allow for pointer and non-pointer types in the idp response

Author: ndyakov

shared/identity_provider_response.go

@@ -49,30 +49,47 @@ type IdentityProvider interface {
 // Type can be either AuthResult, AccessToken, or RawToken.
 // Second argument is the result of the type provided in the first argument.
 func NewIDPResponse(responseType string, result interface{}) (IdentityProviderResponse, error) {
+	if result == nil {
+		return nil, fmt.Errorf("result cannot be nil")
+	}
+
 	r := &internal.IDPResp{ResultType: responseType}
 
 	switch responseType {
 	case ResponseTypeAuthResult:
-		if typed, ok := result.(*public.AuthResult); !ok {
-			return nil, fmt.Errorf("expected AuthResult, got %T", result)
-		} else {
-			r.AuthResultVal = typed
+		switch v := result.(type) {
+		case *public.AuthResult:
+			r.AuthResultVal = v
+		case public.AuthResult:
+			r.AuthResultVal = &v
+		default:
+			return nil, fmt.Errorf("invalid auth result type: expected public.AuthResult or *public.AuthResult, got %T with value %v", result, result)
 		}
 	case ResponseTypeAccessToken:
-		if typed, ok := result.(*azcore.AccessToken); !ok {
-			return nil, fmt.Errorf("expected AccessToken, got %T", result)
-		} else {
-			r.AccessTokenVal = typed
-			r.RawTokenVal = typed.Token
+		switch v := result.(type) {
+		case *azcore.AccessToken:
+			r.AccessTokenVal = v
+			r.RawTokenVal = v.Token
+		case azcore.AccessToken:
+			r.AccessTokenVal = &v
+			r.RawTokenVal = v.Token
+		default:
+			return nil, fmt.Errorf("invalid access token type: expected azcore.AccessToken or *azcore.AccessToken, got %T with value %v", result, result)
 		}
 	case ResponseTypeRawToken:
-		if typed, ok := result.(string); !ok {
-			return nil, fmt.Errorf("expected string, got %T", result)
-		} else {
-			r.RawTokenVal = typed
+		switch v := result.(type) {
+		case string:
+			r.RawTokenVal = v
+		case *string:
+			if v == nil {
+				return nil, fmt.Errorf("raw token cannot be nil")
+			}
+			r.RawTokenVal = *v
+		default:
+			return nil, fmt.Errorf("invalid raw token type: expected string or *string, got %T with value %v", result, result)
 		}
 	default:
-		return nil, fmt.Errorf("unknown idp response type: %s", responseType)
+		return nil, fmt.Errorf("unsupported identity provider response type: %s", responseType)
 	}
 	return r, nil
 }

shared/identity_provider_response_test.go

@@ -66,70 +66,111 @@ func (m *mockIDP) RequestToken() (IdentityProviderResponse, error) {
 
 func TestNewIDPResponse(t *testing.T) {
 	tests := []struct {
-		name         string
-		responseType string
-		result       interface{}
-		wantErr      bool
+		name          string
+		responseType  string
+		result        interface{}
+		expectedError string
 	}{
 		{
-			name:         "Valid AuthResult",
+			name:         "Valid AuthResult pointer",
 			responseType: ResponseTypeAuthResult,
 			result:       &public.AuthResult{},
-			wantErr:      false,
 		},
 		{
-			name:         "Valid AccessToken",
+			name:         "Valid AuthResult value",
+			responseType: ResponseTypeAuthResult,
+			result:       public.AuthResult{},
+		},
+		{
+			name:         "Valid AccessToken pointer",
 			responseType: ResponseTypeAccessToken,
-			result:       &azcore.AccessToken{},
-			wantErr:      false,
+			result:       &azcore.AccessToken{Token: "test-token"},
 		},
 		{
-			name:         "Valid RawToken",
+			name:         "Valid AccessToken value",
+			responseType: ResponseTypeAccessToken,
+			result:       azcore.AccessToken{Token: "test-token"},
+		},
+		{
+			name:         "Valid RawToken string",
 			responseType: ResponseTypeRawToken,
 			result:       "test-token",
-			wantErr:      false,
 		},
 		{
-			name:         "Invalid AuthResult type",
-			responseType: ResponseTypeAuthResult,
-			result:       "not-an-auth-result",
-			wantErr:      true,
+			name:         "Valid RawToken string pointer",
+			responseType: ResponseTypeRawToken,
+			result:       stringPtr("test-token"),
 		},
 		{
-			name:         "Invalid AccessToken type",
-			responseType: ResponseTypeAccessToken,
-			result:       "not-an-access-token",
-			wantErr:      true,
+			name:          "Nil result",
+			responseType:  ResponseTypeAuthResult,
+			result:        nil,
+			expectedError: "result cannot be nil",
 		},
 		{
-			name:         "Invalid RawToken type",
-			responseType: ResponseTypeRawToken,
-			result:       123,
-			wantErr:      true,
+			name:          "Nil string pointer",
+			responseType:  ResponseTypeRawToken,
+			result:        (*string)(nil),
+			expectedError: "raw token cannot be nil",
+		},
+		{
+			name:          "Invalid AuthResult type",
+			responseType:  ResponseTypeAuthResult,
+			result:        "not-an-auth-result",
+			expectedError: "invalid auth result type: expected public.AuthResult or *public.AuthResult",
+		},
+		{
+			name:          "Invalid AccessToken type",
+			responseType:  ResponseTypeAccessToken,
+			result:        "not-an-access-token",
+			expectedError: "invalid access token type: expected azcore.AccessToken or *azcore.AccessToken",
 		},
 		{
-			name:         "Unknown response type",
-			responseType: "UnknownType",
-			result:       nil,
-			wantErr:      true,
+			name:          "Invalid RawToken type",
+			responseType:  ResponseTypeRawToken,
+			result:        123,
+			expectedError: "invalid raw token type: expected string or *string",
+		},
+		{
+			name:          "Invalid response type",
+			responseType:  "InvalidType",
+			result:        "test",
+			expectedError: "unsupported identity provider response type: InvalidType",
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			response, err := NewIDPResponse(tt.responseType, tt.result)
-			if tt.wantErr {
+			resp, err := NewIDPResponse(tt.responseType, tt.result)
+
+			if tt.expectedError != "" {
 				assert.Error(t, err)
-				assert.Nil(t, response)
-			} else {
-				assert.NoError(t, err)
-				assert.NotNil(t, response)
-				assert.Equal(t, tt.responseType, response.Type())
+				assert.Contains(t, err.Error(), tt.expectedError)
+				assert.Nil(t, resp)
+				return
+			}
+
+			assert.NoError(t, err)
+			assert.NotNil(t, resp)
+			assert.Equal(t, tt.responseType, resp.Type())
+
+			switch tt.responseType {
+			case ResponseTypeAuthResult:
+				assert.NotNil(t, resp.AuthResult())
+			case ResponseTypeAccessToken:
+				assert.NotNil(t, resp.AccessToken())
+				assert.NotEmpty(t, resp.AccessToken().Token)
+			case ResponseTypeRawToken:
+				assert.NotEmpty(t, resp.RawToken())
 			}
 		})
 	}
 }
 
+func stringPtr(s string) *string {
+	return &s
+}
+
 func TestIdentityProviderResponse(t *testing.T) {
 	now := time.Now()
 	expires := now.Add(time.Hour)