loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

config_test.go (7413B)


      1 package login
      2 
      3 import (
      4 	"flag"
      5 	"fmt"
      6 	"io/ioutil"
      7 	"os"
      8 	"testing"
      9 	"time"
     10 
     11 	. "github.com/stretchr/testify/assert"
     12 )
     13 
     14 func TestConfig_ReadConfigDefaults(t *testing.T) {
     15 	originalArgs := os.Args
     16 	defer func() { os.Args = originalArgs }()
     17 
     18 	defaultConfig := DefaultConfig()
     19 	gotConfig := ReadConfig()
     20 	defaultConfig.JwtSecret = "random"
     21 	gotConfig.JwtSecret = "random"
     22 	Equal(t, defaultConfig, gotConfig)
     23 }
     24 
     25 func TestConfig_ReadConfig(t *testing.T) {
     26 	input := []string{
     27 		"--host=host",
     28 		"--port=port",
     29 		"--log-level=loglevel",
     30 		"--text-logging=true",
     31 		"--jwt-secret=jwtsecret",
     32 		"--jwt-algo=algo",
     33 		"--jwt-expiry=42h42m",
     34 		"--success-url=successurl",
     35 		"--redirect=false",
     36 		"--redirect-query-parameter=comingFrom",
     37 		"--redirect-check-referer=false",
     38 		"--redirect-host-file=File",
     39 		"--logout-url=logouturl",
     40 		"--template=template",
     41 		"--login-path=loginpath",
     42 		"--cookie-name=cookiename",
     43 		"--cookie-expiry=23m",
     44 		"--cookie-domain=*.example.com",
     45 		"--cookie-http-only=false",
     46 		"--cookie-secure=false",
     47 		"--backend=provider=simple",
     48 		"--backend=provider=foo",
     49 		"--github=client_id=foo,client_secret=bar",
     50 		"--grace-period=4s",
     51 		"--user-file=users.yml",
     52 		"--user-endpoint=http://test.io/claims",
     53 		"--user-endpoint-token=token",
     54 		"--user-endpoint-timeout=1s",
     55 	}
     56 
     57 	expected := &Config{
     58 		Host:                   "host",
     59 		Port:                   "port",
     60 		LogLevel:               "loglevel",
     61 		TextLogging:            true,
     62 		JwtSecret:              "jwtsecret",
     63 		JwtAlgo:                "algo",
     64 		JwtExpiry:              42*time.Hour + 42*time.Minute,
     65 		SuccessURL:             "successurl",
     66 		Redirect:               false,
     67 		RedirectQueryParameter: "comingFrom",
     68 		RedirectCheckReferer:   false,
     69 		RedirectHostFile:       "File",
     70 		LogoutURL:              "logouturl",
     71 		Template:               "template",
     72 		LoginPath:              "loginpath",
     73 		CookieName:             "cookiename",
     74 		CookieExpiry:           23 * time.Minute,
     75 		CookieDomain:           "*.example.com",
     76 		CookieHTTPOnly:         false,
     77 		CookieSecure:           false,
     78 		Backends: Options{
     79 			"simple": map[string]string{},
     80 			"foo":    map[string]string{},
     81 		},
     82 		Oauth: Options{
     83 			"github": map[string]string{
     84 				"client_id":     "foo",
     85 				"client_secret": "bar",
     86 			},
     87 		},
     88 		GracePeriod:         4 * time.Second,
     89 		UserFile:            "users.yml",
     90 		UserEndpoint:        "http://test.io/claims",
     91 		UserEndpointToken:   "token",
     92 		UserEndpointTimeout: time.Second,
     93 	}
     94 
     95 	cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input)
     96 	NoError(t, err)
     97 	Equal(t, expected, cfg)
     98 }
     99 
    100 func TestConfig_ReadConfig_SecretFile(t *testing.T) {
    101 	// create a temporary file, containing the desired secret
    102 	testSecret := "superSecret"
    103 
    104 	file, err := ioutil.TempFile("", "")
    105 	NoError(t, err)
    106 	defer func() {
    107 		// cleanup after test
    108 		NoError(t, os.Remove(file.Name()))
    109 	}()
    110 
    111 	_, err = file.WriteString(testSecret)
    112 	NoError(t, err)
    113 
    114 	// -----------
    115 
    116 	input := []string{
    117 		"--jwt-secret=discardedSecret",
    118 		fmt.Sprintf("--jwt-secret-file=%s", file.Name()),
    119 	}
    120 
    121 	cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input)
    122 	NoError(t, err)
    123 
    124 	Equal(t, testSecret, cfg.JwtSecret)
    125 }
    126 
    127 func TestConfig_ReadConfig_SecretFile_Error(t *testing.T) {
    128 	input := []string{
    129 		"--jwt-secret=someSecret",
    130 		"--jwt-secret-file=does-not-exist",
    131 	}
    132 
    133 	cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), input)
    134 	Nil(t, cfg)
    135 	Error(t, err)
    136 	IsType(t, err, &os.PathError{})
    137 }
    138 
    139 func TestConfig_ResolveFileReferences_Error(t *testing.T) {
    140 	defaultConfig := DefaultConfig()
    141 	defaultConfig.JwtSecretFile = "does-not-exist"
    142 
    143 	generatedKey := defaultConfig.JwtSecret
    144 
    145 	err := defaultConfig.ResolveFileReferences()
    146 	Error(t, err)
    147 
    148 	// existing key is not touched on file error
    149 	Equal(t, generatedKey, defaultConfig.JwtSecret)
    150 }
    151 
    152 func TestConfig_ReadConfigFromEnv(t *testing.T) {
    153 	NoError(t, os.Setenv("LOGINSRV_HOST", "host"))
    154 	NoError(t, os.Setenv("LOGINSRV_PORT", "port"))
    155 	NoError(t, os.Setenv("LOGINSRV_LOG_LEVEL", "loglevel"))
    156 	NoError(t, os.Setenv("LOGINSRV_TEXT_LOGGING", "true"))
    157 	NoError(t, os.Setenv("LOGINSRV_JWT_SECRET", "jwtsecret"))
    158 	NoError(t, os.Setenv("LOGINSRV_JWT_ALGO", "algo"))
    159 	NoError(t, os.Setenv("LOGINSRV_JWT_EXPIRY", "42h42m"))
    160 	NoError(t, os.Setenv("LOGINSRV_SUCCESS_URL", "successurl"))
    161 	NoError(t, os.Setenv("LOGINSRV_REDIRECT", "false"))
    162 	NoError(t, os.Setenv("LOGINSRV_REDIRECT_QUERY_PARAMETER", "comingFrom"))
    163 	NoError(t, os.Setenv("LOGINSRV_REDIRECT_CHECK_REFERER", "false"))
    164 	NoError(t, os.Setenv("LOGINSRV_REDIRECT_HOST_FILE", "File"))
    165 	NoError(t, os.Setenv("LOGINSRV_LOGOUT_URL", "logouturl"))
    166 	NoError(t, os.Setenv("LOGINSRV_TEMPLATE", "template"))
    167 	NoError(t, os.Setenv("LOGINSRV_LOGIN_PATH", "loginpath"))
    168 	NoError(t, os.Setenv("LOGINSRV_COOKIE_NAME", "cookiename"))
    169 	NoError(t, os.Setenv("LOGINSRV_COOKIE_EXPIRY", "23m"))
    170 	NoError(t, os.Setenv("LOGINSRV_COOKIE_DOMAIN", "*.example.com"))
    171 	NoError(t, os.Setenv("LOGINSRV_COOKIE_HTTP_ONLY", "false"))
    172 	NoError(t, os.Setenv("LOGINSRV_COOKIE_SECURE", "false"))
    173 	NoError(t, os.Setenv("LOGINSRV_SIMPLE", "foo=bar"))
    174 	NoError(t, os.Setenv("LOGINSRV_GITHUB", "client_id=foo,client_secret=bar"))
    175 	NoError(t, os.Setenv("LOGINSRV_GRACE_PERIOD", "4s"))
    176 	NoError(t, os.Setenv("LOGINSRV_USER_FILE", "users.yml"))
    177 	NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT", "http://test.io/claims"))
    178 	NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT_TOKEN", "token"))
    179 	NoError(t, os.Setenv("LOGINSRV_USER_ENDPOINT_TIMEOUT", "1s"))
    180 
    181 	expected := &Config{
    182 		Host:                   "host",
    183 		Port:                   "port",
    184 		LogLevel:               "loglevel",
    185 		TextLogging:            true,
    186 		JwtSecret:              "jwtsecret",
    187 		JwtAlgo:                "algo",
    188 		JwtExpiry:              42*time.Hour + 42*time.Minute,
    189 		SuccessURL:             "successurl",
    190 		Redirect:               false,
    191 		RedirectQueryParameter: "comingFrom",
    192 		RedirectCheckReferer:   false,
    193 		RedirectHostFile:       "File",
    194 		LogoutURL:              "logouturl",
    195 		Template:               "template",
    196 		LoginPath:              "loginpath",
    197 		CookieName:             "cookiename",
    198 		CookieExpiry:           23 * time.Minute,
    199 		CookieDomain:           "*.example.com",
    200 		CookieHTTPOnly:         false,
    201 		CookieSecure:           false,
    202 		Backends: Options{
    203 			"simple": map[string]string{
    204 				"foo": "bar",
    205 			},
    206 		},
    207 		Oauth: Options{
    208 			"github": map[string]string{
    209 				"client_id":     "foo",
    210 				"client_secret": "bar",
    211 			},
    212 		},
    213 		GracePeriod:         4 * time.Second,
    214 		UserFile:            "users.yml",
    215 		UserEndpoint:        "http://test.io/claims",
    216 		UserEndpointToken:   "token",
    217 		UserEndpointTimeout: time.Second,
    218 	}
    219 
    220 	cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), []string{})
    221 	NoError(t, err)
    222 	Equal(t, expected, cfg)
    223 }
    224 
    225 func TestConfig_ReadConfigFromEnv_SecretFile(t *testing.T) {
    226 	// create a temporary file, containing the desired secret
    227 	testSecret := "superSecret"
    228 
    229 	file, err := ioutil.TempFile("", "")
    230 	NoError(t, err)
    231 	defer func() {
    232 		// cleanup after test
    233 		NoError(t, os.Remove(file.Name()))
    234 	}()
    235 
    236 	_, err = file.WriteString(testSecret)
    237 	NoError(t, err)
    238 
    239 	// -----------
    240 
    241 	NoError(t, os.Setenv("LOGINSRV_JWT_SECRET", "discardedSecret"))
    242 	NoError(t, os.Setenv("LOGINSRV_JWT_SECRET_FILE", file.Name()))
    243 
    244 	cfg, err := readConfig(flag.NewFlagSet("", flag.ContinueOnError), []string{})
    245 	NoError(t, err)
    246 
    247 	Equal(t, testSecret, cfg.JwtSecret)
    248 }