add tests

Author: scottmckendry

internal/controller/user_controller_test.go

@@ -11,14 +11,15 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
 	"github.com/steveiliop56/tinyauth/internal/bootstrap"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/repository"
 	"github.com/steveiliop56/tinyauth/internal/service"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func TestUserController(t *testing.T) {
@@ -353,3 +354,150 @@ func TestUserController(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
+
+func TestUserControllerAttributes(t *testing.T) {
+	tlog.NewTestLogger().Init()
+	tempDir := t.TempDir()
+
+	authServiceCfg := service.AuthServiceConfig{
+		Users: []config.User{
+			{
+				Username: "attruser",
+				Password: "$2a$10$ZwVYQH07JX2zq7Fjkt3gU.BjwvvwPeli4OqOno04RQIv0P7usBrXa", // password
+				Attributes: config.UserAttributes{
+					Name:  "Alice Smith",
+					Email: "alice@example.com",
+				},
+			},
+			{
+				Username:   "attrtotpuser",
+				Password:   "$2a$10$ZwVYQH07JX2zq7Fjkt3gU.BjwvvwPeli4OqOno04RQIv0P7usBrXa", // password
+				TotpSecret: "JPIEBDKJH6UGWJMX66RR3S55UFP2SGKK",
+				Attributes: config.UserAttributes{
+					Name:  "Bob Jones",
+					Email: "bob@example.com",
+				},
+			},
+		},
+		SessionExpiry:     10,
+		CookieDomain:      "example.com",
+		LoginTimeout:      10,
+		LoginMaxRetries:   3,
+		SessionCookieName: "tinyauth-session",
+	}
+
+	userControllerCfg := controller.UserControllerConfig{
+		CookieDomain: "example.com",
+	}
+
+	app := bootstrap.NewBootstrapApp(config.Config{})
+	db, err := app.SetupDatabase(path.Join(tempDir, "tinyauth_attrs.db"))
+	require.NoError(t, err)
+
+	queries := repository.New(db)
+
+	docker := service.NewDockerService()
+	err = docker.Init()
+	require.NoError(t, err)
+
+	ldap := service.NewLdapService(service.LdapServiceConfig{})
+	err = ldap.Init()
+	require.NoError(t, err)
+
+	broker := service.NewOAuthBrokerService(make(map[string]config.OAuthServiceConfig))
+	err = broker.Init()
+	require.NoError(t, err)
+
+	authService := service.NewAuthService(authServiceCfg, docker, ldap, queries, broker)
+	err = authService.Init()
+	require.NoError(t, err)
+
+	makeRouter := func(extraMiddlewares ...gin.HandlerFunc) *gin.Engine {
+		router := gin.Default()
+		for _, m := range extraMiddlewares {
+			router.Use(m)
+		}
+		gin.SetMode(gin.TestMode)
+		group := router.Group("/api")
+		ctrl := controller.NewUserController(userControllerCfg, group, authService)
+		ctrl.SetupRoutes()
+		return router
+	}
+
+	t.Run("Login uses name and email from user attributes", func(t *testing.T) {
+		authService.ClearRateLimitsTestingOnly()
+		router := makeRouter()
+
+		loginReq := controller.LoginRequest{Username: "attruser", Password: "password"}
+		body, err := json.Marshal(loginReq)
+		require.NoError(t, err)
+
+		req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(body)))
+		req.Header.Set("Content-Type", "application/json")
+		rec := httptest.NewRecorder()
+		router.ServeHTTP(rec, req)
+
+		require.Equal(t, 200, rec.Code)
+		cookies := rec.Result().Cookies()
+		require.Len(t, cookies, 1)
+		assert.Equal(t, "tinyauth-session", cookies[0].Name)
+	})
+
+	t.Run("Login with TOTP uses name and email from user attributes in pending session", func(t *testing.T) {
+		authService.ClearRateLimitsTestingOnly()
+		router := makeRouter()
+
+		loginReq := controller.LoginRequest{Username: "attrtotpuser", Password: "password"}
+		body, err := json.Marshal(loginReq)
+		require.NoError(t, err)
+
+		req := httptest.NewRequest("POST", "/api/user/login", strings.NewReader(string(body)))
+		req.Header.Set("Content-Type", "application/json")
+		rec := httptest.NewRecorder()
+		router.ServeHTTP(rec, req)
+
+		require.Equal(t, 200, rec.Code)
+		var res map[string]any
+		require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &res))
+		assert.Equal(t, true, res["totpPending"])
+		require.Len(t, rec.Result().Cookies(), 1)
+	})
+
+	t.Run("TOTP completion uses name and email from user attributes", func(t *testing.T) {
+		authService.ClearRateLimitsTestingOnly()
+
+		// First: login to get TOTP-pending session
+		router := makeRouter(func(c *gin.Context) {
+			c.Set("context", &config.UserContext{
+				Username:    "attrtotpuser",
+				Name:        "Bob Jones",
+				Email:       "bob@example.com",
+				Provider:    "local",
+				TotpPending: true,
+				TotpEnabled: true,
+			})
+		})
+
+		code, err := totp.GenerateCode("JPIEBDKJH6UGWJMX66RR3S55UFP2SGKK", time.Now())
+		require.NoError(t, err)
+
+		totpReq := controller.TotpRequest{Code: code}
+		body, err := json.Marshal(totpReq)
+		require.NoError(t, err)
+
+		req := httptest.NewRequest("POST", "/api/user/totp", strings.NewReader(string(body)))
+		req.Header.Set("Content-Type", "application/json")
+		rec := httptest.NewRecorder()
+		router.ServeHTTP(rec, req)
+
+		require.Equal(t, 200, rec.Code)
+		cookies := rec.Result().Cookies()
+		require.Len(t, cookies, 1)
+		assert.Equal(t, "tinyauth-session", cookies[0].Name)
+	})
+
+	t.Cleanup(func() {
+		err = db.Close()
+		require.NoError(t, err)
+	})
+}

internal/service/oidc_service_test.go

@@ -0,0 +1,194 @@
+package service_test
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/steveiliop56/tinyauth/internal/config"
+	"github.com/steveiliop56/tinyauth/internal/repository"
+	"github.com/steveiliop56/tinyauth/internal/service"
+)
+
+func newTestUser() repository.OidcUserinfo {
+	addr := config.AddressClaim{
+		Formatted:     "123 Main St",
+		StreetAddress: "123 Main St",
+		Locality:      "Springfield",
+		Region:        "IL",
+		PostalCode:    "62701",
+		Country:       "US",
+	}
+	addrJSON, _ := json.Marshal(addr)
+
+	return repository.OidcUserinfo{
+		Sub:                 "test-sub",
+		Name:                "Test User",
+		PreferredUsername:   "testuser",
+		Email:               "test@example.com",
+		Groups:              "admins,users",
+		UpdatedAt:           1234567890,
+		GivenName:           "Test",
+		FamilyName:          "User",
+		MiddleName:          "M",
+		Nickname:            "testy",
+		Profile:             "https://example.com/testuser",
+		Picture:             "https://example.com/testuser.jpg",
+		Website:             "https://testuser.example.com",
+		Gender:              "male",
+		Birthdate:           "1990-01-01",
+		Zoneinfo:            "America/Chicago",
+		Locale:              "en-US",
+		PhoneNumber:         "+15555550100",
+		PhoneNumberVerified: true,
+		Address:             string(addrJSON),
+	}
+}
+
+func newOIDCService(t *testing.T) *service.OIDCService {
+	t.Helper()
+	dir := t.TempDir()
+	svc := service.NewOIDCService(service.OIDCServiceConfig{
+		PrivateKeyPath: dir + "/key.pem",
+		PublicKeyPath:  dir + "/key.pub",
+		Issuer:         "https://tinyauth.example.com",
+		SessionExpiry:  3600,
+	}, nil)
+	require.NoError(t, svc.Init())
+	return svc
+}
+
+func TestCompileUserinfo_OpenidOnly(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid")
+
+	assert.Equal(t, "test-sub", info.Sub)
+	assert.Equal(t, int64(1234567890), info.UpdatedAt)
+	// profile fields not requested
+	assert.Empty(t, info.Name)
+	assert.Empty(t, info.Email)
+	assert.Nil(t, info.Groups)
+	assert.Nil(t, info.PhoneNumberVerified)
+	assert.Nil(t, info.Address)
+}
+
+func TestCompileUserinfo_ProfileScope(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,profile")
+
+	assert.Equal(t, "Test User", info.Name)
+	assert.Equal(t, "testuser", info.PreferredUsername)
+	assert.Equal(t, "Test", info.GivenName)
+	assert.Equal(t, "User", info.FamilyName)
+	assert.Equal(t, "M", info.MiddleName)
+	assert.Equal(t, "testy", info.Nickname)
+	assert.Equal(t, "https://example.com/testuser", info.Profile)
+	assert.Equal(t, "https://example.com/testuser.jpg", info.Picture)
+	assert.Equal(t, "https://testuser.example.com", info.Website)
+	assert.Equal(t, "male", info.Gender)
+	assert.Equal(t, "1990-01-01", info.Birthdate)
+	assert.Equal(t, "America/Chicago", info.Zoneinfo)
+	assert.Equal(t, "en-US", info.Locale)
+	// non-profile fields still absent
+	assert.Empty(t, info.Email)
+}
+
+func TestCompileUserinfo_EmailScope(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,email")
+
+	assert.Equal(t, "test@example.com", info.Email)
+	assert.True(t, info.EmailVerified)
+	assert.Empty(t, info.Name) // profile not requested
+}
+
+func TestCompileUserinfo_PhoneScope(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,phone")
+
+	assert.Equal(t, "+15555550100", info.PhoneNumber)
+	require.NotNil(t, info.PhoneNumberVerified)
+	assert.True(t, *info.PhoneNumberVerified)
+}
+
+func TestCompileUserinfo_PhoneScope_Unverified(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+	user.PhoneNumberVerified = false
+
+	info := svc.CompileUserinfo(user, "openid,phone")
+
+	require.NotNil(t, info.PhoneNumberVerified)
+	assert.False(t, *info.PhoneNumberVerified)
+}
+
+func TestCompileUserinfo_AddressScope(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,address")
+
+	require.NotNil(t, info.Address)
+	assert.Equal(t, "123 Main St", info.Address.Formatted)
+	assert.Equal(t, "123 Main St", info.Address.StreetAddress)
+	assert.Equal(t, "Springfield", info.Address.Locality)
+	assert.Equal(t, "IL", info.Address.Region)
+	assert.Equal(t, "62701", info.Address.PostalCode)
+	assert.Equal(t, "US", info.Address.Country)
+}
+
+func TestCompileUserinfo_AddressScope_InvalidJSON(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+	user.Address = "not-valid-json"
+
+	info := svc.CompileUserinfo(user, "openid,address")
+
+	// invalid JSON silently skipped, address omitted
+	assert.Nil(t, info.Address)
+}
+
+func TestCompileUserinfo_GroupsScope(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,groups")
+
+	assert.Equal(t, []string{"admins", "users"}, info.Groups)
+}
+
+func TestCompileUserinfo_GroupsScope_Empty(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+	user.Groups = ""
+
+	info := svc.CompileUserinfo(user, "openid,groups")
+
+	assert.Equal(t, []string{}, info.Groups)
+}
+
+func TestCompileUserinfo_AllScopes(t *testing.T) {
+	svc := newOIDCService(t)
+	user := newTestUser()
+
+	info := svc.CompileUserinfo(user, "openid,profile,email,phone,address,groups")
+
+	assert.Equal(t, "Test User", info.Name)
+	assert.Equal(t, "test@example.com", info.Email)
+	assert.Equal(t, "+15555550100", info.PhoneNumber)
+	require.NotNil(t, info.PhoneNumberVerified)
+	assert.True(t, *info.PhoneNumberVerified)
+	require.NotNil(t, info.Address)
+	assert.Equal(t, "Springfield", info.Address.Locality)
+	assert.Equal(t, []string{"admins", "users"}, info.Groups)
+}