2023-03-18 17:51:20 +00:00
|
|
|
package application
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
"goauthentik.io/api/v3"
|
|
|
|
|
"goauthentik.io/internal/config"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestEndpointDefault(t *testing.T) {
|
|
|
|
|
pc := api.ProxyOutpostConfig{
|
2023-04-01 16:10:52 +00:00
|
|
|
OidcConfiguration: api.OpenIDConnectConfiguration{
|
2023-03-18 17:51:20 +00:00
|
|
|
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
|
|
|
|
|
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
|
|
|
|
|
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
|
|
|
|
|
Issuer: "https://test.goauthentik.io/application/o/test-app/",
|
|
|
|
|
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
|
|
|
|
|
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", false)
|
|
|
|
|
// Standard outpost, non embedded
|
|
|
|
|
// All URLs should use the host that they get from the config
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/authorize/", ep.AuthURL)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/", ep.Issuer)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestEndpointAuthentikHostBrowser(t *testing.T) {
|
|
|
|
|
c := config.Get()
|
|
|
|
|
c.AuthentikHostBrowser = "https://browser.test.goauthentik.io"
|
|
|
|
|
defer func() {
|
|
|
|
|
c.AuthentikHostBrowser = ""
|
|
|
|
|
}()
|
|
|
|
|
pc := api.ProxyOutpostConfig{
|
2023-04-01 16:10:52 +00:00
|
|
|
OidcConfiguration: api.OpenIDConnectConfiguration{
|
2023-03-18 17:51:20 +00:00
|
|
|
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
|
|
|
|
|
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
|
|
|
|
|
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
|
|
|
|
|
Issuer: "https://test.goauthentik.io/application/o/test-app/",
|
|
|
|
|
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
|
|
|
|
|
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
|
|
|
|
|
UserinfoEndpoint: "https://test.goauthentik.io/application/o/userinfo/",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", false)
|
|
|
|
|
// Standard outpost, with AUTHENTIK_HOST_BROWSER set
|
|
|
|
|
// Only the authorize/end session URLs should be changed
|
|
|
|
|
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/authorize/", ep.AuthURL)
|
|
|
|
|
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/", ep.Issuer)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestEndpointEmbedded(t *testing.T) {
|
|
|
|
|
pc := api.ProxyOutpostConfig{
|
2023-04-01 16:10:52 +00:00
|
|
|
OidcConfiguration: api.OpenIDConnectConfiguration{
|
2023-03-18 17:51:20 +00:00
|
|
|
AuthorizationEndpoint: "https://test.goauthentik.io/application/o/authorize/",
|
|
|
|
|
EndSessionEndpoint: "https://test.goauthentik.io/application/o/test-app/end-session/",
|
|
|
|
|
IntrospectionEndpoint: "https://test.goauthentik.io/application/o/introspect/",
|
|
|
|
|
Issuer: "https://test.goauthentik.io/application/o/test-app/",
|
|
|
|
|
JwksUri: "https://test.goauthentik.io/application/o/test-app/jwks/",
|
|
|
|
|
TokenEndpoint: "https://test.goauthentik.io/application/o/token/",
|
|
|
|
|
UserinfoEndpoint: "https://test.goauthentik.io/application/o/userinfo/",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ep := GetOIDCEndpoint(pc, "https://authentik-host.test.goauthentik.io", true)
|
|
|
|
|
// Embedded outpost
|
|
|
|
|
// Browser URLs should use the config of "authentik_host", everything else can use what's
|
|
|
|
|
// received from the API endpoint
|
|
|
|
|
// Token URL is an exception since it's sent via a special HTTP transport that overrides the
|
|
|
|
|
// HTTP Host header, to make sure it's the same value as the issuer
|
|
|
|
|
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/authorize/", ep.AuthURL)
|
|
|
|
|
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/", ep.Issuer)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
|
2023-08-27 22:52:01 +00:00
|
|
|
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
|
2023-03-18 17:51:20 +00:00
|
|
|
assert.Equal(t, "https://authentik-host.test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
|
|
|
|
|
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
|
|
|
|
|
}
|
