feat: support all variations of responseTypes (#104)

2021-12-08 09:25:34 +01:00
parent ca4fe77f30
commit a7a2caa606
6 changed files with 74 additions and 61 deletions
--- a/api/v1alpha1/oauth2client_types.go
+++ b/api/v1alpha1/oauth2client_types.go
@ -129,7 +129,7 @@ type OAuth2ClientSpec struct {
 // GrantType represents an OAuth 2.0 grant type
 type GrantType string

-// +kubebuilder:validation:Enum=id_token;code;token
+// +kubebuilder:validation:Enum=id_token;code;token;code token;code id_token;id_token token;code id_token token
 // ResponseType represents an OAuth 2.0 response type strings
 type ResponseType string

--- a/api/v1alpha1/oauth2client_types_test.go
+++ b/api/v1alpha1/oauth2client_types_test.go
@ -101,19 +101,19 @@ func TestCreateAPI(t *testing.T) {
 		t.Run("by failing if the requested object doesn't meet CRD requirements", func(t *testing.T) {

 			for desc, modifyClient := range map[string]func(){
-				"invalid grant type":            func() { created.Spec.GrantTypes = []GrantType{"invalid"} },
-				"invalid response type":         func() { created.Spec.ResponseTypes = []ResponseType{"invalid"} },
-				"invalid scope":                 func() { created.Spec.Scope = "" },
-				"missing secret name":           func() { created.Spec.SecretName = "" },
-				"invalid redirect URI":          func() { created.Spec.RedirectURIs = []RedirectURI{"invalid"} },
-				"invalid logout redirect URI":   func() { created.Spec.PostLogoutRedirectURIs = []RedirectURI{"invalid"} },
-				"invalid hydra url":             func() { created.Spec.HydraAdmin.URL = "invalid" },
-				"invalid hydra port high":       func() { created.Spec.HydraAdmin.Port = 65536 },
-				"invalid hydra endpoint":        func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
-				"invalid hydra forwarded proto": func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
+				"invalid grant type":              func() { created.Spec.GrantTypes = []GrantType{"invalid"} },
+				"invalid response type":           func() { created.Spec.ResponseTypes = []ResponseType{"invalid", "code"} },
+				"invalid composite response type": func() { created.Spec.ResponseTypes = []ResponseType{"invalid code", "code id_token"} },
+				"invalid scope":                   func() { created.Spec.Scope = "" },
+				"missing secret name":             func() { created.Spec.SecretName = "" },
+				"invalid redirect URI":            func() { created.Spec.RedirectURIs = []RedirectURI{"invalid"} },
+				"invalid logout redirect URI":     func() { created.Spec.PostLogoutRedirectURIs = []RedirectURI{"invalid"} },
+				"invalid hydra url":               func() { created.Spec.HydraAdmin.URL = "invalid" },
+				"invalid hydra port high":         func() { created.Spec.HydraAdmin.Port = 65536 },
+				"invalid hydra endpoint":          func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
+				"invalid hydra forwarded proto":   func() { created.Spec.HydraAdmin.Endpoint = "invalid" },
 			} {
 				t.Run(fmt.Sprintf("case=%s", desc), func(t *testing.T) {
-
 					resetTestClient()
 					modifyClient()
 					createErr = k8sClient.Create(context.TODO(), created)
@ -121,6 +121,21 @@ func TestCreateAPI(t *testing.T) {
 				})
 			}
 		})
+
+		t.Run("by creating an object if it passes validation", func(t *testing.T) {
+			for desc, modifyClient := range map[string]func(){
+				"single response type": func() { created.Spec.ResponseTypes = []ResponseType{"token", "id_token", "code"} },
+				"double response type": func() { created.Spec.ResponseTypes = []ResponseType{"id_token token", "code id_token", "code token"} },
+				"triple response type": func() { created.Spec.ResponseTypes = []ResponseType{"code id_token token"} },
+			} {
+				t.Run(fmt.Sprintf("case=%s", desc), func(t *testing.T) {
+					resetTestClient()
+					modifyClient()
+					require.NoError(t, k8sClient.Create(context.TODO(), created))
+					require.NoError(t, k8sClient.Delete(context.TODO(), created))
+				})
+			}
+		})
 	})
 }