afan
/
gitea
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
gitea源码
3 Commits
2 Branches
Tree: 6d2efddf43
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d2efddf43'
${ noResults }
gitea/cmd/admin_auth_oauth_test.go

admin_auth_oauth_test.go 9.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344 
  1. // Copyright 2025 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package cmd

  5. 

  6. import (

  7. 	"context"

  8. 	"testing"

  9. 

  10. 	auth_model "code.gitea.io/gitea/models/auth"

  11. 	"code.gitea.io/gitea/services/auth/source/oauth2"

  12. 

  13. 	"github.com/stretchr/testify/assert"

  14. 	"github.com/urfave/cli/v3"

  15. )

  16. 

  17. func TestAddOauth(t *testing.T) {

  18. 	testCases := []struct {

  19. 		name   string

  20. 		args   []string

  21. 		source *auth_model.Source

  22. 		errMsg string

  23. 	}{

  24. 		{

  25. 			name: "valid config",

  26. 			args: []string{

  27. 				"--name", "test",

  28. 				"--provider", "github",

  29. 				"--key", "some_key",

  30. 				"--secret", "some_secret",

  31. 			},

  32. 			source: &auth_model.Source{

  33. 				Type:     auth_model.OAuth2,

  34. 				Name:     "test",

  35. 				IsActive: true,

  36. 				Cfg: &oauth2.Source{

  37. 					Scopes:       []string{},

  38. 					Provider:     "github",

  39. 					ClientID:     "some_key",

  40. 					ClientSecret: "some_secret",

  41. 				},

  42. 				TwoFactorPolicy: "",

  43. 			},

  44. 		},

  45. 		{

  46. 			name: "valid config with openid connect",

  47. 			args: []string{

  48. 				"--name", "test",

  49. 				"--provider", "openidConnect",

  50. 				"--key", "some_key",

  51. 				"--secret", "some_secret",

  52. 				"--auto-discover-url", "https://example.com",

  53. 			},

  54. 			source: &auth_model.Source{

  55. 				Type:     auth_model.OAuth2,

  56. 				Name:     "test",

  57. 				IsActive: true,

  58. 				Cfg: &oauth2.Source{

  59. 					Scopes:                        []string{},

  60. 					Provider:                      "openidConnect",

  61. 					ClientID:                      "some_key",

  62. 					ClientSecret:                  "some_secret",

  63. 					OpenIDConnectAutoDiscoveryURL: "https://example.com",

  64. 				},

  65. 				TwoFactorPolicy: "",

  66. 			},

  67. 		},

  68. 		{

  69. 			name: "valid config with options",

  70. 			args: []string{

  71. 				"--name", "test",

  72. 				"--provider", "gitlab",

  73. 				"--key", "some_key",

  74. 				"--secret", "some_secret",

  75. 				"--use-custom-urls", "true",

  76. 				"--custom-token-url", "https://example.com/token",

  77. 				"--custom-auth-url", "https://example.com/auth",

  78. 				"--custom-profile-url", "https://example.com/profile",

  79. 				"--custom-email-url", "https://example.com/email",

  80. 				"--custom-tenant-id", "some_tenant",

  81. 				"--icon-url", "https://example.com/icon",

  82. 				"--scopes", "scope1,scope2",

  83. 				"--skip-local-2fa", "true",

  84. 				"--required-claim-name", "claim_name",

  85. 				"--required-claim-value", "claim_value",

  86. 				"--group-claim-name", "group_name",

  87. 				"--admin-group", "admin",

  88. 				"--restricted-group", "restricted",

  89. 				"--group-team-map", `{"group1": [1,2]}`,

  90. 				"--group-team-map-removal=true",

  91. 				"--ssh-public-key-claim-name", "attr_ssh_pub_key",

  92. 				"--full-name-claim-name", "attr_full_name",

  93. 			},

  94. 			source: &auth_model.Source{

  95. 				Type:     auth_model.OAuth2,

  96. 				Name:     "test",

  97. 				IsActive: true,

  98. 				Cfg: &oauth2.Source{

  99. 					Provider:     "gitlab",

  100. 					ClientID:     "some_key",

  101. 					ClientSecret: "some_secret",

  102. 					CustomURLMapping: &oauth2.CustomURLMapping{

  103. 						TokenURL:   "https://example.com/token",

  104. 						AuthURL:    "https://example.com/auth",

  105. 						ProfileURL: "https://example.com/profile",

  106. 						EmailURL:   "https://example.com/email",

  107. 						Tenant:     "some_tenant",

  108. 					},

  109. 					IconURL:               "https://example.com/icon",

  110. 					Scopes:                []string{"scope1", "scope2"},

  111. 					RequiredClaimName:     "claim_name",

  112. 					RequiredClaimValue:    "claim_value",

  113. 					GroupClaimName:        "group_name",

  114. 					AdminGroup:            "admin",

  115. 					RestrictedGroup:       "restricted",

  116. 					GroupTeamMap:          `{"group1": [1,2]}`,

  117. 					GroupTeamMapRemoval:   true,

  118. 					SSHPublicKeyClaimName: "attr_ssh_pub_key",

  119. 					FullNameClaimName:     "attr_full_name",

  120. 				},

  121. 				TwoFactorPolicy: "skip",

  122. 			},

  123. 		},

  124. 	}

  125. 

  126. 	for _, tc := range testCases {

  127. 		t.Run(tc.name, func(t *testing.T) {

  128. 			var createdSource *auth_model.Source

  129. 			a := &authService{

  130. 				initDB: func(ctx context.Context) error {

  131. 					return nil

  132. 				},

  133. 				createAuthSource: func(ctx context.Context, source *auth_model.Source) error {

  134. 					createdSource = source

  135. 					return nil

  136. 				},

  137. 			}

  138. 

  139. 			app := &cli.Command{

  140. 				Flags:  microcmdAuthAddOauth().Flags,

  141. 				Action: a.runAddOauth,

  142. 			}

  143. 

  144. 			args := []string{"oauth-test"}

  145. 			args = append(args, tc.args...)

  146. 

  147. 			err := app.Run(t.Context(), args)

  148. 

  149. 			if tc.errMsg != "" {

  150. 				assert.EqualError(t, err, tc.errMsg)

  151. 			} else {

  152. 				assert.NoError(t, err)

  153. 				assert.Equal(t, tc.source, createdSource)

  154. 			}

  155. 		})

  156. 	}

  157. }

  158. 

  159. func TestUpdateOauth(t *testing.T) {

  160. 	testCases := []struct {

  161. 		name               string

  162. 		args               []string

  163. 		id                 int64

  164. 		existingAuthSource *auth_model.Source

  165. 		authSource         *auth_model.Source

  166. 		errMsg             string

  167. 	}{

  168. 		{

  169. 			name: "missing id",

  170. 			args: []string{

  171. 				"--name", "test",

  172. 			},

  173. 			errMsg: "--id flag is missing",

  174. 		},

  175. 		{

  176. 			name: "valid config",

  177. 			id:   1,

  178. 			existingAuthSource: &auth_model.Source{

  179. 				ID:       1,

  180. 				Type:     auth_model.OAuth2,

  181. 				Name:     "old name",

  182. 				IsActive: true,

  183. 				Cfg: &oauth2.Source{

  184. 					Provider:     "github",

  185. 					ClientID:     "old_key",

  186. 					ClientSecret: "old_secret",

  187. 				},

  188. 				TwoFactorPolicy: "",

  189. 			},

  190. 			args: []string{

  191. 				"--id", "1",

  192. 				"--name", "test",

  193. 				"--provider", "gitlab",

  194. 				"--key", "new_key",

  195. 				"--secret", "new_secret",

  196. 			},

  197. 			authSource: &auth_model.Source{

  198. 				ID:       1,

  199. 				Type:     auth_model.OAuth2,

  200. 				Name:     "test",

  201. 				IsActive: true,

  202. 				Cfg: &oauth2.Source{

  203. 					Provider:         "gitlab",

  204. 					ClientID:         "new_key",

  205. 					ClientSecret:     "new_secret",

  206. 					CustomURLMapping: &oauth2.CustomURLMapping{},

  207. 				},

  208. 				TwoFactorPolicy: "",

  209. 			},

  210. 		},

  211. 		{

  212. 			name: "valid config with options",

  213. 			id:   1,

  214. 			existingAuthSource: &auth_model.Source{

  215. 				ID:       1,

  216. 				Type:     auth_model.OAuth2,

  217. 				Name:     "old name",

  218. 				IsActive: true,

  219. 				Cfg: &oauth2.Source{

  220. 					Provider:     "gitlab",

  221. 					ClientID:     "old_key",

  222. 					ClientSecret: "old_secret",

  223. 					CustomURLMapping: &oauth2.CustomURLMapping{

  224. 						TokenURL:   "https://old.example.com/token",

  225. 						AuthURL:    "https://old.example.com/auth",

  226. 						ProfileURL: "https://old.example.com/profile",

  227. 						EmailURL:   "https://old.example.com/email",

  228. 						Tenant:     "old_tenant",

  229. 					},

  230. 					IconURL:               "https://old.example.com/icon",

  231. 					Scopes:                []string{"old_scope1", "old_scope2"},

  232. 					RequiredClaimName:     "old_claim_name",

  233. 					RequiredClaimValue:    "old_claim_value",

  234. 					GroupClaimName:        "old_group_name",

  235. 					AdminGroup:            "old_admin",

  236. 					RestrictedGroup:       "old_restricted",

  237. 					GroupTeamMap:          `{"old_group1": [1,2]}`,

  238. 					GroupTeamMapRemoval:   true,

  239. 					SSHPublicKeyClaimName: "old_ssh_pub_key",

  240. 					FullNameClaimName:     "old_full_name",

  241. 				},

  242. 				TwoFactorPolicy: "",

  243. 			},

  244. 			args: []string{

  245. 				"--id", "1",

  246. 				"--name", "test",

  247. 				"--provider", "github",

  248. 				"--key", "new_key",

  249. 				"--secret", "new_secret",

  250. 				"--use-custom-urls", "true",

  251. 				"--custom-token-url", "https://example.com/token",

  252. 				"--custom-auth-url", "https://example.com/auth",

  253. 				"--custom-profile-url", "https://example.com/profile",

  254. 				"--custom-email-url", "https://example.com/email",

  255. 				"--custom-tenant-id", "new_tenant",

  256. 				"--icon-url", "https://example.com/icon",

  257. 				"--scopes", "scope1,scope2",

  258. 				"--skip-local-2fa=true",

  259. 				"--required-claim-name", "claim_name",

  260. 				"--required-claim-value", "claim_value",

  261. 				"--group-claim-name", "group_name",

  262. 				"--admin-group", "admin",

  263. 				"--restricted-group", "restricted",

  264. 				"--group-team-map", `{"group1": [1,2]}`,

  265. 				"--group-team-map-removal=false",

  266. 				"--ssh-public-key-claim-name", "new_ssh_pub_key",

  267. 				"--full-name-claim-name", "new_full_name",

  268. 			},

  269. 			authSource: &auth_model.Source{

  270. 				ID:       1,

  271. 				Type:     auth_model.OAuth2,

  272. 				Name:     "test",

  273. 				IsActive: true,

  274. 				Cfg: &oauth2.Source{

  275. 					Provider:     "github",

  276. 					ClientID:     "new_key",

  277. 					ClientSecret: "new_secret",

  278. 					CustomURLMapping: &oauth2.CustomURLMapping{

  279. 						TokenURL:   "https://example.com/token",

  280. 						AuthURL:    "https://example.com/auth",

  281. 						ProfileURL: "https://example.com/profile",

  282. 						EmailURL:   "https://example.com/email",

  283. 						Tenant:     "new_tenant",

  284. 					},

  285. 					IconURL:               "https://example.com/icon",

  286. 					Scopes:                []string{"scope1", "scope2"},

  287. 					RequiredClaimName:     "claim_name",

  288. 					RequiredClaimValue:    "claim_value",

  289. 					GroupClaimName:        "group_name",

  290. 					AdminGroup:            "admin",

  291. 					RestrictedGroup:       "restricted",

  292. 					GroupTeamMap:          `{"group1": [1,2]}`,

  293. 					GroupTeamMapRemoval:   false,

  294. 					SSHPublicKeyClaimName: "new_ssh_pub_key",

  295. 					FullNameClaimName:     "new_full_name",

  296. 				},

  297. 				TwoFactorPolicy: "skip",

  298. 			},

  299. 		},

  300. 	}

  301. 

  302. 	for _, tc := range testCases {

  303. 		t.Run(tc.name, func(t *testing.T) {

  304. 			a := &authService{

  305. 				initDB: func(ctx context.Context) error {

  306. 					return nil

  307. 				},

  308. 				getAuthSourceByID: func(ctx context.Context, id int64) (*auth_model.Source, error) {

  309. 					return &auth_model.Source{

  310. 						ID:       1,

  311. 						Type:     auth_model.OAuth2,

  312. 						Name:     "test",

  313. 						IsActive: true,

  314. 						Cfg: &oauth2.Source{

  315. 							CustomURLMapping: &oauth2.CustomURLMapping{},

  316. 						},

  317. 						TwoFactorPolicy: "skip",

  318. 					}, nil

  319. 				},

  320. 				updateAuthSource: func(ctx context.Context, source *auth_model.Source) error {

  321. 					assert.Equal(t, tc.authSource, source)

  322. 					return nil

  323. 				},

  324. 			}

  325. 

  326. 			app := &cli.Command{

  327. 				Flags:  microcmdAuthUpdateOauth().Flags,

  328. 				Action: a.runUpdateOauth,

  329. 			}

  330. 

  331. 			args := []string{"oauth-test"}

  332. 			args = append(args, tc.args...)

  333. 

  334. 			err := app.Run(t.Context(), args)

  335. 

  336. 			if tc.errMsg != "" {

  337. 				assert.EqualError(t, err, tc.errMsg)

  338. 			} else {

  339. 				assert.NoError(t, err)

  340. 			}

  341. 		})

  342. 	}

  343. }