Add tests for oidc and oauth authentications

tsuru/auth/login_test.go

@@ -1,3 +1,6 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 package auth
 
 import (

tsuru/auth/logout.go

@@ -1,3 +1,7 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package auth
 
 import (

tsuru/auth/logout_test.go

@@ -1,3 +1,6 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 package auth
 
 import (

tsuru/auth/native.go

@@ -1,3 +1,7 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package auth
 
 import (

tsuru/auth/oauth.go

@@ -1,3 +1,7 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package auth
 
 import (
@@ -30,7 +34,8 @@ func oauthLogin(ctx *cmd.Context, loginInfo *authTypes.SchemeInfo) error {
 	}
 	redirectURL := fmt.Sprintf("http://localhost:%s", port)
 	authURL := strings.Replace(loginInfo.Data.AuthorizeURL, "__redirect_url__", redirectURL, 1)
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		defer func() {
 			finish <- true
 		}()
@@ -55,7 +60,9 @@ func oauthLogin(ctx *cmd.Context, loginInfo *authTypes.SchemeInfo) error {
 		w.Header().Add("Content-Type", "text/html")
 		w.Write([]byte(page))
 	})
-	server := &http.Server{}
+	server := &http.Server{
+		Handler: mux,
+	}
 	go server.Serve(l)
 	err = open(authURL)
 	if err != nil {

tsuru/auth/oauth_test.go

@@ -0,0 +1,74 @@
+// Copyright 2023 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package auth
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"time"
+
+	"github.com/tsuru/tsuru-client/tsuru/config"
+	"github.com/tsuru/tsuru/cmd"
+	"github.com/tsuru/tsuru/exec"
+	"github.com/tsuru/tsuru/fs/fstest"
+
+	"github.com/tsuru/tsuru/types/auth"
+	"gopkg.in/check.v1"
+)
+
+type fakeExecutor struct {
+	DoExecute func(opts exec.ExecuteOptions) error
+}
+
+func (f *fakeExecutor) Execute(opts exec.ExecuteOptions) error {
+	return f.DoExecute(opts)
+}
+
+func (s *S) TestOAuthLogin(c *check.C) {
+
+	config.SetFileSystem(&fstest.RecordingFs{})
+
+	execut = &fakeExecutor{
+		DoExecute: func(opts exec.ExecuteOptions) error {
+
+			go func() {
+				time.Sleep(time.Second)
+				_, err := http.Get("http://localhost:41000")
+				c.Assert(err, check.IsNil)
+			}()
+
+			return nil
+		},
+	}
+
+	defer func() {
+		config.ResetFileSystem()
+		execut = nil
+	}()
+
+	fakeTsuruServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		c.Assert(req.URL.Path, check.Equals, "/1.0/auth/login")
+		rw.Write([]byte(`{"token":"mytoken"}`))
+	}))
+	defer fakeTsuruServer.Close()
+
+	os.Setenv("TSURU_TARGET", fakeTsuruServer.URL)
+
+	context := &cmd.Context{
+		Stdout: &bytes.Buffer{},
+	}
+
+	err := oauthLogin(context, &auth.SchemeInfo{
+		Data: auth.SchemeData{
+			Port: "41000",
+		},
+	})
+
+	c.Assert(err, check.IsNil)
+	tokenV1, err := config.ReadTokenV1()
+	c.Assert(err, check.IsNil)
+	c.Assert(tokenV1, check.Equals, "mytoken")
+}

tsuru/auth/oidc.go

@@ -1,3 +1,7 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package auth
 
 import (
@@ -44,7 +48,8 @@ func oidcLogin(ctx *cmd.Context, loginInfo *authTypes.SchemeInfo) error {
 
 	finish := make(chan bool)
 
-	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 
 		defer func() {
 			finish <- true
@@ -84,7 +89,9 @@ func oidcLogin(ctx *cmd.Context, loginInfo *authTypes.SchemeInfo) error {
 		fmt.Fprintf(w, callbackPage, successMarkup)
 
 	})
-	server := &http.Server{}
+	server := &http.Server{
+		Handler: mux,
+	}
 	go server.Serve(l)
 	err = open(authURL)
 	if err != nil {

tsuru/auth/oidc_test.go

@@ -0,0 +1,95 @@
+// Copyright 2023 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package auth
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"time"
+
+	"github.com/tsuru/tsuru-client/tsuru/config"
+	"github.com/tsuru/tsuru/cmd"
+	"github.com/tsuru/tsuru/exec"
+	"github.com/tsuru/tsuru/fs/fstest"
+	"golang.org/x/oauth2"
+
+	"github.com/tsuru/tsuru/types/auth"
+	"gopkg.in/check.v1"
+)
+
+func (s *S) TestOIDChLogin(c *check.C) {
+
+	config.SetFileSystem(&fstest.RecordingFs{})
+
+	execut = &fakeExecutor{
+		DoExecute: func(opts exec.ExecuteOptions) error {
+
+			go func() {
+				time.Sleep(time.Second)
+				_, err := http.Get("http://localhost:41000/?code=321")
+				c.Assert(err, check.IsNil)
+			}()
+
+			return nil
+		},
+	}
+
+	defer func() {
+		config.ResetFileSystem()
+		execut = nil
+	}()
+
+	fakeIDP := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		b, err := io.ReadAll(req.Body)
+		c.Assert(err, check.IsNil)
+		body, err := url.ParseQuery(string(b))
+		c.Assert(err, check.IsNil)
+
+		c.Assert(body.Get("code"), check.Equals, "321")
+
+		rw.Header().Set("Content-Type", "application/json")
+		rw.Write([]byte(`{"access_token":"mytoken", "refresh_token": "refreshtoken"}`))
+	}))
+	defer fakeIDP.Close()
+
+	context := &cmd.Context{
+		Stdout: &bytes.Buffer{},
+		Stderr: &bytes.Buffer{},
+	}
+
+	err := oidcLogin(context, &auth.SchemeInfo{
+		Data: auth.SchemeData{
+			Port:     "41000",
+			TokenURL: fakeIDP.URL,
+			ClientID: "test-tsuru",
+			Scopes:   []string{"scope1"},
+		},
+	})
+
+	c.Assert(err, check.IsNil)
+	tokenV1, err := config.ReadTokenV1()
+	c.Assert(err, check.IsNil)
+	c.Assert(tokenV1, check.Equals, "mytoken")
+
+	tokenV2, err := config.ReadTokenV2()
+	c.Assert(err, check.IsNil)
+	c.Assert(tokenV2, check.DeepEquals, &config.TokenV2{
+		Scheme: "oidc",
+		OAuth2Token: &oauth2.Token{
+			AccessToken:  "mytoken",
+			RefreshToken: "refreshtoken",
+		},
+		OAuth2Config: &oauth2.Config{
+			ClientID:    "test-tsuru",
+			RedirectURL: "http://localhost:41000",
+			Scopes:      []string{"scope1"},
+			Endpoint: oauth2.Endpoint{
+				TokenURL: fakeIDP.URL,
+			},
+		},
+	})
+}

tsuru/auth/open_darwin.go

@@ -4,7 +4,9 @@
 
 package auth
 
-import "github.com/tsuru/tsuru/exec"
+import (
+	"github.com/tsuru/tsuru/exec"
+)
 
 func open(url string) error {
 	opts := exec.ExecuteOptions{

tsuru/auth/open_test.go

@@ -1,3 +1,7 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 package auth
 
 import (

tsuru/auth/suite_test.go

@@ -1,3 +1,6 @@
+// Copyright 2024 tsuru authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 package auth
 
 import (

tsuru/config/token_v2.go

@@ -14,7 +14,6 @@ import (
 
 type TokenV2 struct {
 	Scheme       string         `json:"scheme"`
-	RawToken     string         `json:"raw_token,omitempty"`
 	OAuth2Token  *oauth2.Token  `json:"oauth2_token,omitempty"`
 	OAuth2Config *oauth2.Config `json:"oauth2_config,omitempty"`
 }