...

Source file src/edge-infra.dev/pkg/edge/api/graph/resolver/auth_queries.resolvers_test.go

Documentation: edge-infra.dev/pkg/edge/api/graph/resolver

     1  package resolver
     2  
     3  import (
     4  	"context"
     5  	"errors"
     6  	"testing"
     7  
     8  	"github.com/golang/mock/gomock"
     9  	"github.com/stretchr/testify/assert"
    10  
    11  	bsltypes "edge-infra.dev/pkg/edge/api/bsl/types"
    12  	"edge-infra.dev/pkg/edge/api/graph/model"
    13  	"edge-infra.dev/pkg/edge/api/middleware"
    14  	"edge-infra.dev/pkg/edge/api/mocks"
    15  	"edge-infra.dev/pkg/edge/api/types"
    16  	"edge-infra.dev/pkg/edge/okta"
    17  )
    18  
    19  func TestLogin(t *testing.T) {
    20  	mock := gomock.NewController(t)
    21  	tenantService := mocks.NewMockTenantService(mock)
    22  	tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes()
    23  	service := mocks.NewMockUserManagementService(mock)
    24  	service.EXPECT().
    25  		Login(gomock.Any(), "test", "password", "organization").
    26  		Return(&model.AuthPayload{}, nil).Times(1)
    27  	service.EXPECT().
    28  		Login(gomock.Any(), "test", "password", "more/paths/hello/organization").
    29  		Return(&model.AuthPayload{}, nil).Times(1)
    30  	c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}}
    31  	r := &Resolver{UserManagementService: service, Config: c, TenantService: tenantService}
    32  	_, err := r.Mutation().Login(context.Background(), "test", "password", "/organization/")
    33  	assert.NoError(t, err)
    34  	_, err = r.Mutation().Login(context.Background(), "test", "password", "/more/paths/hello/organization/")
    35  	assert.NoError(t, err)
    36  }
    37  
    38  func TestRegistration(t *testing.T) {
    39  	mock := gomock.NewController(t)
    40  	tenantService := mocks.NewMockTenantService(mock)
    41  	tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes()
    42  	userManagementService := mocks.NewMockUserManagementService(mock)
    43  	resError := errors.New("bad registration")
    44  	userManagementService.EXPECT().
    45  		Register(gomock.Any(), "firstName", "lastName", "username", "email", "password", "organization").
    46  		Return("success", nil).Times(1)
    47  	userManagementService.EXPECT().
    48  		Register(gomock.Any(), "error", "lastName", "username", "email", "password", "organization").
    49  		Return("fail", resError).Times(1)
    50  	roleService := mocks.NewMockRoleService(mock)
    51  	roleService.EXPECT().
    52  		AddRoleToUserLegacy(gomock.Any(), "organization", "username", string(model.RoleEdgeBannerViewer)).
    53  		Return(nil).Times(1)
    54  	c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}}
    55  	r := &Resolver{UserManagementService: userManagementService, RoleService: roleService, Config: c, TenantService: tenantService}
    56  	_, err := r.Mutation().Register(context.Background(), "firstName", "lastName", "username", "email", "password", "organization")
    57  	assert.NoError(t, err)
    58  	_, err = r.Mutation().Register(context.Background(), "error", "lastName", "username", "email", "password", "organization")
    59  	assert.EqualError(t, err, resError.Error())
    60  }
    61  
    62  func TestLoginWithOkta(t *testing.T) {
    63  	mock := gomock.NewController(t)
    64  	userManagementService := mocks.NewMockUserManagementService(mock)
    65  	err := errors.New("invalid token")
    66  	userInfoMock := okta.MockUserInfoResponse()
    67  	userManagementService.EXPECT().
    68  		LoginWithOktaToken(gomock.Any(), "good-okta-token", "test-refresh-token", "test-org").
    69  		Return(&model.OktaAuthPayload{
    70  			Token:        "good-okta-token",
    71  			RefreshToken: "test-okta-refresh-token",
    72  			FirstName:    &userInfoMock.GivenName,
    73  			LastName:     &userInfoMock.FamilyName,
    74  			FullName:     userInfoMock.Name,
    75  			Email:        userInfoMock.Email,
    76  			Valid:        true,
    77  		}, nil).Times(1)
    78  	userManagementService.EXPECT().
    79  		LoginWithOktaToken(gomock.Any(), "bad-okta-token", "test-refresh-token", "test-org").
    80  		Return(nil, err).Times(1)
    81  	c := &types.Config{}
    82  	r := &Resolver{UserManagementService: userManagementService, Config: c}
    83  	resp, err := r.Mutation().LoginWithOkta(context.Background(), "good-okta-token", "test-refresh-token", "test-org")
    84  	assert.NoError(t, err)
    85  	assert.True(t, resp.Valid)
    86  	resp, err = r.Mutation().LoginWithOkta(context.Background(), "bad-okta-token", "test-refresh-token", "test-org")
    87  	assert.Error(t, err)
    88  	assert.Empty(t, resp)
    89  }
    90  
    91  func TestLoginWithOktaInvalidToken(t *testing.T) {
    92  	mock := gomock.NewController(t)
    93  	userManagementService := mocks.NewMockUserManagementService(mock)
    94  	err := errors.New("invalid token")
    95  	//userInfoMock := okta.MockUserInfoResponse()
    96  
    97  	userManagementService.EXPECT().
    98  		LoginWithOktaToken(gomock.Any(), "invalid-okta-token", "test-refresh-token", "test-org").
    99  		Return(nil, err).Times(1)
   100  	c := &types.Config{}
   101  	r := &Resolver{UserManagementService: userManagementService, Config: c}
   102  
   103  	resp, err := r.Mutation().LoginWithOkta(context.Background(), "invalid-okta-token", "test-refresh-token", "test-org")
   104  	assert.Error(t, err)
   105  	assert.Empty(t, resp)
   106  }
   107  
   108  func TestVerifyOktaToken(t *testing.T) {
   109  	mock := gomock.NewController(t)
   110  	userManagementService := mocks.NewMockUserManagementService(mock)
   111  	err := errors.New("invalid token")
   112  	userManagementService.EXPECT().
   113  		VerifyOktaToken(gomock.Any(), "good-okta-token").
   114  		Return(okta.MockIntrospectionResponse("https://edge.oktapreview.com/oauth2/default", "abc123"), nil).Times(1)
   115  	userManagementService.EXPECT().
   116  		VerifyOktaToken(gomock.Any(), "bad-okta-token").
   117  		Return(&okta.IntrospectionResponse{}, err).Times(1)
   118  	c := &types.Config{}
   119  	r := &Resolver{UserManagementService: userManagementService, Config: c}
   120  	valid, err := r.Mutation().VerifyOktaToken(context.Background(), "good-okta-token")
   121  	assert.NoError(t, err)
   122  	assert.True(t, valid)
   123  	valid, err = r.Mutation().VerifyOktaToken(context.Background(), "bad-okta-token")
   124  	assert.Error(t, err)
   125  	assert.False(t, valid)
   126  }
   127  
   128  func TestSessionRefreshBSL(t *testing.T) {
   129  	usr := &bsltypes.AuthUser{
   130  		Email:        "test@ncr.com",
   131  		Organization: "test-org",
   132  		Username:     "testUser",
   133  		Token:        "good-bsl-token",
   134  		Roles:        []string{"EDGE_ORG_ADMIN"},
   135  	}
   136  	mock := gomock.NewController(t)
   137  	userManagementService := mocks.NewMockUserManagementService(mock)
   138  	userManagementService.EXPECT().
   139  		TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderBsl.String()).
   140  		Return("test-bsl-token", nil).Times(1)
   141  	c := &types.Config{}
   142  	r := &Resolver{UserManagementService: userManagementService, Config: c}
   143  	ctxx := middleware.NewContext(context.Background(), usr)
   144  	res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderBsl)
   145  	assert.NoError(t, err)
   146  	assert.Equal(t, res, "test-bsl-token")
   147  }
   148  
   149  func TestSessionRefreshOkta(t *testing.T) {
   150  	usr := &bsltypes.AuthUser{
   151  		Email:        "test@ncr.com",
   152  		Organization: "test-org",
   153  		Username:     "testUser",
   154  		Token:        "good-okta-token",
   155  		Roles:        []string{"EDGE_ORG_ADMIN"},
   156  	}
   157  	mock := gomock.NewController(t)
   158  	userManagementService := mocks.NewMockUserManagementService(mock)
   159  	userManagementService.EXPECT().
   160  		TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderOkta.String()).
   161  		Return("test-okta-token", nil).Times(1)
   162  	c := &types.Config{}
   163  	r := &Resolver{UserManagementService: userManagementService, Config: c}
   164  	ctxx := middleware.NewContext(context.Background(), usr)
   165  	res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderOkta)
   166  	assert.NoError(t, err)
   167  	assert.Equal(t, res, "test-okta-token")
   168  }
   169  
   170  func TestGetSessionUserEdgeRole(t *testing.T) {
   171  	edgeRole := []string{"EDGE_BANNER_VIEWER"}
   172  
   173  	activityError := errors.New("invalid token")
   174  	mock := gomock.NewController(t)
   175  
   176  	ctxValid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{
   177  		Username:     "username",
   178  		Organization: "test-org",
   179  		Token:        "good-bsl-token",
   180  		AuthProvider: "bsl",
   181  	})
   182  
   183  	ctxInvalid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{
   184  		Username:     "username",
   185  		Organization: "test-org",
   186  		Token:        "bad-bsl-token",
   187  		AuthProvider: "bsl",
   188  	})
   189  
   190  	userManagementService := mocks.NewMockUserManagementService(mock)
   191  	userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "good-bsl-token", "test-org", "bsl").
   192  		Return(edgeRole, nil).Times(1)
   193  
   194  	userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "bad-bsl-token", "test-org", "bsl").
   195  		Return(nil, activityError).Times(1)
   196  
   197  	c := &types.Config{}
   198  	r := &Resolver{UserManagementService: userManagementService, Config: c}
   199  	_, err := r.Query().SessionUserEdgeRole(ctxValid)
   200  	assert.NoError(t, err)
   201  	_, err = r.Query().SessionUserEdgeRole(ctxInvalid)
   202  	assert.Error(t, err)
   203  }
   204  

View as plain text