config_test.go (7413B)
1 package login 2 3 import ( 4 "flag" 5 "fmt" 6 "io/ioutil" 7 "os" 8 "testing" 9 "time" 10 11 . "github.com/stretchr/testify/assert" 12 ) 13 14 func TestConfig_ReadConfigDefaults(t *testing.T) { 15 originalArgs := os.Args 16 defer func() { os.Args = originalArgs }() 17 18 defaultConfig := DefaultConfig() 19 gotConfig := ReadConfig() 20 defaultConfig.JwtSecret = "random" 21 gotConfig.JwtSecret = "random" 22 Equal(t, defaultConfig, gotConfig) 23 } 24 25 func TestConfig_ReadConfig(t *testing.T) { 26 input := []string{ 27 "--host=host", 28 "--port=port", 29 "--log-level=loglevel", 30 "--text-logging=true", 31 "--jwt-secret=jwtsecret", 32 "--jwt-algo=algo", 33 "--jwt-expiry=42h42m", 34 "--success-url=successurl", 35 "--redirect=false", 36 "--redirect-query-parameter=comingFrom", 37 "--redirect-check-referer=false", 38 "--redirect-host-file=File", 39 "--logout-url=logouturl", 40 "--template=template", 41 "--login-path=loginpath", 42 "--cookie-name=cookiename", 43 "--cookie-expiry=23m", 44 "--cookie-domain=*.example.com", 45 "--cookie-http-only=false", 46 "--cookie-secure=false", 47 "--backend=provider=simple", 48 "--backend=provider=foo", 49 "--github=client_id=foo,client_secret=bar", 50 "--grace-period=4s", 51 "--user-file=users.yml", 52 "--user-endpoint=http://test.io/claims", 53 "--user-endpoint-token=token", 54 "--user-endpoint-timeout=1s", 55 } 56 57 expected := &Config{ 58 Host: "host", 59 Port: "port", 60 LogLevel: "loglevel", 61 TextLogging: true, 62 JwtSecret: "jwtsecret", 63 JwtAlgo: "algo", 64 JwtExpiry: 42*time.Hour + 42*time.Minute, 65 SuccessURL: "successurl", 66 Redirect: false, 67 RedirectQueryParameter: "comingFrom", 68 RedirectCheckReferer: false, 69 RedirectHostFile: "File", 70 LogoutURL: "logouturl", 71 Template: "template", 72 LoginPath: "loginpath", 73 CookieName: "cookiename", 74 CookieExpiry: 23 * time.Minute, 75 CookieDomain: "*.example.com", 76 CookieHTTPOnly: false, 77 CookieSecure: false, 78 Backends: Options{ 79 "simple": map[string]string{}, 80 "foo": map[string]string{}, 81 }, 82 Oauth: Options{ 83 "github": map[string]string{ 84 "client_id": "foo", 85 "client_secret": "bar", 86 }, 87 }, 88 GracePeriod: 4 * time.Second, 89 UserFile: "users.yml", 90 UserEndpoint: "http://test.io/claims", 91 UserEndpointToken: "token", 92 UserEndpointTimeout: time.Second, 93 } 94 95 cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input) 96 NoError(t, err) 97 Equal(t, expected, cfg) 98 } 99 100 func TestConfig_ReadConfig_SecretFile(t *testing.T) { 101 // create a temporary file, containing the desired secret 102 testSecret := "superSecret" 103 104 file, err := ioutil.TempFile("", "") 105 NoError(t, err) 106 defer func() { 107 // cleanup after test 108 NoError(t, os.Remove(file.Name())) 109 }() 110 111 _, err = file.WriteString(testSecret) 112 NoError(t, err) 113 114 // ----------- 115 116 input := []string{ 117 "--jwt-secret=discardedSecret", 118 fmt.Sprintf("--jwt-secret-file=%s", file.Name()), 119 } 120 121 cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input) 122 NoError(t, err) 123 124 Equal(t, testSecret, cfg.JwtSecret) 125 } 126 127 func TestConfig_ReadConfig_SecretFile_Error(t *testing.T) { 128 input := []string{ 129 "--jwt-secret=someSecret", 130 "--jwt-secret-file=does-not-exist", 131 } 132 133 cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input) 134 Nil(t, cfg) 135 Error(t, err) 136 IsType(t, err, &os.PathError{}) 137 } 138 139 func TestConfig_ResolveFileReferences_Error(t *testing.T) { 140 defaultConfig := DefaultConfig() 141 defaultConfig.JwtSecretFile = "does-not-exist" 142 143 generatedKey := defaultConfig.JwtSecret 144 145 err := defaultConfig.ResolveFileReferences() 146 Error(t, err) 147 148 // existing key is not touched on file error 149 Equal(t, generatedKey, defaultConfig.JwtSecret) 150 } 151 152 func TestConfig_ReadConfigFromEnv(t *testing.T) { 153 NoError(t, os.Setenv("LOGINSRV_HOST", "host")) 154 NoError(t, os.Setenv("LOGINSRV_PORT", "port")) 155 NoError(t, os.Setenv("LOGINSRV_LOG_LEVEL", "loglevel")) 156 NoError(t, os.Setenv("LOGINSRV_TEXT_LOGGING", "true")) 157 NoError(t, os.Setenv("LOGINSRV_JWT_SECRET", "jwtsecret")) 158 NoError(t, os.Setenv("LOGINSRV_JWT_ALGO", "algo")) 159 NoError(t, os.Setenv("LOGINSRV_JWT_EXPIRY", "42h42m")) 160 NoError(t, os.Setenv("LOGINSRV_SUCCESS_URL", "successurl")) 161 NoError(t, os.Setenv("LOGINSRV_REDIRECT", "false")) 162 NoError(t, os.Setenv("LOGINSRV_REDIRECT_QUERY_PARAMETER", "comingFrom")) 163 NoError(t, os.Setenv("LOGINSRV_REDIRECT_CHECK_REFERER", "false")) 164 NoError(t, os.Setenv("LOGINSRV_REDIRECT_HOST_FILE", "File")) 165 NoError(t, os.Setenv("LOGINSRV_LOGOUT_URL", "logouturl")) 166 NoError(t, os.Setenv("LOGINSRV_TEMPLATE", "template")) 167 NoError(t, os.Setenv("LOGINSRV_LOGIN_PATH", "loginpath")) 168 NoError(t, os.Setenv("LOGINSRV_COOKIE_NAME", "cookiename")) 169 NoError(t, os.Setenv("LOGINSRV_COOKIE_EXPIRY", "23m")) 170 NoError(t, os.Setenv("LOGINSRV_COOKIE_DOMAIN", "*.example.com")) 171 NoError(t, os.Setenv("LOGINSRV_COOKIE_HTTP_ONLY", "false")) 172 NoError(t, os.Setenv("LOGINSRV_COOKIE_SECURE", "false")) 173 NoError(t, os.Setenv("LOGINSRV_SIMPLE", "foo=bar")) 174 NoError(t, os.Setenv("LOGINSRV_GITHUB", "client_id=foo,client_secret=bar")) 175 NoError(t, os.Setenv("LOGINSRV_GRACE_PERIOD", "4s")) 176 NoError(t, os.Setenv("LOGINSRV_USER_FILE", "users.yml")) 177 NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT", "http://test.io/claims")) 178 NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT_TOKEN", "token")) 179 NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT_TIMEOUT", "1s")) 180 181 expected := &Config{ 182 Host: "host", 183 Port: "port", 184 LogLevel: "loglevel", 185 TextLogging: true, 186 JwtSecret: "jwtsecret", 187 JwtAlgo: "algo", 188 JwtExpiry: 42*time.Hour + 42*time.Minute, 189 SuccessURL: "successurl", 190 Redirect: false, 191 RedirectQueryParameter: "comingFrom", 192 RedirectCheckReferer: false, 193 RedirectHostFile: "File", 194 LogoutURL: "logouturl", 195 Template: "template", 196 LoginPath: "loginpath", 197 CookieName: "cookiename", 198 CookieExpiry: 23 * time.Minute, 199 CookieDomain: "*.example.com", 200 CookieHTTPOnly: false, 201 CookieSecure: false, 202 Backends: Options{ 203 "simple": map[string]string{ 204 "foo": "bar", 205 }, 206 }, 207 Oauth: Options{ 208 "github": map[string]string{ 209 "client_id": "foo", 210 "client_secret": "bar", 211 }, 212 }, 213 GracePeriod: 4 * time.Second, 214 UserFile: "users.yml", 215 UserEndpoint: "http://test.io/claims", 216 UserEndpointToken: "token", 217 UserEndpointTimeout: time.Second, 218 } 219 220 cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), []string{}) 221 NoError(t, err) 222 Equal(t, expected, cfg) 223 } 224 225 func TestConfig_ReadConfigFromEnv_SecretFile(t *testing.T) { 226 // create a temporary file, containing the desired secret 227 testSecret := "superSecret" 228 229 file, err := ioutil.TempFile("", "") 230 NoError(t, err) 231 defer func() { 232 // cleanup after test 233 NoError(t, os.Remove(file.Name())) 234 }() 235 236 _, err = file.WriteString(testSecret) 237 NoError(t, err) 238 239 // ----------- 240 241 NoError(t, os.Setenv("LOGINSRV_JWT_SECRET", "discardedSecret")) 242 NoError(t, os.Setenv("LOGINSRV_JWT_SECRET_FILE", file.Name())) 243 244 cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), []string{}) 245 NoError(t, err) 246 247 Equal(t, testSecret, cfg.JwtSecret) 248 }