This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/internal/outpost/proxyv2/application/endpoint_test.go

89 lines
4.7 KiB
Go
Raw Permalink Normal View History

package application
import (
"testing"
"github.com/stretchr/testify/assert"
"goauthentik.io/api/v3"
"goauthentik.io/internal/config"
)
func TestEndpointDefault(t *testing.T) {
pc := api.ProxyOutpostConfig{
OidcConfiguration: api.OpenIDConnectConfiguration{
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
Issuer: "https://test.goauthentik.io/application/o/test-app/",
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
},
}
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", false)
// Standard outpost, non embedded
// All URLs should use the host that they get from the config
assert.Equal(t, "https://test.goauthentik.io/application/o/authorize/", ep.AuthURL)
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/", ep.Issuer)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
}
func TestEndpointAuthentikHostBrowser(t *testing.T) {
c := config.Get()
c.AuthentikHostBrowser = "https://browser.test.goauthentik.io"
defer func() {
c.AuthentikHostBrowser = ""
}()
pc := api.ProxyOutpostConfig{
OidcConfiguration: api.OpenIDConnectConfiguration{
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
Issuer: "https://test.goauthentik.io/application/o/test-app/",
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
UserinfoEndpoint: "https://test.goauthentik.io/application/o/userinfo/",
},
}
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", false)
// Standard outpost, with AUTHENTIK_HOST_BROWSER set
// Only the authorize/end session URLs should be changed
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/authorize/", ep.AuthURL)
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/", ep.Issuer)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
}
func TestEndpointEmbedded(t *testing.T) {
pc := api.ProxyOutpostConfig{
OidcConfiguration: api.OpenIDConnectConfiguration{
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
Issuer: "https://test.goauthentik.io/application/o/test-app/",
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
UserinfoEndpoint: "https://test.goauthentik.io/application/o/userinfo/",
},
}
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", true)
// Embedded outpost
// Browser URLs should use the config of "authentik_host", everything else can use what's
// received from the API endpoint
// Token URL is an exception since it's sent via a special HTTP transport that overrides the
// HTTP Host header, to make sure it's the same value as the issuer
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/authorize/", ep.AuthURL)
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/", ep.Issuer)
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
}