mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-04-28 11:30:15 +00:00
101 lines
2.7 KiB
Go
101 lines
2.7 KiB
Go
package api
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/rcourtman/pulse-go-rewrite/internal/config"
|
|
)
|
|
|
|
func TestSecurityOIDCHandlers_GetConfig(t *testing.T) {
|
|
cfg := &config.Config{
|
|
PublicURL: "https://pulse.example.com",
|
|
OIDC: &config.OIDCConfig{
|
|
Enabled: true,
|
|
IssuerURL: "https://issuer.example.com",
|
|
ClientID: "client-id",
|
|
ClientSecret: "super-secret",
|
|
RedirectURL: "https://pulse.example.com/oidc/callback",
|
|
Scopes: []string{"openid"},
|
|
UsernameClaim: "sub",
|
|
EmailClaim: "email",
|
|
GroupsClaim: "groups",
|
|
GroupRoleMappings: map[string]string{
|
|
"group-uuid": "viewer",
|
|
},
|
|
},
|
|
}
|
|
router := &Router{config: cfg}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/api/security/oidc", nil)
|
|
rr := httptest.NewRecorder()
|
|
|
|
router.handleOIDCConfig(rr, req)
|
|
|
|
if rr.Code != http.StatusOK {
|
|
t.Fatalf("expected status %d, got %d", http.StatusOK, rr.Code)
|
|
}
|
|
|
|
var resp oidcResponse
|
|
if err := json.NewDecoder(rr.Body).Decode(&resp); err != nil {
|
|
t.Fatalf("decode response: %v", err)
|
|
}
|
|
if !resp.Enabled {
|
|
t.Fatalf("expected OIDC to be enabled")
|
|
}
|
|
if resp.IssuerURL != cfg.OIDC.IssuerURL {
|
|
t.Fatalf("unexpected issuer url")
|
|
}
|
|
if !resp.ClientSecretSet {
|
|
t.Fatalf("expected client secret to be marked as set")
|
|
}
|
|
if got := resp.GroupRoleMappings["group-uuid"]; got != "viewer" {
|
|
t.Fatalf("expected group role mappings to be included, got %q", got)
|
|
}
|
|
}
|
|
|
|
func TestSecurityOIDCHandlers_UpdateSaveFailure(t *testing.T) {
|
|
cfg := &config.Config{
|
|
PublicURL: "https://pulse.example.com",
|
|
OIDC: &config.OIDCConfig{
|
|
ClientSecret: "old-secret",
|
|
CABundle: "old-bundle",
|
|
},
|
|
}
|
|
router := &Router{config: cfg}
|
|
|
|
payload := map[string]any{
|
|
"enabled": true,
|
|
"issuerUrl": "https://issuer.example.com",
|
|
"clientId": "client-id",
|
|
"clientSecret": "new-secret",
|
|
"redirectUrl": "https://pulse.example.com/oidc/callback",
|
|
"scopes": []string{"openid"},
|
|
"usernameClaim": "sub",
|
|
"emailClaim": "email",
|
|
"groupsClaim": "groups",
|
|
"clearClientSecret": true,
|
|
"caBundle": "new-bundle",
|
|
}
|
|
body, _ := json.Marshal(payload)
|
|
|
|
req := httptest.NewRequest(http.MethodPut, "/api/security/oidc", bytes.NewReader(body))
|
|
rr := httptest.NewRecorder()
|
|
|
|
router.handleOIDCConfig(rr, req)
|
|
|
|
if rr.Code != http.StatusInternalServerError {
|
|
t.Fatalf("expected status %d, got %d", http.StatusInternalServerError, rr.Code)
|
|
}
|
|
|
|
var apiErr APIError
|
|
if err := json.NewDecoder(rr.Body).Decode(&apiErr); err != nil {
|
|
t.Fatalf("decode error response: %v", err)
|
|
}
|
|
if apiErr.Code != "save_failed" {
|
|
t.Fatalf("unexpected error code: %s", apiErr.Code)
|
|
}
|
|
}
|