Add Keycloak tests

martincostello · martincostello · commit 68d2a9a355a5 · 2021-10-09T14:07:25.000+01:00
Add tests for scenarios for different AccessType values.
diff --git a/test/AspNet.Security.OAuth.Providers.Tests/Keycloak/KeycloakAuthenticationOptionsTests.cs b/test/AspNet.Security.OAuth.Providers.Tests/Keycloak/KeycloakAuthenticationOptionsTests.cs
@@ -0,0 +1,107 @@
+﻿/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
+ * for more information concerning the license and the contributors participating to this project.
+ */
+
+using System;
+using System.Collections.Generic;
+using Xunit;
+
+namespace AspNet.Security.OAuth.Keycloak
+{
+    public static class KeycloakAuthenticationOptionsTests
+    {
+        public static IEnumerable<object[]> AccessTypes => new object[][]
+        {
+            new object[] { KeycloakAuthenticationAccessType.BearerOnly },
+            new object[] { KeycloakAuthenticationAccessType.Confidential },
+            new object[] { KeycloakAuthenticationAccessType.Public },
+        };
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        public static void Validate_Does_Not_Throw_If_ClientSecret_Is_Not_Provided_For_Public_Access_Type(string clientSecret)
+        {
+            // Arrange
+            var options = new KeycloakAuthenticationOptions()
+            {
+                AccessType = KeycloakAuthenticationAccessType.Public,
+                ClientId = "my-client-id",
+                ClientSecret = clientSecret,
+            };
+
+            // Act (no Assert)
+            options.Validate();
+        }
+
+        [Theory]
+        [InlineData(KeycloakAuthenticationAccessType.BearerOnly)]
+        [InlineData(KeycloakAuthenticationAccessType.Confidential)]
+        public static void Validate_Throws_If_ClientSecret_Is_Null(KeycloakAuthenticationAccessType accessType)
+        {
+            // Arrange
+            var options = new KeycloakAuthenticationOptions()
+            {
+                AccessType = accessType,
+                ClientId = "my-client-id",
+                ClientSecret = null,
+            };
+
+            // Act and Assert
+            Assert.Throws<ArgumentException>("ClientSecret", () => options.Validate());
+        }
+
+        [Theory]
+        [MemberData(nameof(AccessTypes))]
+        public static void Validate_Throws_If_AuthorizationEndpoint_Is_Null(KeycloakAuthenticationAccessType accessType)
+        {
+            // Arrange
+            var options = new KeycloakAuthenticationOptions()
+            {
+                AccessType = accessType,
+                AuthorizationEndpoint = null,
+                ClientId = "my-client-id",
+                ClientSecret = "my-client-secret",
+            };
+
+            // Act and Assert
+            Assert.Throws<ArgumentException>("AuthorizationEndpoint", () => options.Validate());
+        }
+
+        [Theory]
+        [MemberData(nameof(AccessTypes))]
+        public static void Validate_Throws_If_TokenEndpoint_Is_Null(KeycloakAuthenticationAccessType accessType)
+        {
+            // Arrange
+            var options = new KeycloakAuthenticationOptions()
+            {
+                AccessType = accessType,
+                ClientId = "my-client-id",
+                ClientSecret = "my-client-secret",
+                TokenEndpoint = null,
+            };
+
+            // Act and Assert
+            Assert.Throws<ArgumentException>("TokenEndpoint", () => options.Validate());
+        }
+
+        [Theory]
+        [MemberData(nameof(AccessTypes))]
+        public static void Validate_Throws_If_CallbackPath_Is_Null(KeycloakAuthenticationAccessType accessType)
+        {
+            // Arrange
+            var options = new KeycloakAuthenticationOptions()
+            {
+                AccessType = accessType,
+                CallbackPath = null,
+                ClientId = "my-client-id",
+                ClientSecret = "my-client-secret",
+            };
+
+            // Act and Assert
+            Assert.Throws<ArgumentException>("CallbackPath", () => options.Validate());
+        }
+    }
+}
diff --git a/test/AspNet.Security.OAuth.Providers.Tests/Keycloak/KeycloakTests.cs b/test/AspNet.Security.OAuth.Providers.Tests/Keycloak/KeycloakTests.cs
@@ -84,5 +84,33 @@ static void ConfigureServices(IServiceCollection services)
             // Assert
             AssertClaim(claims, claimType, claimValue);
         }
+
+        [Theory]
+        [InlineData(ClaimTypes.NameIdentifier, "995c1500-0dca-495e-ba72-2499d370d181")]
+        [InlineData(ClaimTypes.Email, "john@smith.com")]
+        [InlineData(ClaimTypes.GivenName, "John")]
+        [InlineData(ClaimTypes.Role, "admin")]
+        [InlineData(ClaimTypes.Name, "John Smith")]
+        public async Task Can_Sign_In_Using_Keycloak_Public_AccessType(string claimType, string claimValue)
+        {
+            // Arrange
+            static void ConfigureServices(IServiceCollection services)
+            {
+                services.PostConfigureAll<KeycloakAuthenticationOptions>((options) =>
+                {
+                    options.AccessType = KeycloakAuthenticationAccessType.Public;
+                    options.ClientSecret = string.Empty;
+                    options.Domain = "keycloak.local";
+                });
+            }
+
+            using var server = CreateTestServer(ConfigureServices);
+
+            // Act
+            var claims = await AuthenticateUserAsync(server);
+
+            // Assert
+            AssertClaim(claims, claimType, claimValue);
+        }
     }
 }
