hydra-maester/hydra/client_test.go

// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package hydra_test

import (
	"encoding/json"
	"errors"
	"fmt"
	"net/http"
	"net/http/httptest"
	"net/url"
	"strings"
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"k8s.io/utils/ptr"

	"github.com/ory/hydra-maester/hydra"
)

const (
	clientsEndpoint = "/clients"
	schemeHTTP      = "http"

	testID                        = "test-id"
	testClient                    = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}`
	testClientCreated             = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic","backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`
	testClientUpdated             = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}`
	testClientList                = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}`
	testClientList2               = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}`
	testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"},"backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`

	statusNotFoundBody            = `{"error":"Not Found","error_description":"Unable to locate the requested resource","status_code":404,"request_id":"id"}`
	statusUnauthorizedBody        = `{"error":"The request could not be authorized","error_description":"The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials","status_code":401,"request_id":"id"}`
	statusConflictBody            = `{"error":"Unable to insert or update resource because a resource with that value exists already","error_description":"","status_code":409,"request_id":"id"`
	statusInternalServerErrorBody = "the server encountered an internal error or misconfiguration and was unable to complete your request"
)

type server struct {
	statusCode int
	respBody   string
	err        error
}

var testOAuthJSONPost = &hydra.OAuth2ClientJSON{
	Scope:                             "some,other,scopes",
	GrantTypes:                        []string{"type2"},
	Owner:                             "test-name-2",
	Audience:                          []string{"audience-a", "audience-b"},
	FrontChannelLogoutURI:             "https://localhost/frontchannel-logout",
	FrontChannelLogoutSessionRequired: false,
	BackChannelLogoutURI:              "https://localhost/backchannel-logout",
	BackChannelLogoutSessionRequired:  false,
}

var testOAuthJSONPut = &hydra.OAuth2ClientJSON{
	ClientID:   ptr.To("test-id-3"),
	Scope:      "yet,another,scope",
	GrantTypes: []string{"type3"},
	Owner:      "test-name-3",
	Audience:   []string{"audience-c"},
}

func TestCRUD(t *testing.T) {

	assert := assert.New(t)

	c := hydra.InternalClient{
		HTTPClient: &http.Client{},
		HydraURL:   url.URL{Scheme: schemeHTTP},
	}

	t.Run("method=get", func(t *testing.T) {

		for d, tc := range map[string]server{
			"getting registered client": {
				http.StatusOK,
				testClient,
				nil,
			},
			"getting unregistered client": {
				http.StatusNotFound,
				statusNotFoundBody,
				nil,
			},
			"getting unauthorized request": {
				http.StatusUnauthorized,
				statusUnauthorizedBody,
				nil,
			},
			"internal server error when requesting": {
				http.StatusInternalServerError,
				statusInternalServerErrorBody,
				errors.New("http request returned unexpected status code"),
			},
		} {
			t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {

				//given
				shouldFind := tc.statusCode == http.StatusOK

				h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), testID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))
					assert.Equal(http.MethodGet, req.Method)
					w.WriteHeader(tc.statusCode)
					w.Write([]byte(tc.respBody))
					if shouldFind {
						w.Header().Set("Content-type", "application/json")
					}
				})
				runServer(&c, h)

				//when
				o, found, err := c.GetOAuth2Client(testID)

				//then
				if tc.err == nil {
					require.NoError(t, err)
				} else {
					require.Error(t, err)
					assert.Contains(err.Error(), tc.err.Error())
				}

				assert.Equal(shouldFind, found)
				if shouldFind {
					require.NotNil(t, o)
					var expected hydra.OAuth2ClientJSON
					json.Unmarshal([]byte(testClient), &expected)
					assert.Equal(&expected, o)
				}
			})
		}
	})

	t.Run("method=post", func(t *testing.T) {

		for d, tc := range map[string]server{
			"with new client": {
				http.StatusCreated,
				testClientCreated,
				nil,
			},
			"with new client with metadata": {
				http.StatusCreated,
				testClientWithMetadataCreated,
				nil,
			},
			"with existing client": {
				http.StatusConflict,
				statusConflictBody,
				errors.New("requested ID already exists"),
			},
			"internal server error when requesting": {
				http.StatusInternalServerError,
				statusInternalServerErrorBody,
				errors.New("http request returned unexpected status code"),
			},
		} {
			t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {
				var (
					err      error
					o        *hydra.OAuth2ClientJSON
					expected *hydra.OAuth2ClientJSON
				)
				//given
				new := tc.statusCode == http.StatusCreated
				newWithMetadata := d == "with new client with metadata"

				h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					assert.Equal(c.HydraURL.String(), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))
					assert.Equal(http.MethodPost, req.Method)
					w.WriteHeader(tc.statusCode)
					w.Write([]byte(tc.respBody))
					if new {
						w.Header().Set("Content-type", "application/json")
					}
				})
				runServer(&c, h)

				//when
				if newWithMetadata {
					meta, _ := json.Marshal(map[string]interface{}{
						"property1": float64(1),
						"property2": "2",
					})
					var testOAuthJSONPost2 = &hydra.OAuth2ClientJSON{
						Scope:                             "some,other,scopes",
						GrantTypes:                        []string{"type2"},
						Owner:                             "test-name-21",
						Metadata:                          meta,
						FrontChannelLogoutURI:             "https://localhost/frontchannel-logout",
						FrontChannelLogoutSessionRequired: false,
						BackChannelLogoutURI:              "https://localhost/backchannel-logout",
						BackChannelLogoutSessionRequired:  false,
					}
					o, err = c.PostOAuth2Client(testOAuthJSONPost2)
					expected = testOAuthJSONPost2
				} else {
					o, err = c.PostOAuth2Client(testOAuthJSONPost)
					expected = testOAuthJSONPost
				}

				//then
				if tc.err == nil {
					require.NoError(t, err)
				} else {
					require.Error(t, err)
					assert.Contains(err.Error(), tc.err.Error())
				}

				if new {
					require.NotNil(t, o)
					assert.Equal(expected.Scope, o.Scope)
					assert.Equal(expected.GrantTypes, o.GrantTypes)
					assert.Equal(expected.Owner, o.Owner)
					assert.Equal(expected.Audience, o.Audience)
					assert.NotNil(o.Secret)
					assert.NotNil(o.ClientID)
					assert.NotNil(o.TokenEndpointAuthMethod)
					assert.Equal(expected.FrontChannelLogoutURI, o.FrontChannelLogoutURI)
					assert.Equal(expected.FrontChannelLogoutSessionRequired, o.FrontChannelLogoutSessionRequired)
					assert.Equal(expected.BackChannelLogoutURI, o.BackChannelLogoutURI)
					assert.Equal(expected.BackChannelLogoutSessionRequired, o.BackChannelLogoutSessionRequired)
					if expected.TokenEndpointAuthMethod != "" {
						assert.Equal(expected.TokenEndpointAuthMethod, o.TokenEndpointAuthMethod)
					}
					if newWithMetadata {
						assert.NotNil(o.Metadata)
						assert.True(len(o.Metadata) > 0)
						for key := range o.Metadata {
							assert.Equal(o.Metadata[key], expected.Metadata[key])
						}
					} else {
						assert.Nil(o.Metadata)
					}
				}
			})
		}
	})

	t.Run("method=put", func(t *testing.T) {
		for d, tc := range map[string]server{
			"with registered client": {
				http.StatusOK,
				testClientUpdated,
				nil,
			},
			"internal server error when requesting": {
				http.StatusInternalServerError,
				statusInternalServerErrorBody,
				errors.New("http request returned unexpected status code"),
			},
		} {
			t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {

				ok := tc.statusCode == http.StatusOK

				//given
				h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), *testOAuthJSONPut.ClientID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))
					assert.Equal(http.MethodPut, req.Method)
					w.WriteHeader(tc.statusCode)
					w.Write([]byte(tc.respBody))
					if ok {
						w.Header().Set("Content-type", "application/json")
					}
				})
				runServer(&c, h)

				//when
				o, err := c.PutOAuth2Client(testOAuthJSONPut)

				//then
				if tc.err == nil {
					require.NoError(t, err)
				} else {
					require.Error(t, err)
					assert.Contains(err.Error(), tc.err.Error())
				}

				if ok {
					require.NotNil(t, o)

					assert.Equal(testOAuthJSONPut.Scope, o.Scope)
					assert.Equal(testOAuthJSONPut.GrantTypes, o.GrantTypes)
					assert.Equal(testOAuthJSONPut.ClientID, o.ClientID)
					assert.Equal(testOAuthJSONPut.Owner, o.Owner)
					assert.Equal(testOAuthJSONPut.Audience, o.Audience)
					assert.NotNil(o.Secret)
				}
			})
		}
	})

	t.Run("method=delete", func(t *testing.T) {

		for d, tc := range map[string]server{
			"with registered client": {
				statusCode: http.StatusNoContent,
			},
			"with unregistered client": {
				statusCode: http.StatusNotFound,
				respBody:   statusNotFoundBody,
			},
			"internal server error when requesting": {
				statusCode: http.StatusInternalServerError,
				respBody:   statusInternalServerErrorBody,
				err:        errors.New("http request returned unexpected status code"),
			},
		} {
			t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {

				//given
				h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), testID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))
					assert.Equal(http.MethodDelete, req.Method)
					w.WriteHeader(tc.statusCode)
				})
				runServer(&c, h)

				//when
				err := c.DeleteOAuth2Client(testID)

				//then
				if tc.err == nil {
					require.NoError(t, err)
				} else {
					require.Error(t, err)
					assert.Contains(err.Error(), tc.err.Error())
				}
			})
		}
	})

	t.Run("method=list", func(t *testing.T) {

		for d, tc := range map[string]server{
			"no clients": {
				http.StatusOK,
				`[]`,
				nil,
			},
			"one client": {
				http.StatusOK,
				fmt.Sprintf("[%s]", testClientList),
				nil,
			},
			"more clients": {
				http.StatusOK,
				fmt.Sprintf("[%s,%s]", testClientList, testClientList2),
				nil,
			},
			"internal server error when requesting": {
				http.StatusInternalServerError,
				statusInternalServerErrorBody,
				errors.New("http request returned unexpected status code"),
			},
		} {
			t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {

				//given
				h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					assert.Equal(c.HydraURL.String(), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))
					assert.Equal(http.MethodGet, req.Method)
					w.WriteHeader(tc.statusCode)
					w.Write([]byte(tc.respBody))
					w.Header().Set("Content-type", "application/json")

				})
				runServer(&c, h)

				//when
				list, err := c.ListOAuth2Client()

				//then
				if tc.err == nil {
					require.NoError(t, err)
					require.NotNil(t, list)
					var expectedList []*hydra.OAuth2ClientJSON
					json.Unmarshal([]byte(tc.respBody), &expectedList)
					assert.Equal(expectedList, list)
				} else {
					require.Error(t, err)
					assert.Contains(err.Error(), tc.err.Error())
				}
			})
		}
	})

	t.Run("default parameters", func(t *testing.T) {
		var input = &hydra.OAuth2ClientJSON{
			Scope:      "some,other,scopes",
			GrantTypes: []string{"type2"},
			Owner:      "test-name-2",
		}
		assert.Equal(input.TokenEndpointAuthMethod, "")
		b, _ := json.Marshal(input)
		payload := string(b)
		assert.Equal(strings.Index(payload, "token_endpoint_auth_method"), -1)

		input = &hydra.OAuth2ClientJSON{
			Scope:                   "some,other,scopes",
			GrantTypes:              []string{"type2"},
			Owner:                   "test-name-3",
			TokenEndpointAuthMethod: "none",
		}
		b, _ = json.Marshal(input)
		payload = string(b)
		assert.True(strings.Index(payload, "token_endpoint_auth_method") > 0)
	})
}

func runServer(c *hydra.InternalClient, h http.HandlerFunc) {
	s := httptest.NewServer(h)
	serverUrl, _ := url.Parse(s.URL)
	c.HydraURL = *serverUrl.ResolveReference(&url.URL{Path: clientsEndpoint})
}
fix: add ready condition to OAuth2ClientStatus (#122) 2023-03-27 11:34:35 -04:00			`// Copyright © 2023 Ory Corp`
docs: standardize license headers (#113) 2022-11-03 10:31:10 -04:00			`// SPDX-License-Identifier: Apache-2.0`

api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`package hydra_test`

			`import (`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"net/http"`
			`"net/http/httptest"`
			`"net/url"`
Add support for `token_endpoint_auth_method` (#37) 2019-11-26 17:52:38 +01:00			`"strings"`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`"testing"`

			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
refactor: update to the latest version of kubebuilder and add support for hydra v2 (#127) 2023-08-08 10:30:24 +02:00			`"k8s.io/utils/ptr"`
fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00
			`"github.com/ory/hydra-maester/hydra"`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`)`

			`const (`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`clientsEndpoint = "/clients"`
			`schemeHTTP = "http"`

feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`testID = "test-id"`
			testClient = `{"client_id":"test-id","owner":"test-name","scope":"some,scopes","grant_types":["type1"],"token_endpoint_auth_method":"client_secret_basic"}`
Implement creating clients with backchannel or frontchannel logout uris (#139) 2024-01-22 09:12:12 +01:00			testClientCreated = `{"client_id":"test-id-2","client_secret":"TmGkvcY7k526","owner":"test-name-2","scope":"some,other,scopes","grant_types":["type2"],"audience":["audience-a","audience-b"],"token_endpoint_auth_method":"client_secret_basic","backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			testClientUpdated = `{"client_id":"test-id-3","client_secret":"xFoPPm654por","owner":"test-name-3","scope":"yet,another,scope","grant_types":["type3"],"audience":["audience-c"],"token_endpoint_auth_method":"client_secret_basic"}`
			testClientList = `{"client_id":"test-id-4","owner":"test-name-4","scope":"scope1 scope2","grant_types":["type4"],"token_endpoint_auth_method":"client_secret_basic"}`
			testClientList2 = `{"client_id":"test-id-5","owner":"test-name-5","scope":"scope3 scope4","grant_types":["type5"],"token_endpoint_auth_method":"client_secret_basic"}`
Implement creating clients with backchannel or frontchannel logout uris (#139) 2024-01-22 09:12:12 +01:00			testClientWithMetadataCreated = `{"client_id":"test-id-21","client_secret":"TmGkvcY7k526","owner":"test-name-21","scope":"some,other,scopes","grant_types":["type2"],"token_endpoint_auth_method":"client_secret_basic","metadata":{"property1":1,"property2":"2"},"backchannel_logout_uri":"https://localhost/backchannel-logout","frontchannel_logout_uri":"https://localhost/frontchannel-logout"}`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00
			statusNotFoundBody = `{"error":"Not Found","error_description":"Unable to locate the requested resource","status_code":404,"request_id":"id"}`
fix: treat Hydra 401 response like a 404 (#50) Fixes #49 2020-02-27 05:21:30 -07:00			statusUnauthorizedBody = `{"error":"The request could not be authorized","error_description":"The requested OAuth 2.0 client does not exist or you did not provide the necessary credentials","status_code":401,"request_id":"id"}`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			statusConflictBody = `{"error":"Unable to insert or update resource because a resource with that value exists already","error_description":"","status_code":409,"request_id":"id"`
			`statusInternalServerErrorBody = "the server encountered an internal error or misconfiguration and was unable to complete your request"`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`)`

			`type server struct {`
			`statusCode int`
			`respBody string`
			`err error`
			`}`

			`var testOAuthJSONPost = &hydra.OAuth2ClientJSON{`
Implement creating clients with backchannel or frontchannel logout uris (#139) 2024-01-22 09:12:12 +01:00			`Scope: "some,other,scopes",`
			`GrantTypes: []string{"type2"},`
			`Owner: "test-name-2",`
			`Audience: []string{"audience-a", "audience-b"},`
			`FrontChannelLogoutURI: "https://localhost/frontchannel-logout",`
			`FrontChannelLogoutSessionRequired: false,`
			`BackChannelLogoutURI: "https://localhost/backchannel-logout",`
			`BackChannelLogoutSessionRequired: false,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`}`

			`var testOAuthJSONPut = &hydra.OAuth2ClientJSON{`
refactor: update to the latest version of kubebuilder and add support for hydra v2 (#127) 2023-08-08 10:30:24 +02:00			`ClientID: ptr.To("test-id-3"),`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`Scope: "yet,another,scope",`
			`GrantTypes: []string{"type3"},`
Fix override clients bug (#23) 2019-09-19 09:29:18 +02:00			`Owner: "test-name-3",`
feat: Add audience field to OAuth2 Clients (#44) 2020-02-01 14:26:22 +01:00			`Audience: []string{"audience-c"},`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`}`

			`func TestCRUD(t *testing.T) {`

			`assert := assert.New(t)`

fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00			`c := hydra.InternalClient{`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`HTTPClient: &http.Client{},`
			`HydraURL: url.URL{Scheme: schemeHTTP},`
			`}`

			`t.Run("method=get", func(t *testing.T) {`

			`for d, tc := range map[string]server{`
			`"getting registered client": {`
			`http.StatusOK,`
			`testClient,`
			`nil,`
			`},`
			`"getting unregistered client": {`
			`http.StatusNotFound,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusNotFoundBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`nil,`
			`},`
fix: treat Hydra 401 response like a 404 (#50) Fixes #49 2020-02-27 05:21:30 -07:00			`"getting unauthorized request": {`
			`http.StatusUnauthorized,`
			`statusUnauthorizedBody,`
			`nil,`
			`},`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`"internal server error when requesting": {`
			`http.StatusInternalServerError,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusInternalServerErrorBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`errors.New("http request returned unexpected status code"),`
			`},`
			`} {`
			`t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {`

			`//given`
			`shouldFind := tc.statusCode == http.StatusOK`

			`h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), testID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))`
			`assert.Equal(http.MethodGet, req.Method)`
			`w.WriteHeader(tc.statusCode)`
			`w.Write([]byte(tc.respBody))`
			`if shouldFind {`
			`w.Header().Set("Content-type", "application/json")`
			`}`
			`})`
			`runServer(&c, h)`

			`//when`
			`o, found, err := c.GetOAuth2Client(testID)`

			`//then`
			`if tc.err == nil {`
			`require.NoError(t, err)`
			`} else {`
			`require.Error(t, err)`
			`assert.Contains(err.Error(), tc.err.Error())`
			`}`

			`assert.Equal(shouldFind, found)`
			`if shouldFind {`
			`require.NotNil(t, o)`
			`var expected hydra.OAuth2ClientJSON`
			`json.Unmarshal([]byte(testClient), &expected)`
			`assert.Equal(&expected, o)`
			`}`
			`})`
			`}`
			`})`

			`t.Run("method=post", func(t *testing.T) {`

			`for d, tc := range map[string]server{`
			`"with new client": {`
			`http.StatusCreated,`
			`testClientCreated,`
			`nil,`
			`},`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`"with new client with metadata": {`
			`http.StatusCreated,`
			`testClientWithMetadataCreated,`
			`nil,`
			`},`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`"with existing client": {`
			`http.StatusConflict,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusConflictBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`errors.New("requested ID already exists"),`
			`},`
			`"internal server error when requesting": {`
			`http.StatusInternalServerError,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusInternalServerErrorBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`errors.New("http request returned unexpected status code"),`
			`},`
			`} {`
			`t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`var (`
			`err error`
			`o *hydra.OAuth2ClientJSON`
			`expected *hydra.OAuth2ClientJSON`
			`)`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`//given`
			`new := tc.statusCode == http.StatusCreated`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`newWithMetadata := d == "with new client with metadata"`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00
			`h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`assert.Equal(c.HydraURL.String(), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))`
			`assert.Equal(http.MethodPost, req.Method)`
			`w.WriteHeader(tc.statusCode)`
			`w.Write([]byte(tc.respBody))`
			`if new {`
			`w.Header().Set("Content-type", "application/json")`
			`}`
			`})`
			`runServer(&c, h)`

			`//when`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`if newWithMetadata {`
			`meta, _ := json.Marshal(map[string]interface{}{`
			`"property1": float64(1),`
			`"property2": "2",`
			`})`
			`var testOAuthJSONPost2 = &hydra.OAuth2ClientJSON{`
Implement creating clients with backchannel or frontchannel logout uris (#139) 2024-01-22 09:12:12 +01:00			`Scope: "some,other,scopes",`
			`GrantTypes: []string{"type2"},`
			`Owner: "test-name-21",`
			`Metadata: meta,`
			`FrontChannelLogoutURI: "https://localhost/frontchannel-logout",`
			`FrontChannelLogoutSessionRequired: false,`
			`BackChannelLogoutURI: "https://localhost/backchannel-logout",`
			`BackChannelLogoutSessionRequired: false,`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`}`
			`o, err = c.PostOAuth2Client(testOAuthJSONPost2)`
			`expected = testOAuthJSONPost2`
			`} else {`
			`o, err = c.PostOAuth2Client(testOAuthJSONPost)`
			`expected = testOAuthJSONPost`
			`}`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00
			`//then`
			`if tc.err == nil {`
			`require.NoError(t, err)`
			`} else {`
			`require.Error(t, err)`
			`assert.Contains(err.Error(), tc.err.Error())`
			`}`

			`if new {`
			`require.NotNil(t, o)`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`assert.Equal(expected.Scope, o.Scope)`
			`assert.Equal(expected.GrantTypes, o.GrantTypes)`
			`assert.Equal(expected.Owner, o.Owner)`
			`assert.Equal(expected.Audience, o.Audience)`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`assert.NotNil(o.Secret)`
			`assert.NotNil(o.ClientID)`
Add support for `token_endpoint_auth_method` (#37) 2019-11-26 17:52:38 +01:00			`assert.NotNil(o.TokenEndpointAuthMethod)`
Implement creating clients with backchannel or frontchannel logout uris (#139) 2024-01-22 09:12:12 +01:00			`assert.Equal(expected.FrontChannelLogoutURI, o.FrontChannelLogoutURI)`
			`assert.Equal(expected.FrontChannelLogoutSessionRequired, o.FrontChannelLogoutSessionRequired)`
			`assert.Equal(expected.BackChannelLogoutURI, o.BackChannelLogoutURI)`
			`assert.Equal(expected.BackChannelLogoutSessionRequired, o.BackChannelLogoutSessionRequired)`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`if expected.TokenEndpointAuthMethod != "" {`
			`assert.Equal(expected.TokenEndpointAuthMethod, o.TokenEndpointAuthMethod)`
			`}`
			`if newWithMetadata {`
			`assert.NotNil(o.Metadata)`
			`assert.True(len(o.Metadata) > 0)`
refactor: update to the latest version of kubebuilder and add support for hydra v2 (#127) 2023-08-08 10:30:24 +02:00			`for key := range o.Metadata {`
feat: Add support for OAuth2 Client metadata property (#38) See #36 2020-02-03 12:40:44 +01:00			`assert.Equal(o.Metadata[key], expected.Metadata[key])`
			`}`
			`} else {`
			`assert.Nil(o.Metadata)`
Add support for `token_endpoint_auth_method` (#37) 2019-11-26 17:52:38 +01:00			`}`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`}`
			`})`
			`}`
			`})`

			`t.Run("method=put", func(t *testing.T) {`
			`for d, tc := range map[string]server{`
			`"with registered client": {`
			`http.StatusOK,`
			`testClientUpdated,`
			`nil,`
			`},`
			`"internal server error when requesting": {`
			`http.StatusInternalServerError,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusInternalServerErrorBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`errors.New("http request returned unexpected status code"),`
			`},`
			`} {`
			`t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {`

			`ok := tc.statusCode == http.StatusOK`

			`//given`
			`h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), *testOAuthJSONPut.ClientID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))`
			`assert.Equal(http.MethodPut, req.Method)`
			`w.WriteHeader(tc.statusCode)`
			`w.Write([]byte(tc.respBody))`
			`if ok {`
			`w.Header().Set("Content-type", "application/json")`
			`}`
			`})`
			`runServer(&c, h)`

			`//when`
			`o, err := c.PutOAuth2Client(testOAuthJSONPut)`

			`//then`
			`if tc.err == nil {`
			`require.NoError(t, err)`
			`} else {`
			`require.Error(t, err)`
			`assert.Contains(err.Error(), tc.err.Error())`
			`}`

			`if ok {`
			`require.NotNil(t, o)`

			`assert.Equal(testOAuthJSONPut.Scope, o.Scope)`
			`assert.Equal(testOAuthJSONPut.GrantTypes, o.GrantTypes)`
			`assert.Equal(testOAuthJSONPut.ClientID, o.ClientID)`
Fix override clients bug (#23) 2019-09-19 09:29:18 +02:00			`assert.Equal(testOAuthJSONPut.Owner, o.Owner)`
feat: Add audience field to OAuth2 Clients (#44) 2020-02-01 14:26:22 +01:00			`assert.Equal(testOAuthJSONPut.Audience, o.Audience)`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`assert.NotNil(o.Secret)`
			`}`
			`})`
			`}`
			`})`

			`t.Run("method=delete", func(t *testing.T) {`

			`for d, tc := range map[string]server{`
			`"with registered client": {`
			`statusCode: http.StatusNoContent,`
			`},`
			`"with unregistered client": {`
			`statusCode: http.StatusNotFound,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`respBody: statusNotFoundBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`},`
			`"internal server error when requesting": {`
			`statusCode: http.StatusInternalServerError,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`respBody: statusInternalServerErrorBody,`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`err: errors.New("http request returned unexpected status code"),`
			`},`
			`} {`
			`t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {`

			`//given`
			`h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`assert.Equal(fmt.Sprintf("%s/%s", c.HydraURL.String(), testID), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))`
			`assert.Equal(http.MethodDelete, req.Method)`
			`w.WriteHeader(tc.statusCode)`
			`})`
			`runServer(&c, h)`

			`//when`
			`err := c.DeleteOAuth2Client(testID)`

			`//then`
			`if tc.err == nil {`
			`require.NoError(t, err)`
			`} else {`
			`require.Error(t, err)`
			`assert.Contains(err.Error(), tc.err.Error())`
			`}`
			`})`
			`}`
			`})`
Fix override clients bug (#23) 2019-09-19 09:29:18 +02:00
			`t.Run("method=list", func(t *testing.T) {`

			`for d, tc := range map[string]server{`
			`"no clients": {`
			`http.StatusOK,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`[]`,
Fix override clients bug (#23) 2019-09-19 09:29:18 +02:00			`nil,`
			`},`
			`"one client": {`
			`http.StatusOK,`
			`fmt.Sprintf("[%s]", testClientList),`
			`nil,`
			`},`
			`"more clients": {`
			`http.StatusOK,`
			`fmt.Sprintf("[%s,%s]", testClientList, testClientList2),`
			`nil,`
			`},`
			`"internal server error when requesting": {`
			`http.StatusInternalServerError,`
fix JSON decode bug (#25) * fix JSON decode bug 2019-09-19 11:25:09 +02:00			`statusInternalServerErrorBody,`
Fix override clients bug (#23) 2019-09-19 09:29:18 +02:00			`errors.New("http request returned unexpected status code"),`
			`},`
			`} {`
			`t.Run(fmt.Sprintf("case/%s", d), func(t *testing.T) {`

			`//given`
			`h := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {`
			`assert.Equal(c.HydraURL.String(), fmt.Sprintf("%s://%s%s", schemeHTTP, req.Host, req.URL.Path))`
			`assert.Equal(http.MethodGet, req.Method)`
			`w.WriteHeader(tc.statusCode)`
			`w.Write([]byte(tc.respBody))`
			`w.Header().Set("Content-type", "application/json")`

			`})`
			`runServer(&c, h)`

			`//when`
			`list, err := c.ListOAuth2Client()`

			`//then`
			`if tc.err == nil {`
			`require.NoError(t, err)`
			`require.NotNil(t, list)`
			`var expectedList []*hydra.OAuth2ClientJSON`
			`json.Unmarshal([]byte(tc.respBody), &expectedList)`
			`assert.Equal(expectedList, list)`
			`} else {`
			`require.Error(t, err)`
			`assert.Contains(err.Error(), tc.err.Error())`
			`}`
			`})`
			`}`
			`})`
Add support for `token_endpoint_auth_method` (#37) 2019-11-26 17:52:38 +01:00
			`t.Run("default parameters", func(t *testing.T) {`
			`var input = &hydra.OAuth2ClientJSON{`
			`Scope: "some,other,scopes",`
			`GrantTypes: []string{"type2"},`
			`Owner: "test-name-2",`
			`}`
			`assert.Equal(input.TokenEndpointAuthMethod, "")`
			`b, _ := json.Marshal(input)`
			`payload := string(b)`
			`assert.Equal(strings.Index(payload, "token_endpoint_auth_method"), -1)`

			`input = &hydra.OAuth2ClientJSON{`
			`Scope: "some,other,scopes",`
			`GrantTypes: []string{"type2"},`
			`Owner: "test-name-3",`
			`TokenEndpointAuthMethod: "none",`
			`}`
			`b, _ = json.Marshal(input)`
			`payload = string(b)`
			`assert.True(strings.Index(payload, "token_endpoint_auth_method") > 0)`
			`})`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`}`

fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00			`func runServer(c *hydra.InternalClient, h http.HandlerFunc) {`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`s := httptest.NewServer(h)`
			`serverUrl, _ := url.Parse(s.URL)`
			`c.HydraURL = *serverUrl.ResolveReference(&url.URL{Path: clientsEndpoint})`
			`}`