github-mirrors
/
mirror-seaweedfs


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
							package sts

import (
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestProviderFactory_CreateOIDCProvider(t *testing.T) {
	factory := NewProviderFactory()

	config := &ProviderConfig{
		Name:    "test-oidc",
		Type:    "oidc",
		Enabled: true,
		Config: map[string]interface{}{
			"issuer":       "https://test-issuer.com",
			"clientId":     "test-client",
			"clientSecret": "test-secret",
			"jwksUri":      "https://test-issuer.com/.well-known/jwks.json",
			"scopes":       []string{"openid", "profile", "email"},
		},
	}

	provider, err := factory.CreateProvider(config)
	require.NoError(t, err)
	assert.NotNil(t, provider)
	assert.Equal(t, "test-oidc", provider.Name())
}

// Note: Mock provider tests removed - mock providers are now test-only
// and not available through the production ProviderFactory

func TestProviderFactory_DisabledProvider(t *testing.T) {
	factory := NewProviderFactory()

	config := &ProviderConfig{
		Name:    "disabled-provider",
		Type:    "oidc",
		Enabled: false,
		Config: map[string]interface{}{
			"issuer":   "https://test-issuer.com",
			"clientId": "test-client",
		},
	}

	provider, err := factory.CreateProvider(config)
	require.NoError(t, err)
	assert.Nil(t, provider) // Should return nil for disabled providers
}

func TestProviderFactory_InvalidProviderType(t *testing.T) {
	factory := NewProviderFactory()

	config := &ProviderConfig{
		Name:    "invalid-provider",
		Type:    "unsupported-type",
		Enabled: true,
		Config:  map[string]interface{}{},
	}

	provider, err := factory.CreateProvider(config)
	assert.Error(t, err)
	assert.Nil(t, provider)
	assert.Contains(t, err.Error(), "unsupported provider type")
}

func TestProviderFactory_LoadMultipleProviders(t *testing.T) {
	factory := NewProviderFactory()

	configs := []*ProviderConfig{
		{
			Name:    "oidc-provider",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer":   "https://oidc-issuer.com",
				"clientId": "oidc-client",
			},
		},

		{
			Name:    "disabled-provider",
			Type:    "oidc",
			Enabled: false,
			Config: map[string]interface{}{
				"issuer":   "https://disabled-issuer.com",
				"clientId": "disabled-client",
			},
		},
	}

	providers, err := factory.LoadProvidersFromConfig(configs)
	require.NoError(t, err)
	assert.Len(t, providers, 1) // Only enabled providers should be loaded

	assert.Contains(t, providers, "oidc-provider")
	assert.NotContains(t, providers, "disabled-provider")
}

func TestProviderFactory_ValidateOIDCConfig(t *testing.T) {
	factory := NewProviderFactory()

	t.Run("valid config", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "valid-oidc",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer":   "https://valid-issuer.com",
				"clientId": "valid-client",
			},
		}

		err := factory.ValidateProviderConfig(config)
		assert.NoError(t, err)
	})

	t.Run("missing issuer", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "invalid-oidc",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"clientId": "valid-client",
			},
		}

		err := factory.ValidateProviderConfig(config)
		assert.Error(t, err)
		assert.Contains(t, err.Error(), "issuer")
	})

	t.Run("missing clientId", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "invalid-oidc",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer": "https://valid-issuer.com",
			},
		}

		err := factory.ValidateProviderConfig(config)
		assert.Error(t, err)
		assert.Contains(t, err.Error(), "clientId")
	})
}

func TestProviderFactory_ConvertToStringSlice(t *testing.T) {
	factory := NewProviderFactory()

	t.Run("string slice", func(t *testing.T) {
		input := []string{"a", "b", "c"}
		result, err := factory.convertToStringSlice(input)
		require.NoError(t, err)
		assert.Equal(t, []string{"a", "b", "c"}, result)
	})

	t.Run("interface slice", func(t *testing.T) {
		input := []interface{}{"a", "b", "c"}
		result, err := factory.convertToStringSlice(input)
		require.NoError(t, err)
		assert.Equal(t, []string{"a", "b", "c"}, result)
	})

	t.Run("invalid type", func(t *testing.T) {
		input := "not-a-slice"
		result, err := factory.convertToStringSlice(input)
		assert.Error(t, err)
		assert.Nil(t, result)
	})
}

func TestProviderFactory_ConfigConversionErrors(t *testing.T) {
	factory := NewProviderFactory()

	t.Run("invalid scopes type", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "invalid-scopes",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer":   "https://test-issuer.com",
				"clientId": "test-client",
				"scopes":   "invalid-not-array", // Should be array
			},
		}

		provider, err := factory.CreateProvider(config)
		assert.Error(t, err)
		assert.Nil(t, provider)
		assert.Contains(t, err.Error(), "failed to convert scopes")
	})

	t.Run("invalid claimsMapping type", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "invalid-claims",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer":        "https://test-issuer.com",
				"clientId":      "test-client",
				"claimsMapping": "invalid-not-map", // Should be map
			},
		}

		provider, err := factory.CreateProvider(config)
		assert.Error(t, err)
		assert.Nil(t, provider)
		assert.Contains(t, err.Error(), "failed to convert claimsMapping")
	})

	t.Run("invalid roleMapping type", func(t *testing.T) {
		config := &ProviderConfig{
			Name:    "invalid-roles",
			Type:    "oidc",
			Enabled: true,
			Config: map[string]interface{}{
				"issuer":      "https://test-issuer.com",
				"clientId":    "test-client",
				"roleMapping": "invalid-not-map", // Should be map
			},
		}

		provider, err := factory.CreateProvider(config)
		assert.Error(t, err)
		assert.Nil(t, provider)
		assert.Contains(t, err.Error(), "failed to convert roleMapping")
	})
}

func TestProviderFactory_ConvertToStringMap(t *testing.T) {
	factory := NewProviderFactory()

	t.Run("string map", func(t *testing.T) {
		input := map[string]string{"key1": "value1", "key2": "value2"}
		result, err := factory.convertToStringMap(input)
		require.NoError(t, err)
		assert.Equal(t, map[string]string{"key1": "value1", "key2": "value2"}, result)
	})

	t.Run("interface map", func(t *testing.T) {
		input := map[string]interface{}{"key1": "value1", "key2": "value2"}
		result, err := factory.convertToStringMap(input)
		require.NoError(t, err)
		assert.Equal(t, map[string]string{"key1": "value1", "key2": "value2"}, result)
	})

	t.Run("invalid type", func(t *testing.T) {
		input := "not-a-map"
		result, err := factory.convertToStringMap(input)
		assert.Error(t, err)
		assert.Nil(t, result)
	})
}

func TestProviderFactory_GetSupportedProviderTypes(t *testing.T) {
	factory := NewProviderFactory()

	supportedTypes := factory.GetSupportedProviderTypes()
	assert.Contains(t, supportedTypes, "oidc")
	assert.Len(t, supportedTypes, 1) // Currently only OIDC is supported in production
}

func TestSTSService_LoadProvidersFromConfig(t *testing.T) {
	stsConfig := &STSConfig{
		TokenDuration:    FlexibleDuration{3600 * time.Second},
		MaxSessionLength: FlexibleDuration{43200 * time.Second},
		Issuer:           "test-issuer",
		SigningKey:       []byte("test-signing-key-32-characters-long"),
		Providers: []*ProviderConfig{
			{
				Name:    "test-provider",
				Type:    "oidc",
				Enabled: true,
				Config: map[string]interface{}{
					"issuer":   "https://test-issuer.com",
					"clientId": "test-client",
				},
			},
		},
	}

	stsService := NewSTSService()
	err := stsService.Initialize(stsConfig)
	require.NoError(t, err)

	// Check that provider was loaded
	assert.Len(t, stsService.providers, 1)
	assert.Contains(t, stsService.providers, "test-provider")
	assert.Equal(t, "test-provider", stsService.providers["test-provider"].Name())
}

func TestSTSService_NoProvidersConfig(t *testing.T) {
	stsConfig := &STSConfig{
		TokenDuration:    FlexibleDuration{3600 * time.Second},
		MaxSessionLength: FlexibleDuration{43200 * time.Second},
		Issuer:           "test-issuer",
		SigningKey:       []byte("test-signing-key-32-characters-long"),
		// No providers configured
	}

	stsService := NewSTSService()
	err := stsService.Initialize(stsConfig)
	require.NoError(t, err)

	// Should initialize successfully with no providers
	assert.Len(t, stsService.providers, 0)
}