diff --git a/internal/env/env_test.go b/internal/env/env_test.go index 635307e..6022066 100644 --- a/internal/env/env_test.go +++ b/internal/env/env_test.go @@ -92,3 +92,60 @@ func TestManager_Update(t *testing.T) { }) } } + +func TestManager_Get(t *testing.T) { + tmpDir := t.TempDir() + envFile := filepath.Join(tmpDir, ".env") + err := os.WriteFile(envFile, []byte("KEY=VALUE\n"), 0644) + if err != nil { + t.Fatal(err) + } + + m := NewManager(envFile, "KEY") + val, err := m.Get() + if err != nil { + t.Fatalf("Get() error = %v", err) + } + if val != "VALUE" { + t.Errorf("Get() = %s, want VALUE", val) + } + + m2 := NewManager(envFile, "MISSING") + _, err = m2.Get() + if err == nil { + t.Error("Get() expected error for missing key, got nil") + } +} + +func TestFind(t *testing.T) { + tmpDir := t.TempDir() + subdir := filepath.Join(tmpDir, "subdir") + if err := os.Mkdir(subdir, 0755); err != nil { + t.Fatal(err) + } + + envFile := filepath.Join(tmpDir, ".env") + if err := os.WriteFile(envFile, []byte(""), 0644); err != nil { + t.Fatal(err) + } + + // Test finding from subdir + wd, err := os.Getwd() + if err != nil { + t.Fatal(err) + } + defer func() { + _ = os.Chdir(wd) + }() + if err := os.Chdir(subdir); err != nil { + t.Fatal(err) + } + + found, err := Find(".env") + if err != nil { + t.Fatalf("Find() error = %v", err) + } + if found != envFile { + t.Errorf("Find() = %s, want %s", found, envFile) + } +} diff --git a/internal/oidc/client_test.go b/internal/oidc/client_test.go new file mode 100644 index 0000000..d25fbdf --- /dev/null +++ b/internal/oidc/client_test.go @@ -0,0 +1,113 @@ +package oidc + +import ( + "encoding/json" + "net/http" + "net/http/httptest" + "testing" + + "github.com/codozor/authk/internal/config" +) + +func TestClient_GetToken(t *testing.T) { + // Mock OIDC Provider + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/.well-known/openid-configuration": + if err := json.NewEncoder(w).Encode(map[string]string{ + "token_endpoint": "http://" + r.Host + "/token", + }); err != nil { + t.Error(err) + } + case "/token": + if err := r.ParseForm(); err != nil { + t.Error(err) + } + if r.Form.Get("grant_type") == "client_credentials" { + if err := json.NewEncoder(w).Encode(TokenResponse{ + AccessToken: "mock_access_token", + ExpiresIn: 3600, + TokenType: "Bearer", + }); err != nil { + t.Error(err) + } + } else { + w.WriteHeader(http.StatusBadRequest) + } + default: + w.WriteHeader(http.StatusNotFound) + } + })) + defer ts.Close() + + cfg := &config.Config{ + OIDC: config.OIDCConfig{ + IssuerURL: ts.URL, + ClientID: "client", + ClientSecret: "secret", + AuthMethod: "basic", + }, + } + + client, err := NewClient(cfg) + if err != nil { + t.Fatalf("NewClient() error = %v", err) + } + + token, err := client.GetToken("", "") + if err != nil { + t.Fatalf("GetToken() error = %v", err) + } + + if token.AccessToken != "mock_access_token" { + t.Errorf("expected access token 'mock_access_token', got %s", token.AccessToken) + } +} + +func TestClient_RefreshToken(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/.well-known/openid-configuration": + if err := json.NewEncoder(w).Encode(map[string]string{ + "token_endpoint": "http://" + r.Host + "/token", + }); err != nil { + t.Error(err) + } + case "/token": + if err := r.ParseForm(); err != nil { + t.Error(err) + } + if r.Form.Get("grant_type") == "refresh_token" && r.Form.Get("refresh_token") == "valid_refresh" { + if err := json.NewEncoder(w).Encode(TokenResponse{ + AccessToken: "new_access_token", + ExpiresIn: 3600, + }); err != nil { + t.Error(err) + } + } else { + w.WriteHeader(http.StatusBadRequest) + } + } + })) + defer ts.Close() + + cfg := &config.Config{ + OIDC: config.OIDCConfig{ + IssuerURL: ts.URL, + }, + } + + client, err := NewClient(cfg) + if err != nil { + t.Fatalf("NewClient() error = %v", err) + } + + token, err := client.RefreshToken("valid_refresh") + if err != nil { + t.Fatalf("RefreshToken() error = %v", err) + } + + if token.AccessToken != "new_access_token" { + t.Errorf("expected access token 'new_access_token', got %s", token.AccessToken) + } +}