github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-02-14 17:49:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
466d0132e9f57b984bf6e5a1cd0d6b00f675b882
wonderwall/pkg/openid/client/logout_test.go
Trong Huu Nguyen 466d0132e9 feat(openid): support logout_hint for RP-initiated logouts
2026-01-16 09:18:30 +01:00

121 lines
3.1 KiB
Go
Raw Blame History

package client_test
import (
"net/url"
"testing"
"github.com/stretchr/testify/assert"
"github.com/nais/wonderwall/pkg/mock"
"github.com/nais/wonderwall/pkg/openid/client"
)
const (
LogoutCallbackURI = mock.Ingress + "/oauth2/logout/callback"
PostLogoutRedirectURI = "http://some-other-url"
EndSessionEndpoint = "http://provider/endsession"
)
func TestLogout_SingleLogoutURL(t *testing.T) {
t.Run("with id_token", func(t *testing.T) {
logout := newLogout(t)
idToken := "some-id-token"
state := logout.Cookie.State
raw := logout.SingleLogoutURL(idToken)
assert.NotEmpty(t, raw)
logoutUrl, err := url.Parse(raw)
assert.NoError(t, err)
query := logoutUrl.Query()
assert.Len(t, query, 3)
assert.Contains(t, query, "id_token_hint")
assert.Equal(t, idToken, query.Get("id_token_hint"))
assert.Contains(t, query, "post_logout_redirect_uri")
assert.Equal(t, LogoutCallbackURI, query.Get("post_logout_redirect_uri"))
assert.Contains(t, query, "state")
assert.Equal(t, state, query.Get("state"))
logoutUrl.RawQuery = ""
assert.Equal(t, EndSessionEndpoint, logoutUrl.String())
})
t.Run("without id_token", func(t *testing.T) {
logout := newLogout(t)
idToken := ""
state := logout.Cookie.State
raw := logout.SingleLogoutURL(idToken)
assert.NotEmpty(t, raw)
logoutUrl, err := url.Parse(raw)
assert.NoError(t, err)
query := logoutUrl.Query()
assert.Len(t, query, 2)
assert.NotContains(t, query, "id_token_hint")
assert.Equal(t, idToken, query.Get("id_token_hint"))
assert.Contains(t, query, "post_logout_redirect_uri")
assert.Equal(t, LogoutCallbackURI, query.Get("post_logout_redirect_uri"))
assert.Contains(t, query, "state")
assert.Equal(t, state, query.Get("state"))
logoutUrl.RawQuery = ""
assert.Equal(t, EndSessionEndpoint, logoutUrl.String())
})
t.Run("with logout_hint claim", func(t *testing.T) {
logout := newLogout(t)
logout.LogoutHint = "some-logout-hint"
idToken := ""
state := logout.Cookie.State
raw := logout.SingleLogoutURL(idToken)
assert.NotEmpty(t, raw)
logoutUrl, err := url.Parse(raw)
assert.NoError(t, err)
query := logoutUrl.Query()
assert.Len(t, query, 3)
assert.Contains(t, query, "logout_hint")
assert.Equal(t, logout.LogoutHint, query.Get("logout_hint"))
assert.NotContains(t, query, "id_token_hint")
assert.Equal(t, idToken, query.Get("id_token_hint"))
assert.Contains(t, query, "post_logout_redirect_uri")
assert.Equal(t, LogoutCallbackURI, query.Get("post_logout_redirect_uri"))
assert.Contains(t, query, "state")
assert.Equal(t, state, query.Get("state"))
logoutUrl.RawQuery = ""
assert.Equal(t, EndSessionEndpoint, logoutUrl.String())
})
}
func newLogout(t *testing.T) *client.Logout {
cfg := mock.Config()
openidCfg := mock.NewTestConfiguration(cfg)
openidCfg.TestClient.SetPostLogoutRedirectURI(PostLogoutRedirectURI)
openidCfg.TestProvider.SetEndSessionEndpoint(EndSessionEndpoint)
ingresses := mock.Ingresses(cfg)
req := mock.NewGetRequest(mock.Ingress+"/oauth2/logout", ingresses)
logout, err := newTestClientWithConfig(openidCfg).Logout(req)
assert.NoError(t, err)
return logout
}
Reference in New Issue View Git Blame Copy Permalink