omniauth-keycloak/spec/omniauth/strategies/keycloak_spec.rb

require 'spec_helper'

RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
  let(:body) {
    {
      "issuer": "http://localhost:8080/auth/realms/example-realm",
      "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
      "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
      "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
      "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
      "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
      "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
      "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
      "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
      "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
      "subject_types_supported": ["public", "pairwise"],
      "id_token_signing_alg_values_supported": ["RS256"],
      "userinfo_signing_alg_values_supported": ["RS256"],
      "request_object_signing_alg_values_supported": ["none", "RS256"],
      "response_modes_supported": ["query", "fragment", "form_post"],
      "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
      "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
      "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
      "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
      "claim_types_supported": ["normal"],
      "claims_parameter_supported": false,
      "scopes_supported": ["openid", "offline_access"],
      "request_parameter_supported": true,
      "request_uri_parameter_supported": true
    }
  }

  context 'client options' do
    subject do
      stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
        .to_return(status: 200, body: JSON.generate(body), headers: {})
      stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
        .to_return(status: 404, body: "", headers: {})
      OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
        client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
    end

    it 'should have the correct keycloak token url' do
      subject.setup_phase
      expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
    end

    it 'should have the correct keycloak authorization url' do
      subject.setup_phase
      expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
    end
  end

  describe 'client base_url option set' do
    context 'to blank string' do
      let(:new_body_endpoints) {
        {
          "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
          "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
          "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
        }
      }

      subject do
        stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
          .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
        stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
          .to_return(status: 404, body: "", headers: {})
        OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
          client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
      end

      it 'should have the correct keycloak token url' do
        subject.setup_phase
        expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
      end

      it 'should have the correct keycloak authorization url' do
        subject.setup_phase
        expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
      end
    end

    context 'to invalid string' do
      subject do
        stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
          .to_return(status: 200, body: JSON.generate(body), headers: {})
        stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
          .to_return(status: 404, body: "", headers: {})
        OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
          client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
      end

      it 'raises Configuration Error' do
        expect{ subject.setup_phase }
          .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
      end
    end

    context 'to /authorize' do

      let(:new_body_endpoints) {
        {
          "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
          "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
          "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
        }
      }

      subject do
        stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
          .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
        stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
          .to_return(status: 404, body: "", headers: {})
        OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
          client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
      end

      it 'should have the correct keycloak token url' do
        subject.setup_phase
        expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
      end

      it 'should have the correct keycloak authorization url' do
        subject.setup_phase
        expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
      end
    end
  end

  context 'client setup with a proc' do
    subject do
      OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
    end

    it 'should call the proc' do
      expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
    end
  end

  describe 'errors processing' do
    context 'when site contains /auth part' do
      subject do
        OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
                                                 client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
      end

      it 'raises Configuration Error' do
        expect{ subject.setup_phase }
          .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
      end
    end

    context 'when raise_on_failure option is true' do
      context 'when openid configuration endpoint returns error response' do
        subject do
          stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
            .to_return(status: 404, body: "", headers: {})
          OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
                                                   client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
        end

        it 'raises Integration Error' do
          expect{ subject.setup_phase }
            .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
        end
      end

      context 'when certificates endpoint returns error response' do
        subject do
          stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
            .to_return(status: 200, body: JSON.generate(body), headers: {})
          stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
            .to_return(status: 404, body: "", headers: {})
          OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
                                                   client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
        end

        it 'raises Integration Error' do
          expect{ subject.setup_phase }
            .to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
        end
      end
    end
  end
end
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00			`require 'spec_helper'`

			`RSpec.describe OmniAuth::Strategies::KeycloakOpenId do`
added base_url option, updated dev dependencies 2021-12-18 22:58:43 +00:00			`let(:body) {`
			`{`
			`"issuer": "http://localhost:8080/auth/realms/example-realm",`
			`"authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",`
			`"token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",`
			`"token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",`
			`"userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",`
			`"end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",`
			`"jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",`
			`"check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",`
			`"grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],`
			`"response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],`
			`"subject_types_supported": ["public", "pairwise"],`
			`"id_token_signing_alg_values_supported": ["RS256"],`
			`"userinfo_signing_alg_values_supported": ["RS256"],`
			`"request_object_signing_alg_values_supported": ["none", "RS256"],`
			`"response_modes_supported": ["query", "fragment", "form_post"],`
			`"registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",`
			`"token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],`
			`"token_endpoint_auth_signing_alg_values_supported": ["RS256"],`
			`"claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],`
			`"claim_types_supported": ["normal"],`
			`"claims_parameter_supported": false,`
			`"scopes_supported": ["openid", "offline_access"],`
			`"request_parameter_supported": true,`
			`"request_uri_parameter_supported": true`
			`}`
			`}`
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00
			`context 'client options' do`
			`subject do`
			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")`
added base_url option, updated dev dependencies 2021-12-18 22:58:43 +00:00			`.to_return(status: 200, body: JSON.generate(body), headers: {})`
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
Raise errors on setup failure and logging with OmniAuth::Strategy::log method (#10) * Raise errors on setup failure * Use URI join and path methods to remove sensivity to final slash in site option 2020-12-06 18:13:52 +00:00			`client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})`
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00			`end`
Allow pass a Proc to the setup option when you specify a strategy (#18) Co-authored-by: Jose Luis Cambero <joseluis.cambero@sngular.com> 2021-12-18 21:39:56 +00:00
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00			`it 'should have the correct keycloak token url' do`
			`subject.setup_phase`
			`expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')`
			`end`

			`it 'should have the correct keycloak authorization url' do`
			`subject.setup_phase`
			`expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')`
			`end`
			`end`
Raise errors on setup failure and logging with OmniAuth::Strategy::log method (#10) * Raise errors on setup failure * Use URI join and path methods to remove sensivity to final slash in site option 2020-12-06 18:13:52 +00:00
added base_url option, updated dev dependencies 2021-12-18 22:58:43 +00:00			`describe 'client base_url option set' do`
			`context 'to blank string' do`
			`let(:new_body_endpoints) {`
			`{`
			`"authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",`
			`"token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",`
			`"jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"`
			`}`
			`}`

			`subject do`
			`stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")`
			`.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})`
			`stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})`
			`end`

			`it 'should have the correct keycloak token url' do`
			`subject.setup_phase`
			`expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')`
			`end`

			`it 'should have the correct keycloak authorization url' do`
			`subject.setup_phase`
			`expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')`
			`end`
			`end`

			`context 'to invalid string' do`
			`subject do`
			`stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")`
			`.to_return(status: 200, body: JSON.generate(body), headers: {})`
			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})`
			`end`

			`it 'raises Configuration Error' do`
			`expect{ subject.setup_phase }`
			`.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)`
			`end`
			`end`

			`context 'to /authorize' do`

			`let(:new_body_endpoints) {`
			`{`
			`"authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",`
			`"token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",`
			`"jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"`
			`}`
			`}`

			`subject do`
			`stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")`
			`.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})`
			`stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})`
			`end`

			`it 'should have the correct keycloak token url' do`
			`subject.setup_phase`
			`expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')`
			`end`

			`it 'should have the correct keycloak authorization url' do`
			`subject.setup_phase`
			`expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')`
			`end`
			`end`
			`end`

Allow pass a Proc to the setup option when you specify a strategy (#18) Co-authored-by: Jose Luis Cambero <joseluis.cambero@sngular.com> 2021-12-18 21:39:56 +00:00			`context 'client setup with a proc' do`
			`subject do`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })`
			`end`

			`it 'should call the proc' do`
			`expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called`
			`end`
			`end`

Raise errors on setup failure and logging with OmniAuth::Strategy::log method (#10) * Raise errors on setup failure * Use URI join and path methods to remove sensivity to final slash in site option 2020-12-06 18:13:52 +00:00			`describe 'errors processing' do`
			`context 'when site contains /auth part' do`
			`subject do`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})`
			`end`

			`it 'raises Configuration Error' do`
			`expect{ subject.setup_phase }`
			`.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)`
			`end`
			`end`

			`context 'when raise_on_failure option is true' do`
			`context 'when openid configuration endpoint returns error response' do`
			`subject do`
			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})`
			`end`

			`it 'raises Integration Error' do`
			`expect{ subject.setup_phase }`
			`.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)`
			`end`
			`end`

			`context 'when certificates endpoint returns error response' do`
			`subject do`
			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")`
added base_url option, updated dev dependencies 2021-12-18 22:58:43 +00:00			`.to_return(status: 200, body: JSON.generate(body), headers: {})`
Raise errors on setup failure and logging with OmniAuth::Strategy::log method (#10) * Raise errors on setup failure * Use URI join and path methods to remove sensivity to final slash in site option 2020-12-06 18:13:52 +00:00			`stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")`
			`.to_return(status: 404, body: "", headers: {})`
			`OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',`
			`client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})`
			`end`

			`it 'raises Integration Error' do`
			`expect{ subject.setup_phase }`
			`.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)`
			`end`
			`end`
			`end`
			`end`
Initial commit for keycloak - opend id support 2018-12-16 21:45:33 +00:00			`end`