Skip to content

Commit 8b85239

Browse files
scottmckendryscottmckendry
committed
improve coverage
1 parent 1d61080 commit 8b85239

1 file changed

Lines changed: 59 additions & 0 deletions

File tree

internal/controller/oidc_controller_test.go

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -450,6 +450,65 @@ func TestOIDCController(t *testing.T) {
450450
assert.Equal(t, "invalid_request", res["error"])
451451
},
452452
},
453+
{
454+
description: "Ensure userinfo forbids access with invalid token type",
455+
middlewares: []gin.HandlerFunc{},
456+
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
457+
req := httptest.NewRequest("GET", "/api/oidc/userinfo", nil)
458+
req.Header.Set("Authorization", "Basic some-token")
459+
router.ServeHTTP(recorder, req)
460+
assert.Equal(t, 401, recorder.Code)
461+
462+
var res map[string]any
463+
err := json.Unmarshal(recorder.Body.Bytes(), &res)
464+
assert.NoError(t, err)
465+
assert.Equal(t, "invalid_request", res["error"])
466+
},
467+
},
468+
{
469+
description: "Ensure userinfo forbids access with empty bearer token",
470+
middlewares: []gin.HandlerFunc{},
471+
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
472+
req := httptest.NewRequest("GET", "/api/oidc/userinfo", nil)
473+
req.Header.Set("Authorization", "Bearer ")
474+
router.ServeHTTP(recorder, req)
475+
assert.Equal(t, 401, recorder.Code)
476+
477+
var res map[string]any
478+
err := json.Unmarshal(recorder.Body.Bytes(), &res)
479+
assert.NoError(t, err)
480+
assert.Equal(t, "invalid_grant", res["error"])
481+
},
482+
},
483+
{
484+
description: "Ensure userinfo forbids access with no authorization header",
485+
middlewares: []gin.HandlerFunc{},
486+
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
487+
req := httptest.NewRequest("GET", "/api/oidc/userinfo", nil)
488+
router.ServeHTTP(recorder, req)
489+
assert.Equal(t, 401, recorder.Code)
490+
491+
var res map[string]any
492+
err := json.Unmarshal(recorder.Body.Bytes(), &res)
493+
assert.NoError(t, err)
494+
assert.Equal(t, "invalid_request", res["error"])
495+
},
496+
},
497+
{
498+
description: "Ensure userinfo POST rejects missing access token in body",
499+
middlewares: []gin.HandlerFunc{},
500+
run: func(t *testing.T, router *gin.Engine, recorder *httptest.ResponseRecorder) {
501+
req := httptest.NewRequest("POST", "/api/oidc/userinfo", strings.NewReader(""))
502+
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
503+
router.ServeHTTP(recorder, req)
504+
assert.Equal(t, 401, recorder.Code)
505+
506+
var res map[string]any
507+
err := json.Unmarshal(recorder.Body.Bytes(), &res)
508+
assert.NoError(t, err)
509+
assert.Equal(t, "invalid_request", res["error"])
510+
},
511+
},
453512
{
454513
description: "Ensure userinfo accepts access token via POST body",
455514
middlewares: []gin.HandlerFunc{

0 commit comments

Comments
 (0)