package info (click to toggle)
ruby-kubeclient 4.13.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,112 kB
  • sloc: ruby: 4,225; makefile: 6
file content (105 lines) | stat: -rw-r--r-- 3,495 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# frozen_string_literal: true

require_relative 'test_helper'
require 'openid_connect'

class OIDCAuthProviderTest < Minitest::Test
  def setup
    @client_id = 'client_id'
    @client_secret = 'client_secret'
    @idp_issuer_url = 'idp_issuer_url'
    @refresh_token = 'refresh_token'
    @id_token = 'id_token'
    @new_id_token = 'new_id_token'
  end

  def test_expired_token
    OpenIDConnect::Discovery::Provider::Config.stub(:discover!, discovery_mock) do
      OpenIDConnect::ResponseObject::IdToken.stub(:decode, id_token_mock(Time.now.to_i - 7200)) do
        OpenIDConnect::Client.stub(:new, openid_client_mock) do
          retrieved_id_token = Kubeclient::OIDCAuthProvider.token(
            'client-id' => @client_id,
            'client-secret' => @client_secret,
            'id-token' => @id_token,
            'idp-issuer-url' => @idp_issuer_url,
            'refresh-token' => @refresh_token
          )
          assert_equal(@new_id_token, retrieved_id_token)
        end
      end
    end
  end

  def test_valid_token
    OpenIDConnect::Discovery::Provider::Config.stub(:discover!, discovery_mock) do
      OpenIDConnect::ResponseObject::IdToken.stub(:decode, id_token_mock(Time.now.to_i + 7200)) do
        retrieved_id_token = Kubeclient::OIDCAuthProvider.token(
          'client-id' => @client_id,
          'client-secret' => @client_secret,
          'id-token' => @id_token,
          'idp-issuer-url' => @idp_issuer_url,
          'refresh-token' => @refresh_token
        )
        assert_equal(@id_token, retrieved_id_token)
      end
    end
  end

  def test_missing_id_token
    OpenIDConnect::Discovery::Provider::Config.stub(:discover!, discovery_mock) do
      OpenIDConnect::Client.stub(:new, openid_client_mock) do
        retrieved_id_token = Kubeclient::OIDCAuthProvider.token(
          'client-id' => @client_id,
          'client-secret' => @client_secret,
          'idp-issuer-url' => @idp_issuer_url,
          'refresh-token' => @refresh_token
        )
        assert_equal(@new_id_token, retrieved_id_token)
      end
    end
  end

  def test_token_with_unknown_kid
    OpenIDConnect::Discovery::Provider::Config.stub(:discover!, discovery_mock) do
      OpenIDConnect::ResponseObject::IdToken.stub(
        :decode, ->(_token, _jwks) { raise JSON::JWK::Set::KidNotFound }
      ) do
        OpenIDConnect::Client.stub(:new, openid_client_mock) do
          retrieved_id_token = Kubeclient::OIDCAuthProvider.token(
            'client-id' => @client_id,
            'client-secret' => @client_secret,
            'id-token' => @id_token,
            'idp-issuer-url' => @idp_issuer_url,
            'refresh-token' => @refresh_token
          )
          assert_equal(@new_id_token, retrieved_id_token)
        end
      end
    end
  end

  private

  def openid_client_mock
    access_token = Minitest::Mock.new
    access_token.expect(@id_token, @new_id_token)

    openid_client = Minitest::Mock.new
    openid_client.expect(:refresh_token=, nil, [@refresh_token])
    openid_client.expect(:access_token!, access_token)
  end

  def id_token_mock(expiry)
    id_token_mock = Minitest::Mock.new
    id_token_mock.expect(:exp, expiry)
  end

  def discovery_mock
    discovery = Minitest::Mock.new
    discovery.expect(:jwks, 'jwks')
    discovery.expect(:authorization_endpoint, 'authz_endpoint')
    discovery.expect(:token_endpoint, 'token_endpoint')
    discovery.expect(:userinfo_endpoint, 'userinfo_endpoint')
    discovery
  end
end