cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

oidc: add regression tests for token claim json

Browse source 
this helps to verify that the same JSON is produced,
after these types are refactored.
This commit is contained in:
Tim Möhlmann 2023-02-17 18:45:40 +02:00
parent 4dca29f1f9
commit 11682a2cc8
8 changed files with 392 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

50
pkg/oidc/regression_assert_test.go Normal file
View file

@ -0,0 +1,50 @@
//go:build !create_regression_data
package oidc
import (
"encoding/json"
"io"
"os"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// Test_assert_regression verifies current output from
// json.Marshal to stored regression data.
// These tests are only ran when the create_regression_data
// tag is NOT set.
func Test_assert_regression(t *testing.T) {
buf := new(strings.Builder)
for _, obj := range regressionData {
name := jsonFilename(obj)
t.Run(name, func(t *testing.T) {
file, err := os.Open(name)
require.NoError(t, err)
defer file.Close()
_, err = io.Copy(buf, file)
require.NoError(t, err)
want := buf.String()
buf.Reset()
encodeJSON(t, buf, obj)
first := buf.String()
buf.Reset()
assert.JSONEq(t, want, first)
require.NoError(t,
json.Unmarshal([]byte(first), obj),
)
second, err := json.Marshal(obj)
require.NoError(t, err)
assert.JSONEq(t, want, string(second))
})
}
}

24
pkg/oidc/regression_create_test.go Normal file
View file

@ -0,0 +1,24 @@
//go:build create_regression_data
package oidc
import (
"os"
"testing"
"github.com/stretchr/testify/require"
)
// Test_create_regression generates the regression data.
// It is excluded from regular testing, unless
// called with the create_regression_data tag:
// go test -tags="create_regression_data" ./pkg/oidc
func Test_create_regression(t *testing.T) {
for _, obj := range regressionData {
file, err := os.Create(jsonFilename(obj))
require.NoError(t, err)
defer file.Close()
encodeJSON(t, file, obj)
}
}

29
pkg/oidc/regression_data/oidc.accessTokenClaims.json Normal file
View file

@ -0,0 +1,29 @@
{
"iss": "zitadel",
"sub": "hello@me.com",
"aud": [
"foo",
"bar"
],
"jti": "900",
"azp": "just@me.com",
"nonce": "6969",
"c_hash": "hashhash",
"acr": "something",
"amr": [
"some",
"methods"
],
"sid": "666",
"scope": [
"email",
"phone"
],
"client_id": "777",
"at_use_nbr": 22,
"exp": 12345,
"iat": 12000,
"nbf": 12000,
"auth_time": 12000,
"foo": "bar"
}

50
pkg/oidc/regression_data/oidc.idTokenClaims.json Normal file
View file

@ -0,0 +1,50 @@
{
"iss": "zitadel",
"aud": [
"foo",
"bar"
],
"jti": "900",
"azp": "just@me.com",
"nonce": "6969",
"at_hash": "acthashhash",
"c_hash": "hashhash",
"acr": "something",
"amr": [
"some",
"methods"
],
"client_id": "777",
"exp": 12345,
"iat": 12000,
"nbf": 12000,
"auth_time": 12000,
"address": {
"country": "Moon",
"formatted": "Sesame street 666\n666-666, Smallvile\nMoon",
"locality": "Smallvile",
"postal_code": "666-666",
"region": "Outer space",
"street_address": "Sesame street 666"
},
"birthdate": "1st of April",
"email": "tim@zitadel.com",
"email_verified": true,
"family_name": "Möhlmann",
"foo": "bar",
"gender": "male",
"given_name": "Tim",
"locale": "nl",
"middle_name": "Danger",
"name": "Tim Möhlmann",
"nickname": "muhlemmer",
"phone_number": "+1234567890",
"phone_number_verified": true,
"picture": "https://avatars.githubusercontent.com/u/5411563?v=4",
"preferred_username": "muhlemmer",
"profile": "https://github.com/muhlemmer",
"sub": "hello@me.com",
"updated_at": 1,
"website": "https://zitadel.com",
"zoneinfo": "Europe/Amsterdam"
}

44
pkg/oidc/regression_data/oidc.introspectionResponse.json Normal file
View file

@ -0,0 +1,44 @@
{
"active": true,
"address": {
"country": "Moon",
"formatted": "Sesame street 666\n666-666, Smallvile\nMoon",
"locality": "Smallvile",
"postal_code": "666-666",
"region": "Outer space",
"street_address": "Sesame street 666"
},
"aud": [
"foo",
"bar"
],
"birthdate": "1st of April",
"client_id": "777",
"email": "tim@zitadel.com",
"email_verified": true,
"exp": 12345,
"family_name": "Möhlmann",
"foo": "bar",
"gender": "male",
"given_name": "Tim",
"iat": 12000,
"iss": "zitadel",
"jti": "900",
"locale": "nl",
"middle_name": "Danger",
"name": "Tim Möhlmann",
"nbf": 12000,
"nickname": "muhlemmer",
"phone_number": "+1234567890",
"phone_number_verified": true,
"picture": "https://avatars.githubusercontent.com/u/5411563?v=4",
"preferred_username": "muhlemmer",
"profile": "https://github.com/muhlemmer",
"scope": "email phone",
"sub": "hello@me.com",
"token_type": "idtoken",
"updated_at": 1,
"username": "muhlemmer",
"website": "https://zitadel.com",
"zoneinfo": "Europe/Amsterdam"
}

11
pkg/oidc/regression_data/oidc.jwtProfileAssertion.json Normal file
View file

@ -0,0 +1,11 @@
{
"aud": [
"foo",
"bar"
],
"exp": 12345,
"foo": "bar",
"iat": 12000,
"iss": "zitadel",
"sub": "hello@me.com"
}

30
pkg/oidc/regression_data/oidc.userinfo.json Normal file
View file

@ -0,0 +1,30 @@
{
"address": {
"country": "Moon",
"formatted": "Sesame street 666\n666-666, Smallvile\nMoon",
"locality": "Smallvile",
"postal_code": "666-666",
"region": "Outer space",
"street_address": "Sesame street 666"
},
"birthdate": "1st of April",
"email": "tim@zitadel.com",
"email_verified": true,
"family_name": "Möhlmann",
"foo": "bar",
"gender": "male",
"given_name": "Tim",
"locale": "nl",
"middle_name": "Danger",
"name": "Tim Möhlmann",
"nickname": "muhlemmer",
"phone_number": "+1234567890",
"phone_number_verified": true,
"picture": "https://avatars.githubusercontent.com/u/5411563?v=4",
"preferred_username": "muhlemmer",
"profile": "https://github.com/muhlemmer",
"sub": "hello@me.com",
"updated_at": 1,
"website": "https://zitadel.com",
"zoneinfo": "Europe/Amsterdam"
}

154
pkg/oidc/regression_test.go Normal file
View file

@ -0,0 +1,154 @@
package oidc
// This file contains common functions and data for regression testing
import (
"encoding/json"
"fmt"
"io"
"path"
"strings"
"testing"
"time"
"github.com/stretchr/testify/require"
"golang.org/x/text/language"
"gopkg.in/square/go-jose.v2"
)
const dataDir = "regression_data"
// jsonFilename builds a filename for the regression testdata.
// dataDir/<type_name>.json
func jsonFilename(obj interface{}) string {
name := fmt.Sprintf("%T.json", obj)
name, _ = strings.CutPrefix(name, "*")
return path.Join(dataDir, name)
}
func encodeJSON(t *testing.T, w io.Writer, obj interface{}) {
enc := json.NewEncoder(w)
enc.SetIndent("", "\t")
require.NoError(t, enc.Encode(obj))
}
var (
accessTokenRegressData = &accessTokenClaims{
Issuer: "zitadel",
Subject: "hello@me.com",
Audience: Audience{"foo", "bar"},
Expiration: Time(time.Unix(12345, 0)),
IssuedAt: Time(time.Unix(12000, 0)),
NotBefore: Time(time.Unix(12000, 0)),
JWTID: "900",
AuthorizedParty: "just@me.com",
Nonce: "6969",
AuthTime: Time(time.Unix(12000, 0)),
CodeHash: "hashhash",
AuthenticationContextClassReference: "something",
AuthenticationMethodsReferences: []string{"some", "methods"},
SessionID: "666",
Scopes: []string{"email", "phone"},
ClientID: "777",
AccessTokenUseNumber: 22,
claims: map[string]interface{}{
"foo": "bar",
},
signatureAlg: jose.ES256,
}
idTokenRegressData = &idTokenClaims{
Issuer: "zitadel",
Audience: Audience{"foo", "bar"},
Expiration: Time(time.Unix(12345, 0)),
NotBefore: Time(time.Unix(12000, 0)),
IssuedAt: Time(time.Unix(12000, 0)),
JWTID: "900",
AuthorizedParty: "just@me.com",
Nonce: "6969",
AuthTime: Time(time.Unix(12000, 0)),
AccessTokenHash: "acthashhash",
CodeHash: "hashhash",
AuthenticationContextClassReference: "something",
AuthenticationMethodsReferences: []string{"some", "methods"},
ClientID: "777",
UserInfo: userInfoRegressData,
signatureAlg: jose.ES256,
}
introspectionResponseRegressData = &introspectionResponse{
Active: true,
Scope: SpaceDelimitedArray{"email", "phone"},
ClientID: "777",
TokenType: "idtoken",
Expiration: Time(time.Unix(12345, 0)),
IssuedAt: Time(time.Unix(12000, 0)),
NotBefore: Time(time.Unix(12000, 0)),
Subject: "hello@me.com",
Audience: Audience{"foo", "bar"},
Issuer: "zitadel",
JWTID: "900",
userInfoProfile: userInfoRegressData.userInfoProfile,
userInfoEmail: userInfoRegressData.userInfoEmail,
userInfoPhone: userInfoRegressData.userInfoPhone,
Address: userInfoRegressData.Address,
claims: map[string]interface{}{
"foo": "bar",
},
}
userInfoRegressData = &userinfo{
Subject: "hello@me.com",
userInfoProfile: userInfoProfile{
Name: "Tim Möhlmann",
GivenName: "Tim",
FamilyName: "Möhlmann",
MiddleName: "Danger",
Nickname: "muhlemmer",
Profile: "https://github.com/muhlemmer",
Picture: "https://avatars.githubusercontent.com/u/5411563?v=4",
Website: "https://zitadel.com",
Gender: "male",
Birthdate: "1st of April",
Zoneinfo: "Europe/Amsterdam",
Locale: language.Dutch,
UpdatedAt: Time(time.Unix(1, 1)),
PreferredUsername: "muhlemmer",
},
userInfoEmail: userInfoEmail{
Email: "tim@zitadel.com",
EmailVerified: true,
},
userInfoPhone: userInfoPhone{
PhoneNumber: "+1234567890",
PhoneNumberVerified: true,
},
Address: &userInfoAddress{
Formatted: "Sesame street 666\n666-666, Smallvile\nMoon",
StreetAddress: "Sesame street 666",
Locality: "Smallvile",
Region: "Outer space",
PostalCode: "666-666",
Country: "Moon",
},
claims: map[string]interface{}{
"foo": "bar",
},
}
jwtProfileAssertionRegressData = &jwtProfileAssertion{
PrivateKeyID: "8888",
PrivateKey: []byte("qwerty"),
Issuer: "zitadel",
Subject: "hello@me.com",
Audience: Audience{"foo", "bar"},
Expiration: Time(time.Unix(12345, 0)),
IssuedAt: Time(time.Unix(12000, 0)),
customClaims: map[string]interface{}{
"foo": "bar",
},
}
regressionData = []interface{}{
accessTokenRegressData,
idTokenRegressData,
introspectionResponseRegressData,
userInfoRegressData,
jwtProfileAssertionRegressData,
}
)