package resolver import ( "context" "errors" "testing" "github.com/golang/mock/gomock" "github.com/stretchr/testify/assert" bsltypes "edge-infra.dev/pkg/edge/api/bsl/types" "edge-infra.dev/pkg/edge/api/graph/model" "edge-infra.dev/pkg/edge/api/middleware" "edge-infra.dev/pkg/edge/api/mocks" "edge-infra.dev/pkg/edge/api/types" "edge-infra.dev/pkg/edge/okta" ) func TestLogin(t *testing.T) { mock := gomock.NewController(t) tenantService := mocks.NewMockTenantService(mock) tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes() service := mocks.NewMockUserManagementService(mock) service.EXPECT(). Login(gomock.Any(), "test", "password", "organization"). Return(&model.AuthPayload{}, nil).Times(1) service.EXPECT(). Login(gomock.Any(), "test", "password", "more/paths/hello/organization"). Return(&model.AuthPayload{}, nil).Times(1) c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}} r := &Resolver{UserManagementService: service, Config: c, TenantService: tenantService} _, err := r.Mutation().Login(context.Background(), "test", "password", "/organization/") assert.NoError(t, err) _, err = r.Mutation().Login(context.Background(), "test", "password", "/more/paths/hello/organization/") assert.NoError(t, err) } func TestRegistration(t *testing.T) { mock := gomock.NewController(t) tenantService := mocks.NewMockTenantService(mock) tenantService.EXPECT().GetByName(gomock.Any(), gomock.Any()).Return(&model.Tenant{}, nil).AnyTimes() userManagementService := mocks.NewMockUserManagementService(mock) resError := errors.New("bad registration") userManagementService.EXPECT(). Register(gomock.Any(), "firstName", "lastName", "username", "email", "password", "organization"). Return("success", nil).Times(1) userManagementService.EXPECT(). Register(gomock.Any(), "error", "lastName", "username", "email", "password", "organization"). Return("fail", resError).Times(1) roleService := mocks.NewMockRoleService(mock) roleService.EXPECT(). AddRoleToUserLegacy(gomock.Any(), "organization", "username", string(model.RoleEdgeBannerViewer)). Return(nil).Times(1) c := &types.Config{BSP: bsltypes.BSPConfig{OrganizationPrefix: "test_prefix-"}} r := &Resolver{UserManagementService: userManagementService, RoleService: roleService, Config: c, TenantService: tenantService} _, err := r.Mutation().Register(context.Background(), "firstName", "lastName", "username", "email", "password", "organization") assert.NoError(t, err) _, err = r.Mutation().Register(context.Background(), "error", "lastName", "username", "email", "password", "organization") assert.EqualError(t, err, resError.Error()) } func TestLoginWithOkta(t *testing.T) { mock := gomock.NewController(t) userManagementService := mocks.NewMockUserManagementService(mock) err := errors.New("invalid token") userInfoMock := okta.MockUserInfoResponse() userManagementService.EXPECT(). LoginWithOktaToken(gomock.Any(), "good-okta-token", "test-refresh-token", "test-org"). Return(&model.OktaAuthPayload{ Token: "good-okta-token", RefreshToken: "test-okta-refresh-token", FirstName: &userInfoMock.GivenName, LastName: &userInfoMock.FamilyName, FullName: userInfoMock.Name, Email: userInfoMock.Email, Valid: true, }, nil).Times(1) userManagementService.EXPECT(). LoginWithOktaToken(gomock.Any(), "bad-okta-token", "test-refresh-token", "test-org"). Return(nil, err).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} resp, err := r.Mutation().LoginWithOkta(context.Background(), "good-okta-token", "test-refresh-token", "test-org") assert.NoError(t, err) assert.True(t, resp.Valid) resp, err = r.Mutation().LoginWithOkta(context.Background(), "bad-okta-token", "test-refresh-token", "test-org") assert.Error(t, err) assert.Empty(t, resp) } func TestLoginWithOktaInvalidToken(t *testing.T) { mock := gomock.NewController(t) userManagementService := mocks.NewMockUserManagementService(mock) err := errors.New("invalid token") //userInfoMock := okta.MockUserInfoResponse() userManagementService.EXPECT(). LoginWithOktaToken(gomock.Any(), "invalid-okta-token", "test-refresh-token", "test-org"). Return(nil, err).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} resp, err := r.Mutation().LoginWithOkta(context.Background(), "invalid-okta-token", "test-refresh-token", "test-org") assert.Error(t, err) assert.Empty(t, resp) } func TestVerifyOktaToken(t *testing.T) { mock := gomock.NewController(t) userManagementService := mocks.NewMockUserManagementService(mock) err := errors.New("invalid token") userManagementService.EXPECT(). VerifyOktaToken(gomock.Any(), "good-okta-token"). Return(okta.MockIntrospectionResponse("https://edge.oktapreview.com/oauth2/default", "abc123"), nil).Times(1) userManagementService.EXPECT(). VerifyOktaToken(gomock.Any(), "bad-okta-token"). Return(&okta.IntrospectionResponse{}, err).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} valid, err := r.Mutation().VerifyOktaToken(context.Background(), "good-okta-token") assert.NoError(t, err) assert.True(t, valid) valid, err = r.Mutation().VerifyOktaToken(context.Background(), "bad-okta-token") assert.Error(t, err) assert.False(t, valid) } func TestSessionRefreshBSL(t *testing.T) { usr := &bsltypes.AuthUser{ Email: "test@ncr.com", Organization: "test-org", Username: "testUser", Token: "good-bsl-token", Roles: []string{"EDGE_ORG_ADMIN"}, } mock := gomock.NewController(t) userManagementService := mocks.NewMockUserManagementService(mock) userManagementService.EXPECT(). TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderBsl.String()). Return("test-bsl-token", nil).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} ctxx := middleware.NewContext(context.Background(), usr) res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderBsl) assert.NoError(t, err) assert.Equal(t, res, "test-bsl-token") } func TestSessionRefreshOkta(t *testing.T) { usr := &bsltypes.AuthUser{ Email: "test@ncr.com", Organization: "test-org", Username: "testUser", Token: "good-okta-token", Roles: []string{"EDGE_ORG_ADMIN"}, } mock := gomock.NewController(t) userManagementService := mocks.NewMockUserManagementService(mock) userManagementService.EXPECT(). TokenExchange(gomock.Any(), "test-org", usr, model.AuthProviderOkta.String()). Return("test-okta-token", nil).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} ctxx := middleware.NewContext(context.Background(), usr) res, err := r.Mutation().SessionRefresh(ctxx, model.AuthProviderOkta) assert.NoError(t, err) assert.Equal(t, res, "test-okta-token") } func TestGetSessionUserEdgeRole(t *testing.T) { edgeRole := []string{"EDGE_BANNER_VIEWER"} activityError := errors.New("invalid token") mock := gomock.NewController(t) ctxValid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{ Username: "username", Organization: "test-org", Token: "good-bsl-token", AuthProvider: "bsl", }) ctxInvalid := middleware.NewContext(context.Background(), &bsltypes.AuthUser{ Username: "username", Organization: "test-org", Token: "bad-bsl-token", AuthProvider: "bsl", }) userManagementService := mocks.NewMockUserManagementService(mock) userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "good-bsl-token", "test-org", "bsl"). Return(edgeRole, nil).Times(1) userManagementService.EXPECT().GetSessionUserEdgeRoles(gomock.Any(), "username", "bad-bsl-token", "test-org", "bsl"). Return(nil, activityError).Times(1) c := &types.Config{} r := &Resolver{UserManagementService: userManagementService, Config: c} _, err := r.Query().SessionUserEdgeRole(ctxValid) assert.NoError(t, err) _, err = r.Query().SessionUserEdgeRole(ctxInvalid) assert.Error(t, err) }