Merge pull request #114 from deploymenttheory/dev

Added testing for auth validation

Author: ShocOne

httpclient/httpclient_auth_bearer_token.go

@@ -14,19 +14,6 @@ import (
 	"go.uber.org/zap"
 )
 
-// // BearerTokenAuthCredentials represents the username and password for basic authentication.
-// type BearerTokenAuthCredentials struct {
-// 	Username string
-// 	Password string
-// }
-
-// // SetBearerTokenAuthCredentials sets the BearerTokenAuthCredentials (Username and Password)
-// // for the client instance. These credentials are used for obtaining and refreshing
-// // bearer tokens for authentication.
-// func (c *Client) SetBearerTokenAuthCredentials(credentials BearerTokenAuthCredentials) {
-// 	c.BearerTokenAuthCredentials = credentials
-// }
-
 // ObtainToken fetches and sets an authentication token using the stored basic authentication credentials.
 func (c *Client) ObtainToken(log logger.Logger) error {
 

httpclient/httpclient_auth_oauth.go

@@ -26,19 +26,6 @@ type OAuthResponse struct {
 	Error        string `json:"error,omitempty"`
 }
 
-// // OAuthCredentials contains the client ID and client secret required for OAuth authentication.
-// type OAuthCredentials struct {
-// 	ClientID     string
-// 	ClientSecret string
-// }
-
-// // SetOAuthCredentials sets the OAuth credentials (Client ID and Client Secret)
-// // for the client instance. These credentials are used for obtaining and refreshing
-// // OAuth tokens for authentication.
-// func (c *Client) SetOAuthCredentials(credentials OAuthCredentials) {
-// 	c.OAuthCredentials = credentials
-// }
-
 // ObtainOAuthToken fetches an OAuth access token using the provided OAuthCredentials (Client ID and Client Secret).
 // It updates the client's Token and Expiry fields with the obtained values.
 func (c *Client) ObtainOAuthToken(credentials AuthConfig) error {

httpclient/httpclient_auth_validation.go

@@ -1,3 +1,4 @@
+// httpclient_auth_validation.go
 package httpclient
 
 import (

httpclient/httpclient_auth_validation_test.go

@@ -0,0 +1,123 @@
+// httpclient_auth_validation_test.go
+package httpclient
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// TestIsValidClientID tests the IsValidClientID function with various client ID inputs.
+// It verifies that valid UUIDs are correctly identified as such, and invalid formats
+// are appropriately flagged with an error message. Additionally, it checks that empty
+// client IDs are considered valid according to the updated logic.
+func TestIsValidClientID(t *testing.T) {
+	tests := []struct {
+		clientID    string
+		expected    bool
+		expectedMsg string
+	}{
+		{"123e4567-e89b-12d3-a456-426614174000", true, ""},
+		{"invalid-uuid", false, "Client ID is not a valid UUID format."},
+		{"", true, ""}, // Empty client ID should be considered valid as per your updated logic
+	}
+
+	for _, tt := range tests {
+		valid, msg := IsValidClientID(tt.clientID)
+		assert.Equal(t, tt.expected, valid)
+		assert.Equal(t, tt.expectedMsg, msg)
+	}
+}
+
+// TestIsValidClientSecret tests the IsValidClientSecret function with various client secret inputs.
+// It ensures that client secrets that meet the minimum length requirement and contain the necessary
+// character types are validated correctly. It also checks that short or invalid client secrets are
+// flagged appropriately, and that empty client secrets are considered valid as per the updated logic.
+func TestIsValidClientSecret(t *testing.T) {
+	tests := []struct {
+		clientSecret string
+		expected     bool
+		expectedMsg  string
+	}{
+		{"ValidSecret123!", true, ""},
+		{"short", false, "Client secret must be at least 16 characters long."},
+		{"", true, ""}, // Empty client secret should be considered valid as per your updated logic
+	}
+
+	for _, tt := range tests {
+		valid, msg := IsValidClientSecret(tt.clientSecret)
+		assert.Equal(t, tt.expected, valid)
+		assert.Equal(t, tt.expectedMsg, msg)
+	}
+}
+
+// TestIsValidUsername tests the IsValidUsername function with various username inputs.
+// This function verifies that usernames consisting of alphanumeric characters and password safe
+// special characters are considered valid. It also checks that usernames with unsafe characters
+// are correctly identified as invalid.
+func TestIsValidUsername(t *testing.T) {
+	tests := []struct {
+		username    string
+		expected    bool
+		expectedMsg string
+	}{
+		{"user123", true, ""},
+		{"user!@#", true, ""},
+		{"<script>", false, "Username must contain only alphanumeric characters and password safe special characters (!@#$%^&*()_-+=[{]}\\|;:'\",<.>/?)."},
+	}
+
+	for _, tt := range tests {
+		valid, msg := IsValidUsername(tt.username)
+		assert.Equal(t, tt.expected, valid)
+		assert.Equal(t, tt.expectedMsg, msg)
+	}
+}
+
+// TestIsValidPassword tests the IsValidPassword function with various password inputs.
+// It ensures that passwords meeting the minimum length requirement are validated correctly,
+// and that short passwords are appropriately flagged as invalid.
+func TestIsValidPassword(t *testing.T) {
+	tests := []struct {
+		password    string
+		expected    bool
+		expectedMsg string
+	}{
+		{"Password1", true, ""},
+		{"short", false, "Password must be at least 8 characters long."},
+	}
+
+	for _, tt := range tests {
+		valid, msg := IsValidPassword(tt.password)
+		assert.Equal(t, tt.expected, valid)
+		assert.Equal(t, tt.expectedMsg, msg)
+	}
+}
+
+// TestDetermineAuthMethod tests the DetermineAuthMethod function with various authentication configurations.
+// It checks that the function correctly identifies the authentication method to be used based on the provided
+// credentials. Scenarios include valid OAuth credentials, valid bearer token credentials, and various combinations
+// of invalid or missing credentials. The function should return "oauth" for valid OAuth credentials, "bearer" for
+// valid bearer token credentials, and "unknown" with an error message for invalid or incomplete credentials.
+func TestDetermineAuthMethod(t *testing.T) {
+	tests := []struct {
+		authConfig  AuthConfig
+		expected    string
+		expectedErr error
+	}{
+		{AuthConfig{ClientID: "123e4567-e89b-12d3-a456-426614174000", ClientSecret: "ValidSecret123!"}, "oauth", nil},
+		{AuthConfig{Username: "user123", Password: "Password1"}, "bearer", nil},
+		{AuthConfig{ClientID: "invalid-uuid", ClientSecret: "ValidSecret123!"}, "unknown", errors.New("No valid credentials provided. Client ID is not a valid UUID format.")},
+		{AuthConfig{}, "unknown", errors.New("No valid credentials provided.")}, // No credentials provided
+	}
+
+	for _, tt := range tests {
+		method, err := DetermineAuthMethod(tt.authConfig)
+		assert.Equal(t, tt.expected, method)
+		if tt.expectedErr != nil {
+			assert.EqualError(t, err, tt.expectedErr.Error())
+		} else {
+			assert.NoError(t, err)
+		}
+	}
+}

httpclient/httpclient_client.go

@@ -24,15 +24,13 @@ type Client struct {
 	AuthMethod         string     // Specifies the authentication method: "bearer" or "oauth"
 	Token              string     // Authentication Token
 	OverrideBaseDomain string     // Base domain override used when the default in the api handler isn't suitable
-	//OAuthCredentials           OAuthCredentials           // ClientID / Client Secret
-	//BearerTokenAuthCredentials BearerTokenAuthCredentials // Username and Password for Basic Authentication
-	Expiry         time.Time // Expiry time set for the auth token
-	httpClient     *http.Client
-	tokenLock      sync.Mutex
-	clientConfig   ClientConfig
-	Logger         logger.Logger
-	ConcurrencyMgr *ConcurrencyManager
-	PerfMetrics    PerformanceMetrics
+	Expiry             time.Time  // Expiry time set for the auth token
+	httpClient         *http.Client
+	tokenLock          sync.Mutex
+	clientConfig       ClientConfig
+	Logger             logger.Logger
+	ConcurrencyMgr     *ConcurrencyManager
+	PerfMetrics        PerformanceMetrics
 }
 
 // Config holds configuration options for the HTTP Client.