omniauth-keycloak/spec/omniauth/strategies/keycloak_spec.rb

106 lines
5.5 KiB
Ruby
Executable File

require 'spec_helper'
RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
"authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
"token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
"token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
"end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
"jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
"check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
"grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
"response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
"subject_types_supported": ["public", "pairwise"],
"id_token_signing_alg_values_supported": ["RS256"],
"userinfo_signing_alg_values_supported": ["RS256"],
"request_object_signing_alg_values_supported": ["none", "RS256"],
"response_modes_supported": ["query", "fragment", "form_post"],
"registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
"token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
"claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
"claim_types_supported": ["normal"],
"claims_parameter_supported": false,
"scopes_supported": ["openid", "offline_access"],
"request_parameter_supported": true,
"request_uri_parameter_supported": true}'
context 'client options' do
subject do
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: body, headers: {})
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
end
it 'should have the correct keycloak token url' do
subject.setup_phase
expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
end
it 'should have the correct keycloak authorization url' do
subject.setup_phase
expect(subject.authorize_url).to eq('/auth/realms/example-realm/protocol/openid-connect/auth')
end
end
context 'client setup with a proc' do
subject do
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
end
it 'should call the proc' do
expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
end
end
describe 'errors processing' do
context 'when site contains /auth part' do
subject do
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080/auth', realm: 'example-realm', raise_on_failure: true})
end
it 'raises Configuration Error' do
expect{ subject.setup_phase }
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
end
end
context 'when raise_on_failure option is true' do
context 'when openid configuration endpoint returns error response' do
subject do
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
end
it 'raises Integration Error' do
expect{ subject.setup_phase }
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
end
end
context 'when certificates endpoint returns error response' do
subject do
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
.to_return(status: 200, body: body, headers: {})
stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
.to_return(status: 404, body: "", headers: {})
OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
client_options: {site: 'http://localhost:8080', realm: 'example-realm', raise_on_failure: true})
end
it 'raises Integration Error' do
expect{ subject.setup_phase }
.to raise_error(OmniAuth::Strategies::KeycloakOpenId::IntegrationError)
end
end
end
end
end