1 package resolver
2
3 import (
4 "context"
5 "errors"
6 "testing"
7
8 "github.com/golang/mock/gomock"
9 "github.com/stretchr/testify/assert"
10
11 bsltypes "edge-infra.dev/pkg/edge/api/bsl/types"
12 "edge-infra.dev/pkg/edge/api/graph/model"
13 "edge-infra.dev/pkg/edge/api/middleware"
14 "edge-infra.dev/pkg/edge/api/mocks"
15 "edge-infra.dev/pkg/edge/api/types"
16 "edge-infra.dev/pkg/edge/okta"
17 )
18
19 func TestLogin(t *testing.T) {
20 mock := gomock.NewController(t)
21 tenantService := mocks.NewMockTenantService(mock)
22 tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes()
23 service := mocks.NewMockUserManagementService(mock)
24 service.EXPECT().
25 Login(gomock.Any(), "test", "password", "organization").
26 Return(&model.AuthPayload{}, nil).Times(1)
27 service.EXPECT().
28 Login(gomock.Any(), "test", "password", "more/paths/hello/organization").
29 Return(&model.AuthPayload{}, nil).Times(1)
30 c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}}
31 r := &Resolver{UserManagementService: service, Config: c, TenantService: tenantService}
32 _, err := r.Mutation().Login(context.Background(), "test", "password", "/organization/")
33 assert.NoError(t, err)
34 _, err = r.Mutation().Login(context.Background(), "test", "password", "/more/paths/hello/organization/")
35 assert.NoError(t, err)
36 }
37
38 func TestRegistration(t *testing.T) {
39 mock := gomock.NewController(t)
40 tenantService := mocks.NewMockTenantService(mock)
41 tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes()
42 userManagementService := mocks.NewMockUserManagementService(mock)
43 resError := errors.New("bad registration")
44 userManagementService.EXPECT().
45 Register(gomock.Any(), "firstName", "lastName", "username", "email", "password", "organization").
46 Return("success", nil).Times(1)
47 userManagementService.EXPECT().
48 Register(gomock.Any(), "error", "lastName", "username", "email", "password", "organization").
49 Return("fail", resError).Times(1)
50 roleService := mocks.NewMockRoleService(mock)
51 roleService.EXPECT().
52 AddRoleToUserLegacy(gomock.Any(), "organization", "username", string(model.RoleEdgeBannerViewer)).
53 Return(nil).Times(1)
54 c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}}
55 r := &Resolver{UserManagementService: userManagementService, RoleService: roleService, Config: c, TenantService: tenantService}
56 _, err := r.Mutation().Register(context.Background(), "firstName", "lastName", "username", "email", "password", "organization")
57 assert.NoError(t, err)
58 _, err = r.Mutation().Register(context.Background(), "error", "lastName", "username", "email", "password", "organization")
59 assert.EqualError(t, err, resError.Error())
60 }
61
62 func TestLoginWithOkta(t *testing.T) {
63 mock := gomock.NewController(t)
64 userManagementService := mocks.NewMockUserManagementService(mock)
65 err := errors.New("invalid token")
66 userInfoMock := okta.MockUserInfoResponse()
67 userManagementService.EXPECT().
68 LoginWithOktaToken(gomock.Any(), "good-okta-token", "test-refresh-token", "test-org").
69 Return(&model.OktaAuthPayload{
70 Token: "good-okta-token",
71 RefreshToken: "test-okta-refresh-token",
72 FirstName: &userInfoMock.GivenName,
73 LastName: &userInfoMock.FamilyName,
74 FullName: userInfoMock.Name,
75 Email: userInfoMock.Email,
76 Valid: true,
77 }, nil).Times(1)
78 userManagementService.EXPECT().
79 LoginWithOktaToken(gomock.Any(), "bad-okta-token", "test-refresh-token", "test-org").
80 Return(nil, err).Times(1)
81 c := &types.Config{}
82 r := &Resolver{UserManagementService: userManagementService, Config: c}
83 resp, err := r.Mutation().LoginWithOkta(context.Background(), "good-okta-token", "test-refresh-token", "test-org")
84 assert.NoError(t, err)
85 assert.True(t, resp.Valid)
86 resp, err = r.Mutation().LoginWithOkta(context.Background(), "bad-okta-token", "test-refresh-token", "test-org")
87 assert.Error(t, err)
88 assert.Empty(t, resp)
89 }
90
91 func TestLoginWithOktaInvalidToken(t *testing.T) {
92 mock := gomock.NewController(t)
93 userManagementService := mocks.NewMockUserManagementService(mock)
94 err := errors.New("invalid token")
95
96
97 userManagementService.EXPECT().
98 LoginWithOktaToken(gomock.Any(), "invalid-okta-token", "test-refresh-token", "test-org").
99 Return(nil, err).Times(1)
100 c := &types.Config{}
101 r := &Resolver{UserManagementService: userManagementService, Config: c}
102
103 resp, err := r.Mutation().LoginWithOkta(context.Background(), "invalid-okta-token", "test-refresh-token", "test-org")
104 assert.Error(t, err)
105 assert.Empty(t, resp)
106 }
107
108 func TestVerifyOktaToken(t *testing.T) {
109 mock := gomock.NewController(t)
110 userManagementService := mocks.NewMockUserManagementService(mock)
111 err := errors.New("invalid token")
112 userManagementService.EXPECT().
113 VerifyOktaToken(gomock.Any(), "good-okta-token").
114 Return(okta.MockIntrospectionResponse("https://edge.oktapreview.com/oauth2/default", "abc123"), nil).Times(1)
115 userManagementService.EXPECT().
116 VerifyOktaToken(gomock.Any(), "bad-okta-token").
117 Return(&okta.IntrospectionResponse{}, err).Times(1)
118 c := &types.Config{}
119 r := &Resolver{UserManagementService: userManagementService, Config: c}
120 valid, err := r.Mutation().VerifyOktaToken(context.Background(), "good-okta-token")
121 assert.NoError(t, err)
122 assert.True(t, valid)
123 valid, err = r.Mutation().VerifyOktaToken(context.Background(), "bad-okta-token")
124 assert.Error(t, err)
125 assert.False(t, valid)
126 }
127
128 func TestSessionRefreshBSL(t *testing.T) {
129 usr := &bsltypes.AuthUser{
130 Email: "test@ncr.com",
131 Organization: "test-org",
132 Username: "testUser",
133 Token: "good-bsl-token",
134 Roles: []string{"EDGE_ORG_ADMIN"},
135 }
136 mock := gomock.NewController(t)
137 userManagementService := mocks.NewMockUserManagementService(mock)
138 userManagementService.EXPECT().
139 TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderBsl.String()).
140 Return("test-bsl-token", nil).Times(1)
141 c := &types.Config{}
142 r := &Resolver{UserManagementService: userManagementService, Config: c}
143 ctxx := middleware.NewContext(context.Background(), usr)
144 res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderBsl)
145 assert.NoError(t, err)
146 assert.Equal(t, res, "test-bsl-token")
147 }
148
149 func TestSessionRefreshOkta(t *testing.T) {
150 usr := &bsltypes.AuthUser{
151 Email: "test@ncr.com",
152 Organization: "test-org",
153 Username: "testUser",
154 Token: "good-okta-token",
155 Roles: []string{"EDGE_ORG_ADMIN"},
156 }
157 mock := gomock.NewController(t)
158 userManagementService := mocks.NewMockUserManagementService(mock)
159 userManagementService.EXPECT().
160 TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderOkta.String()).
161 Return("test-okta-token", nil).Times(1)
162 c := &types.Config{}
163 r := &Resolver{UserManagementService: userManagementService, Config: c}
164 ctxx := middleware.NewContext(context.Background(), usr)
165 res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderOkta)
166 assert.NoError(t, err)
167 assert.Equal(t, res, "test-okta-token")
168 }
169
170 func TestGetSessionUserEdgeRole(t *testing.T) {
171 edgeRole := []string{"EDGE_BANNER_VIEWER"}
172
173 activityError := errors.New("invalid token")
174 mock := gomock.NewController(t)
175
176 ctxValid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{
177 Username: "username",
178 Organization: "test-org",
179 Token: "good-bsl-token",
180 AuthProvider: "bsl",
181 })
182
183 ctxInvalid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{
184 Username: "username",
185 Organization: "test-org",
186 Token: "bad-bsl-token",
187 AuthProvider: "bsl",
188 })
189
190 userManagementService := mocks.NewMockUserManagementService(mock)
191 userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "good-bsl-token", "test-org", "bsl").
192 Return(edgeRole, nil).Times(1)
193
194 userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "bad-bsl-token", "test-org", "bsl").
195 Return(nil, activityError).Times(1)
196
197 c := &types.Config{}
198 r := &Resolver{UserManagementService: userManagementService, Config: c}
199 _, err := r.Query().SessionUserEdgeRole(ctxValid)
200 assert.NoError(t, err)
201 _, err = r.Query().SessionUserEdgeRole(ctxInvalid)
202 assert.Error(t, err)
203 }
204
View as plain text