test: add test case to test AuthChainOptions our main API

szuecs · szuecs · commit 2042ddd18874 · 2025-11-11T13:19:55.000+01:00
doc: a bit of godoc

Signed-off-by: Sandor Szücs &lt;sandor.szuecs@zalando.de&gt;
diff --git a/ginoauth2.go b/ginoauth2.go
@@ -274,7 +274,7 @@ func Auth(accessCheckFunction AccessCheckFunction, endpoints oauth2.Endpoint) gi
 //	     }
 //	     var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}}
 //	     router := gin.Default()
-//		    private := router.Group("")
+//	     private := router.Group("")
 //	     checkChain := []AccessCheckFunction{
 //	         ginoauth2.UidCheck,
 //	         ginoauth2.GroupCheck,
@@ -287,6 +287,7 @@ func AuthChain(endpoint oauth2.Endpoint, accessCheckFunctions ...AccessCheckFunc
 	return AuthChainOptions(Options{Endpoint: endpoint}, accessCheckFunctions...)
 }
 
+// AuthChainOptions
 func AuthChainOptions(o Options, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc {
 	// init
 	AuthInfoURL = o.Endpoint.TokenURL
diff --git a/ginoauth2_test.go b/ginoauth2_test.go
@@ -0,0 +1,90 @@
+package ginoauth2_test
+
+import (
+	"fmt"
+	"io"
+	"maps"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/sirupsen/logrus"
+	ginoauth2 "github.com/zalando/gin-oauth2"
+	"github.com/zalando/gin-oauth2/zalando"
+	"golang.org/x/oauth2"
+)
+
+func TestAuthChainOptions(t *testing.T) {
+	tokenserver := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		io.Copy(os.Stderr, r.Body)
+		t.Logf("tokenserver")
+		println("tokenserver")
+		w.WriteHeader(200)
+		w.Write([]byte("token-server"))
+	}))
+	defer tokenserver.Close()
+	authserver := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		io.Copy(os.Stderr, r.Body)
+		t.Logf("authserver")
+		println("authserver")
+		w.WriteHeader(200)
+		w.Write([]byte("auth-server"))
+	}))
+	defer authserver.Close()
+
+	scopeStrings := []string{"uid"}
+	checkName := "foo"
+	endpoint := oauth2.Endpoint{
+		AuthURL:  authserver.URL,
+		TokenURL: tokenserver.URL,
+	}
+
+	ginoauth2.Auth(zalando.ScopeAndCheck(checkName, scopeStrings...), endpoint)
+	ginoauth2.AuthChain(endpoint, zalando.ScopeAndCheck(checkName, scopeStrings...))
+	ginoauth2.AuthChainOptions(ginoauth2.Options{Endpoint: endpoint}, zalando.ScopeAndCheck(checkName, scopeStrings...))
+
+	logger := logrus.New()
+	logger.SetLevel(logrus.DebugLevel)
+	authConfig := ginoauth2.AuthChainOptions(ginoauth2.Options{
+		Endpoint:            endpoint,
+		AccessTokenInHeader: true,
+		Log:                 logger,
+	}, zalando.ScopeAndCheck(checkName, scopeStrings...))
+
+	router := gin.New()
+	router.Use(authConfig)
+	router.GET("/", func(c *gin.Context) {
+		if v, ok := c.Get("cn"); ok {
+			c.JSON(200, gin.H{"message": fmt.Sprintf("Hello from private for users to %s", v)})
+		} else {
+			c.JSON(200, gin.H{"message": "Hello from private for users without cn"})
+		}
+	})
+
+	w := PerformRequest(router, "GET", "/", http.Header{})
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("Failed to get status 401, got: %d", w.Code)
+	}
+
+	w = PerformRequest(router, "GET", "/", http.Header{"Authorization": []string{"foo"}})
+	if w.Code != http.StatusUnauthorized {
+		t.Fatalf("Failed to get status 401, got: %d", w.Code)
+	}
+
+	token := "eyJraWQiOiJwbGF0Zm9ybS1pYW0tc2FuZGJveC0yIiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiIxZmFjYzkyMC0xZmIzLTQwYjAtOTg4Yi0yNDhhMTE5Zjg1MmEiLCJodHRwczovL2lkZW50aXR5LnphbGFuZG8uY29tL3JlYWxtIjoidXNlcnMiLCJodHRwczovL2lkZW50aXR5LnphbGFuZG8uY29tL3Rva2VuIjoiQmVhcmVyIiwiaHR0cHM6Ly9pZGVudGl0eS56YWxhbmRvLmNvbS9tYW5hZ2VkLWlkIjoic3N6dWVjcyIsImF6cCI6Inp0b2tlbiIsImh0dHBzOi8vaWRlbnRpdHkuemFsYW5kby5jb20vYnAiOiI4MTBkMWQwMC00MzEyLTQzZTUtYmQzMS1kODM3M2ZkZDI0YzciLCJhdXRoX3RpbWUiOjE3NjE4NTQ3NzMsImlzcyI6Imh0dHBzOi8vc2FuZGJveC5pZGVudGl0eS56YWxhbmRvLmNvbSIsImV4cCI6MTc2MTg2OTE3MywiaWF0IjoxNzYxODU0NzYzfQ.aw4iaFQyHVM4EfiaoSJY9ugrCQwLAiqK_oobQn-8x6lnS2PLGY75jURz5P6Kk6sQaM6zf70GpEGIuFrEhl9HOw"
+	w = PerformRequest(router, "GET", "/", http.Header{"Authorization": []string{"Bearer", token}})
+	if w.Code != http.StatusOK {
+		t.Fatalf("Failed to get status 200, got: %d", w.Code)
+	}
+
+}
+
+func PerformRequest(r http.Handler, method, path string, header http.Header) *httptest.ResponseRecorder {
+	req := httptest.NewRequest(method, path, nil)
+	maps.Copy(req.Header, header)
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+	return w
+}
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/gin-gonic/gin v1.11.0
 	github.com/golang/glog v1.2.5
 	github.com/google/go-github v17.0.0+incompatible
+	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.11.1
 	github.com/szuecs/gin-glog v1.1.1
 	golang.org/x/oauth2 v0.32.0
diff --git a/go.sum b/go.sum
@@ -95,10 +95,13 @@ github.com/quic-go/quic-go v0.54.0 h1:6s1YB9QotYI6Ospeiguknbp2Znb/jZYjZLRXn9kMQB
 github.com/quic-go/quic-go v0.54.0/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
@@ -138,6 +141,7 @@ golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
 golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
