add few more tests

Author: ndyakov

entraid_test.go

@@ -2,10 +2,13 @@ package entraid
 
 import (
 	"net"
+	"time"
 
 	"github.com/stretchr/testify/mock"
 )
 
+const testJWTtoken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ0ZXN0IGp3dCIsImlhdCI6MTc0MzUxNTAxMSwiZXhwIjoxNzc1MDUxMDExLCJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJ0ZXN0QHRlc3QuY29tIiwib2lkIjoidGVzdCJ9.6RG721V2eFlSLsCRmo53kSRRrTZIe1UPdLZCUEvIarU"
+
 type mockIdentityProvider struct {
 	// Mock implementation of the IdentityProvider interface
 	// Add any necessary fields or methods for the mock identity provider here
@@ -42,3 +45,32 @@ func (m *mockError) Is(err error) bool {
 }
 
 var _ net.Error = (*mockError)(nil)
+
+type mockTokenListener struct {
+	// Mock implementation of the TokenManagerListener interface
+	mock.Mock
+}
+
+var _ TokenListener = (*mockTokenListener)(nil)
+
+func (m *mockTokenListener) OnTokenNext(token *Token) {
+	_ = m.Called(token)
+}
+
+func (m *mockTokenListener) OnTokenError(err error) {
+	_ = m.Called(err)
+}
+
+func mockTokenParserFunc(idpResponse IdentityProviderResponse) (*Token, error) {
+	if idpResponse != nil && idpResponse.Type() == ResponseTypeRawToken {
+		return NewToken(
+			"test",
+			"password",
+			"test",
+			time.Now().Add(time.Hour),
+			time.Now(),
+			int64(time.Hour),
+		), nil
+	}
+	return nil, nil
+}

errors.go

@@ -2,4 +2,11 @@ package entraid
 
 import "fmt"
 
-var ErrNotImplemented = fmt.Errorf("credentials provider not implemented")
+// ErrTokenManagerNotStarted is returned when the token manager is not started.
+var ErrTokenManagerNotStarted = fmt.Errorf("token manager not started")
+
+// ErrTokenManagerAlreadyCanceled is returned when the token manager is already canceled.
+var ErrTokenManagerAlreadyCanceled = fmt.Errorf("token manager already canceled")
+
+// ErrTokenManagerAlreadyStarted is returned when the token manager is already started.
+var ErrTokenManagerAlreadyStarted = fmt.Errorf("token manager already started")

identity_provider.go

@@ -63,10 +63,12 @@ func (a *authResult) RawToken() string {
 
 // NewIDPResponse creates a new auth result based on the type provided.
 // It returns an IdentityProviderResponse interface.
-func NewIDPResponse(t string, result interface{}) (IdentityProviderResponse, error) {
-	r := &authResult{resultType: t}
+// Type can be either AuthResult, AccessToken, or RawToken.
+// Second argument is the result of the type provided in the first argument.
+func NewIDPResponse(responseType string, result interface{}) (IdentityProviderResponse, error) {
+	r := &authResult{resultType: responseType}
 
-	switch t {
+	switch responseType {
 	case ResponseTypeAuthResult:
 		if typed, ok := result.(*public.AuthResult); !ok {
 			return nil, fmt.Errorf("expected AuthResult, got %T", result)
@@ -86,7 +88,7 @@ func NewIDPResponse(t string, result interface{}) (IdentityProviderResponse, err
 			r.rawToken = typed
 		}
 	default:
-		return nil, fmt.Errorf("unknown idp response type: %s", t)
+		return nil, fmt.Errorf("unknown idp response type: %s", responseType)
 	}
 
 	return r, nil

token_manager.go

@@ -111,10 +111,11 @@ var defaultIdentityProviderResponseParser IdentityProviderResponseParserFunc = f
 
 		claims := struct {
 			jwt.RegisteredClaims
-			Oid string `json:"oid"`
+			Oid string `json:"oid,omitempty"`
 		}{}
 
-		_, err := jwt.ParseWithClaims(token, claims, nil)
+		// jwt token should be verified from the identity provider
+		_, _, err := jwt.NewParser().ParseUnverified(token, &claims)
 		if err != nil {
 			return nil, fmt.Errorf("failed to parse jwt token: %w", err)
 		}
@@ -282,13 +283,14 @@ func (e *entraidTokenManager) Start(listener TokenListener) (cancelFunc, error)
 	e.lock.Lock()
 	defer e.lock.Unlock()
 	if e.listener != nil {
-		return nil, fmt.Errorf("token manager already started")
+		return nil, ErrTokenManagerAlreadyStarted
 	}
 	e.listener = listener
 	e.closed = make(chan struct{})
 
 	token, err := e.GetToken()
 	if err != nil {
+		go listener.OnTokenError(err)
 		return nil, fmt.Errorf("failed to start token manager: %w", err)
 	}
 
@@ -350,20 +352,25 @@ func (e *entraidTokenManager) Start(listener TokenListener) (cancelFunc, error)
 	return e.Close, nil
 }
 
-func (e *entraidTokenManager) Close() error {
+func (e *entraidTokenManager) Close() (err error) {
 	defer func() {
 		if r := recover(); r != nil {
-			// handle panic
 			log.Printf("Recovered from panic: %v", r)
+			err = ErrTokenManagerAlreadyCanceled
 		}
 	}()
 	e.lock.Lock()
 	defer e.lock.Unlock()
+
+	if e.closed == nil || e.listener == nil {
+		err = ErrTokenManagerNotStarted
+		return
+	}
 	if e.listener != nil {
 		e.listener = nil
 	}
 	close(e.closed)
-	return nil
+	return
 }
 
 // defaultRetryableFunc is a function that checks if the error is retryable.