2018-12-16 21:45:33 +00:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
|
2021-12-18 22:58:43 +00:00
|
|
|
let(:body) {
|
|
|
|
{
|
|
|
|
"issuer": "http://localhost:8080/auth/realms/example-realm",
|
|
|
|
"authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
|
|
|
|
"token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
|
|
|
|
"token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
|
|
|
|
"userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
|
|
|
|
"end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
|
|
|
|
"jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
|
|
|
|
"check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
|
|
|
|
"grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
|
|
|
|
"response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
|
|
|
|
"subject_types_supported": ["public", "pairwise"],
|
|
|
|
"id_token_signing_alg_values_supported": ["RS256"],
|
|
|
|
"userinfo_signing_alg_values_supported": ["RS256"],
|
|
|
|
"request_object_signing_alg_values_supported": ["none", "RS256"],
|
|
|
|
"response_modes_supported": ["query", "fragment", "form_post"],
|
|
|
|
"registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
|
|
|
|
"token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
|
|
|
|
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
|
|
|
|
"claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
|
|
|
|
"claim_types_supported": ["normal"],
|
|
|
|
"claims_parameter_supported": false,
|
|
|
|
"scopes_supported": ["openid", "offline_access"],
|
|
|
|
"request_parameter_supported": true,
|
|
|
|
"request_uri_parameter_supported": true
|
|
|
|
}
|
|
|
|
}
|
2018-12-16 21:45:33 +00:00
|
|
|
|
|
|
|
context 'client options' do
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
2021-12-18 22:58:43 +00:00
|
|
|
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
2018-12-16 21:45:33 +00:00
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
2020-12-06 18:13:52 +00:00
|
|
|
client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
|
2018-12-16 21:45:33 +00:00
|
|
|
end
|
2021-12-18 21:39:56 +00:00
|
|
|
|
2018-12-16 21:45:33 +00:00
|
|
|
it 'should have the correct keycloak token url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should have the correct keycloak authorization url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
|
|
|
|
end
|
|
|
|
end
|
2020-12-06 18:13:52 +00:00
|
|
|
|
2021-12-18 22:58:43 +00:00
|
|
|
describe 'client base_url option set' do
|
|
|
|
context 'to blank string' do
|
|
|
|
let(:new_body_endpoints) {
|
|
|
|
{
|
|
|
|
"authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
|
|
|
|
"token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
|
|
|
|
"jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
|
|
|
|
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
|
|
|
|
stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should have the correct keycloak token url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should have the correct keycloak authorization url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'to invalid string' do
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
|
|
|
|
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises Configuration Error' do
|
|
|
|
expect{ subject.setup_phase }
|
|
|
|
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'to /authorize' do
|
|
|
|
|
|
|
|
let(:new_body_endpoints) {
|
|
|
|
{
|
|
|
|
"authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
|
|
|
|
"token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
|
|
|
|
"jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
|
|
|
|
.to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
|
|
|
|
stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should have the correct keycloak token url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should have the correct keycloak authorization url' do
|
|
|
|
subject.setup_phase
|
|
|
|
expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-12-18 21:39:56 +00:00
|
|
|
context 'client setup with a proc' do
|
|
|
|
subject do
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should call the proc' do
|
|
|
|
expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-12-06 18:13:52 +00:00
|
|
|
describe 'errors processing' do
|
|
|
|
context 'when site contains /auth part' do
|
|
|
|
subject do
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises Configuration Error' do
|
|
|
|
expect{ subject.setup_phase }
|
|
|
|
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when raise_on_failure option is true' do
|
|
|
|
context 'when openid configuration endpoint returns error response' do
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises Integration Error' do
|
|
|
|
expect{ subject.setup_phase }
|
|
|
|
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when certificates endpoint returns error response' do
|
|
|
|
subject do
|
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
|
2021-12-18 22:58:43 +00:00
|
|
|
.to_return(status: 200, body: JSON.generate(body), headers: {})
|
2020-12-06 18:13:52 +00:00
|
|
|
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
|
|
|
|
.to_return(status: 404, body: "", headers: {})
|
|
|
|
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
|
|
|
|
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises Integration Error' do
|
|
|
|
expect{ subject.setup_phase }
|
|
|
|
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-12-16 21:45:33 +00:00
|
|
|
end
|