IDPResp struct fields should be unexported

Author: ndyakov

internal/idp_response.go

@@ -1,35 +1,110 @@
 package internal
 
 import (
+	"fmt"
+
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 )
 
+// IDPResp represents a response from an Identity Provider (IDP)
+// It can contain either an AuthResult, AccessToken, or a raw token string
 type IDPResp struct {
-	ResultType     string
-	AuthResultVal  *public.AuthResult
-	AccessTokenVal *azcore.AccessToken
-	RawTokenVal    string
+	// resultType indicates which type of response this is
+	resultType     string
+	authResultVal  *public.AuthResult
+	accessTokenVal *azcore.AccessToken
+	rawTokenVal    string
+}
+
+// NewIDPResp creates a new IDPResp with the given values
+// It validates the input and ensures the response type matches the provided value
+func NewIDPResp(resultType string, result interface{}) (*IDPResp, error) {
+	if result == nil {
+		return nil, fmt.Errorf("result cannot be nil")
+	}
+
+	r := &IDPResp{resultType: resultType}
+
+	switch resultType {
+	case "AuthResult":
+		switch v := result.(type) {
+		case *public.AuthResult:
+			r.authResultVal = v
+		case public.AuthResult:
+			r.authResultVal = &v
+		default:
+			return nil, fmt.Errorf("invalid auth result type: expected public.AuthResult or *public.AuthResult, got %T", result)
+		}
+	case "AccessToken":
+		switch v := result.(type) {
+		case *azcore.AccessToken:
+			r.accessTokenVal = v
+			r.rawTokenVal = v.Token
+		case azcore.AccessToken:
+			r.accessTokenVal = &v
+			r.rawTokenVal = v.Token
+		default:
+			return nil, fmt.Errorf("invalid access token type: expected azcore.AccessToken or *azcore.AccessToken, got %T", result)
+		}
+	case "RawToken":
+		switch v := result.(type) {
+		case string:
+			r.rawTokenVal = v
+		case *string:
+			if v == nil {
+				return nil, fmt.Errorf("raw token cannot be nil")
+			}
+			r.rawTokenVal = *v
+		default:
+			return nil, fmt.Errorf("invalid raw token type: expected string or *string, got %T", result)
+		}
+	default:
+		return nil, fmt.Errorf("unsupported identity provider response type: %s", resultType)
+	}
+
+	return r, nil
 }
 
+// Type returns the type of response this IDPResp represents
 func (a *IDPResp) Type() string {
-	return a.ResultType
+	return a.resultType
 }
 
+// AuthResult returns the AuthResult if present, or an empty AuthResult if not set
+// Use HasAuthResult() to check if the value is actually set
 func (a *IDPResp) AuthResult() public.AuthResult {
-	if a.AuthResultVal == nil {
+	if a.authResultVal == nil {
 		return public.AuthResult{}
 	}
-	return *a.AuthResultVal
+	return *a.authResultVal
+}
+
+// HasAuthResult returns true if an AuthResult is set
+func (a *IDPResp) HasAuthResult() bool {
+	return a.authResultVal != nil
 }
 
+// AccessToken returns the AccessToken if present, or an empty AccessToken if not set
+// Use HasAccessToken() to check if the value is actually set
 func (a *IDPResp) AccessToken() azcore.AccessToken {
-	if a.AccessTokenVal == nil {
+	if a.accessTokenVal == nil {
 		return azcore.AccessToken{}
 	}
-	return *a.AccessTokenVal
+	return *a.accessTokenVal
 }
 
+// HasAccessToken returns true if an AccessToken is set
+func (a *IDPResp) HasAccessToken() bool {
+	return a.accessTokenVal != nil
+}
+
+// RawToken returns the raw token string
 func (a *IDPResp) RawToken() string {
-	return a.RawTokenVal
+	return a.rawTokenVal
+}
+
+// HasRawToken returns true if a raw token is set
+func (a *IDPResp) HasRawToken() bool {
+	return a.rawTokenVal != ""
 }

internal/idp_response_test.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestIDPResp_Type(t *testing.T) {
@@ -29,7 +30,7 @@ func TestIDPResp_Type(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			resp := &IDPResp{
-				ResultType: tt.resultType,
+				resultType: tt.resultType,
 			}
 			if got := resp.Type(); got != tt.want {
 				t.Errorf("IDPResp.Type() = %v, want %v", got, tt.want)
@@ -68,7 +69,7 @@ func TestIDPResp_AuthResult(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			resp := &IDPResp{
-				AuthResultVal: tt.authResult,
+				authResultVal: tt.authResult,
 			}
 			got := resp.AuthResult()
 			if got.AccessToken != tt.wantToken {
@@ -111,7 +112,7 @@ func TestIDPResp_AccessToken(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			resp := &IDPResp{
-				AccessTokenVal: tt.accessToken,
+				accessTokenVal: tt.accessToken,
 			}
 			got := resp.AccessToken()
 			if got.Token != tt.wantToken {
@@ -145,11 +146,157 @@ func TestIDPResp_RawToken(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			resp := &IDPResp{
-				RawTokenVal: tt.rawToken,
+				rawTokenVal: tt.rawToken,
 			}
 			if got := resp.RawToken(); got != tt.want {
 				t.Errorf("IDPResp.RawToken() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
+
+func TestNewIDPResp(t *testing.T) {
+	tests := []struct {
+		name        string
+		resultType  string
+		result      interface{}
+		wantErr     bool
+		checkResult func(t *testing.T, resp *IDPResp)
+	}{
+		{
+			name:       "valid AuthResult pointer",
+			resultType: "AuthResult",
+			result: &public.AuthResult{
+				AccessToken: "test-token",
+			},
+			wantErr: false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasAuthResult())
+				assert.Equal(t, "test-token", resp.AuthResult().AccessToken)
+				assert.False(t, resp.HasAccessToken())
+				assert.False(t, resp.HasRawToken())
+			},
+		},
+		{
+			name:       "valid AuthResult value",
+			resultType: "AuthResult",
+			result: public.AuthResult{
+				AccessToken: "test-token",
+			},
+			wantErr: false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasAuthResult())
+				assert.Equal(t, "test-token", resp.AuthResult().AccessToken)
+			},
+		},
+		{
+			name:       "valid AccessToken pointer",
+			resultType: "AccessToken",
+			result: &azcore.AccessToken{
+				Token:     "test-token",
+				ExpiresOn: time.Now(),
+			},
+			wantErr: false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasAccessToken())
+				assert.Equal(t, "test-token", resp.AccessToken().Token)
+				assert.Equal(t, "test-token", resp.RawToken())
+			},
+		},
+		{
+			name:       "valid AccessToken value",
+			resultType: "AccessToken",
+			result: azcore.AccessToken{
+				Token:     "test-token",
+				ExpiresOn: time.Now(),
+			},
+			wantErr: false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasAccessToken())
+				assert.Equal(t, "test-token", resp.AccessToken().Token)
+				assert.Equal(t, "test-token", resp.RawToken())
+			},
+		},
+		{
+			name:       "valid RawToken string",
+			resultType: "RawToken",
+			result:     "test-token",
+			wantErr:    false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasRawToken())
+				assert.Equal(t, "test-token", resp.RawToken())
+				assert.False(t, resp.HasAuthResult())
+				assert.False(t, resp.HasAccessToken())
+			},
+		},
+		{
+			name:       "valid RawToken string pointer",
+			resultType: "RawToken",
+			result:     stringPtr("test-token"),
+			wantErr:    false,
+			checkResult: func(t *testing.T, resp *IDPResp) {
+				assert.True(t, resp.HasRawToken())
+				assert.Equal(t, "test-token", resp.RawToken())
+			},
+		},
+		{
+			name:       "nil result",
+			resultType: "AuthResult",
+			result:     nil,
+			wantErr:    true,
+		},
+		{
+			name:       "nil RawToken pointer",
+			resultType: "RawToken",
+			result:     (*string)(nil),
+			wantErr:    true,
+		},
+		{
+			name:       "invalid AuthResult type",
+			resultType: "AuthResult",
+			result:     "not-an-auth-result",
+			wantErr:    true,
+		},
+		{
+			name:       "invalid AccessToken type",
+			resultType: "AccessToken",
+			result:     "not-an-access-token",
+			wantErr:    true,
+		},
+		{
+			name:       "invalid RawToken type",
+			resultType: "RawToken",
+			result:     123,
+			wantErr:    true,
+		},
+		{
+			name:       "unsupported result type",
+			resultType: "InvalidType",
+			result:     "test",
+			wantErr:    true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := NewIDPResp(tt.resultType, tt.result)
+			if tt.wantErr {
+				assert.Error(t, err)
+				assert.Nil(t, got)
+				return
+			}
+
+			assert.NoError(t, err)
+			assert.NotNil(t, got)
+			assert.Equal(t, tt.resultType, got.Type())
+
+			if tt.checkResult != nil {
+				tt.checkResult(t, got)
+			}
+		})
+	}
+}
+
+func stringPtr(s string) *string {
+	return &s
+}

manager/defaults.go

@@ -118,9 +118,6 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response shared.Iden
 
 	case shared.ResponseTypeRawToken, shared.ResponseTypeAccessToken:
 		tokenStr := response.RawToken()
-		if tokenStr == "" {
-			return nil, fmt.Errorf("raw token is empty")
-		}
 
 		if response.Type() == shared.ResponseTypeAccessToken {
 			accessToken := response.AccessToken()
@@ -131,6 +128,10 @@ func (*defaultIdentityProviderResponseParser) ParseResponse(response shared.Iden
 			expiresOn = accessToken.ExpiresOn.UTC()
 		}
 
+		if tokenStr == "" {
+			return nil, fmt.Errorf("raw token is empty")
+		}
+
 		claims := struct {
 			jwt.RegisteredClaims
 			Oid string `json:"oid,omitempty"`

manager/manager_test.go

@@ -5,7 +5,8 @@ import (
 	"os"
 	"time"
 
-	"github.com/redis-developer/go-redis-entraid/internal"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 	"github.com/redis-developer/go-redis-entraid/shared"
 	"github.com/redis-developer/go-redis-entraid/token"
 	"github.com/stretchr/testify/mock"
@@ -145,4 +146,35 @@ func (m *mockTokenListener) OnTokenError(err error) {
 	_ = m.Called(err)
 }
 
-type authResult = internal.IDPResp
+type authResult struct {
+	// ResultType is the type of the auth result
+	ResultType string
+	// AuthResultVal is the auth result value
+	AuthResultVal *public.AuthResult
+	// AccessTokenVal is the access token value
+	AccessTokenVal *azcore.AccessToken
+	// RawTokenVal is the raw token value
+	RawTokenVal string
+}
+
+func (a *authResult) Type() string {
+	return a.ResultType
+}
+
+func (a *authResult) AuthResult() public.AuthResult {
+	if a.AuthResultVal == nil {
+		return public.AuthResult{}
+	}
+	return *a.AuthResultVal
+}
+
+func (a *authResult) AccessToken() azcore.AccessToken {
+	if a.AccessTokenVal == nil {
+		return azcore.AccessToken{}
+	}
+	return *a.AccessTokenVal
+}
+
+func (a *authResult) RawToken() string {
+	return a.RawTokenVal
+}