Change: Refactor KeycloakJWTClient

greenMika · greenMika · commit fcfe40254dc1 · 2024-05-30T15:35:36.000+02:00
diff --git a/client/keycloakJWTClient.go b/client/keycloakJWTClient.go
@@ -1,4 +1,4 @@
-package auth
+package client
 
 import (
 	"context"
@@ -26,16 +26,17 @@ func NewKeycloakJWTCacheInMemory(keycloakJWTClient ITokenReceiver) *KeycloakJWTC
 	}
 }
 
-func (k *KeycloakJWTCacheInMemory) isTokenValid() bool {
-	if k.cachedToken == nil {
+func isTokenValid(token *gocloak.JWT) bool {
+	if token == nil {
 		return false
 	}
 
 	parser := jwt.NewParser()
 	claims := &jwt.MapClaims{}
 
-	_, _, err := parser.ParseUnverified(k.cachedToken.AccessToken, claims)
+	_, _, err := parser.ParseUnverified(token.AccessToken, claims)
 	if err != nil {
+		log.Error().Msgf("couldn't parse JWT access token: %v", err)
 		return false
 	}
 
@@ -49,7 +50,7 @@ func (k *KeycloakJWTCacheInMemory) isTokenValid() bool {
 }
 
 func (k *KeycloakJWTCacheInMemory) getToken() (*gocloak.JWT, error) {
-	if k.cachedToken == nil || !k.isTokenValid() {
+	if k.cachedToken == nil || !isTokenValid(k.cachedToken) {
 		token, err := k.keycloakJWTClient.getToken()
 		if err != nil {
 			return nil, err
@@ -74,7 +75,6 @@ func (k *KeycloakJWTCacheInMemory) GetAccessToken() (string, error) {
 
 type KeycloakJWTClient struct {
 	client       *gocloak.GoCloak
-	basePath     string
 	clientName   string
 	clientSecret string
 	realm        string
@@ -85,7 +85,6 @@ var _ ITokenReceiver = &KeycloakJWTClient{}
 func NewKeycloakJWTClient(basePath, clientName, clientSecret, realm string) *KeycloakJWTClient {
 	return &KeycloakJWTClient{
 		client:       gocloak.NewClient(basePath),
-		basePath:     basePath,
 		clientName:   clientName,
 		clientSecret: clientSecret,
 		realm:        realm,
diff --git a/client/keycloakJWTClient_test.go b/client/keycloakJWTClient_test.go
@@ -0,0 +1,120 @@
+package client
+
+import (
+	"testing"
+
+	"github.com/Nerzal/gocloak/v12"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+
+type MockTokenReceiver struct {
+	mock.Mock
+}
+
+func (m *MockTokenReceiver) GetAccessToken() (string, error) {
+	args := m.Called()
+	return args.String(0), args.Error(1)
+}
+
+func (m *MockTokenReceiver) getToken() (*gocloak.JWT, error) {
+	args := m.Called()
+	return args.Get(0).(*gocloak.JWT), args.Error(1)
+}
+
+func TestKeycloakJWTCacheInMemory_GetToken(t *testing.T) {
+
+	tests := []struct {
+		name             string
+		cachedToken      *gocloak.JWT
+		mockToken        *gocloak.JWT
+		mockError        error
+		expectedToken    *gocloak.JWT
+		expectedError    error
+		shouldFetchToken bool
+	}{
+		{
+			name:        "No cached token",
+			cachedToken: nil,
+			mockToken: &gocloak.JWT{
+				AccessToken: "test_token",
+			},
+			expectedToken: &gocloak.JWT{
+				AccessToken: "test_token",
+			},
+			expectedError:    nil,
+			shouldFetchToken: true,
+		},
+		{
+			name: "Expired cached token",
+			cachedToken: &gocloak.JWT{
+				AccessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyMzEwMjJ9.hsfQPY3ZVrVIV-bzI54NRoTDG6wWzORVp68lxGa3D08", // todo add actual expired token -> create one on jwt.io
+			},
+			mockToken: &gocloak.JWT{
+				AccessToken: "test_token",
+			},
+			expectedToken: &gocloak.JWT{
+				AccessToken: "test_token",
+			},
+			expectedError:    nil,
+			shouldFetchToken: true,
+		},
+		{
+			name: "Valid cached token",
+			cachedToken: &gocloak.JWT{
+				AccessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
+			},
+			mockToken: &gocloak.JWT{
+				AccessToken: "test_token",
+			},
+			expectedToken: &gocloak.JWT{
+				AccessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
+			},
+			expectedError:    nil,
+			shouldFetchToken: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			mockTokenReceiver := new(MockTokenReceiver)
+			cache := NewKeycloakJWTCacheInMemory(mockTokenReceiver)
+
+			cache.cachedToken = tt.cachedToken
+
+			mockTokenReceiver.On("getToken").Return(tt.mockToken, tt.mockError)
+
+			token, err := cache.getToken()
+
+			if tt.expectedError != nil {
+				assert.ErrorIs(t, err, tt.expectedError)
+			} else {
+				assert.NoError(t, err)
+			}
+
+			assert.Equal(t, tt.expectedToken, token)
+			if tt.shouldFetchToken {
+				mockTokenReceiver.AssertCalled(t, "getToken")
+			}
+		})
+	}
+}
+
+func TestKeycloakJWTCacheInMemory_GetAccessToken(t *testing.T) {
+	mockTokenReceiver := new(MockTokenReceiver)
+	mockToken := &gocloak.JWT{
+		AccessToken: "test_token",
+		ExpiresIn:   3600,
+	}
+
+	mockTokenReceiver.On("getToken").Return(mockToken, nil)
+
+	cache := NewKeycloakJWTCacheInMemory(mockTokenReceiver)
+
+	accessToken, err := cache.GetAccessToken()
+
+	assert.NoError(t, err)
+	assert.Equal(t, "test_token", accessToken)
+	mockTokenReceiver.AssertCalled(t, "getToken")
+}
diff --git a/client/keycloakRepository.go b/client/keycloakRepository.go
@@ -0,0 +1,26 @@
+package client
+
+import (
+	"context"
+	"github.com/Nerzal/gocloak/v12"
+)
+
+type IKeycloakRepository interface {
+	GetClientAccessToken(clientName, clientSecret, realm string) (*gocloak.JWT, error)
+}
+
+type KeycloakRepository struct {
+	client *gocloak.GoCloak
+}
+
+var _ IKeycloakRepository = &KeycloakRepository{}
+
+func NewKeycloakRepository(basePath string) *KeycloakRepository {
+	return &KeycloakRepository{
+		client: gocloak.NewClient(basePath),
+	}
+}
+
+func (r *KeycloakRepository) GetClientAccessToken(clientName, clientSecret, realm string) (*gocloak.JWT, error) {
+	return r.client.LoginClient(context.Background(), clientName, clientSecret, realm)
+}
diff --git a/go.mod b/go.mod
@@ -38,6 +38,7 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.8.0 // indirect
diff --git a/go.sum b/go.sum
@@ -77,6 +77,7 @@ github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
