| 132 | } |
| 133 | |
| 134 | func TestValidateRequestHandlerWithGroupClaims(t *testing.T) { |
| 135 | setUp("/config/testing/handler_claims.yml") |
| 136 | |
| 137 | customClaims := structs.CustomClaims{ |
| 138 | Claims: map[string]interface{}{ |
| 139 | "sub": "f:a95afe53-60ba-4ac6-af15-fab870e72f3d:mrtester", |
| 140 | "groups": []string{ |
| 141 | "Website Users", |
| 142 | "Test Group", |
| 143 | }, |
| 144 | "given_name": "Mister", |
| 145 | "family_name": "Tester", |
| 146 | "email": "mrtester@test.int", |
| 147 | "boolean_claim": true, |
| 148 | // Auth0 custom claim are URLs |
| 149 | // https://auth0.com/docs/tokens/guides/create-namespaced-custom-claims |
| 150 | "http://www.example.com/favorite_color": "blue", |
| 151 | }, |
| 152 | } |
| 153 | |
| 154 | groupHeader := "X-Vouch-IdP-Claims-Groups" |
| 155 | booleanHeader := "X-Vouch-IdP-Claims-Boolean-Claim" |
| 156 | familyNameHeader := "X-Vouch-IdP-Claims-Family-Name" |
| 157 | favoriteColorHeader := "X-Vouch-IdP-Claims-Www-Example-Com-Favorite-Color" |
| 158 | |
| 159 | tokens := structs.PTokens{} |
| 160 | |
| 161 | user := &structs.User{Username: "testuser", Email: "test@example.com", Name: "Test Name"} |
| 162 | vpjwt, err := jwtmanager.NewVPJWT(*user, customClaims, tokens) |
| 163 | assert.NoError(t, err) |
| 164 | |
| 165 | req, err := http.NewRequest("GET", "/validate", nil) |
| 166 | if err != nil { |
| 167 | t.Fatal(err) |
| 168 | } |
| 169 | |
| 170 | req.AddCookie(&http.Cookie{ |
| 171 | // Name: cfg.Cfg.Cookie.Name + "_1of1", |
| 172 | Name: cfg.Cfg.Cookie.Name, |
| 173 | Value: vpjwt, |
| 174 | Expires: time.Now().Add(1 * time.Hour), |
| 175 | }) |
| 176 | |
| 177 | rr := httptest.NewRecorder() |
| 178 | |
| 179 | handler := http.HandlerFunc(ValidateRequestHandler) |
| 180 | handler.ServeHTTP(rr, req) |
| 181 | |
| 182 | if status := rr.Code; status != http.StatusOK { |
| 183 | t.Errorf("handler returned wrong status code: got %v want %v", |
| 184 | status, http.StatusOK) |
| 185 | } |
| 186 | |
| 187 | // Check that the custom claim headers are what we expected |
| 188 | customClaimHeaders := map[string][]string{ |
| 189 | strings.ToLower(groupHeader): {}, |
| 190 | strings.ToLower(booleanHeader): {}, |
| 191 | strings.ToLower(familyNameHeader): {}, |