#16 more tests using mockery

jandix · Apr 20, 2019 · b216009 · b216009
1 parent 040565e
commit b216009
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 30 deletions.
diff --git a/R/oauth2_google.R b/R/oauth2_google.R
@@ -93,7 +93,7 @@ is_authed_oauth2_google <- function (req,
 
   # download public key file and find public key used for the jwt by matching the kid
   jwks <- download_jwks()
-  index <- match_pub_key_in_jwks(jwks, jwt_header)
+  index <- match_kid_in_jwks(jwks, jwt_header)
 
   if (length(index) != 1) {
     return(is_authed_return_list(FALSE, "Failed", 500,
@@ -140,12 +140,11 @@ download_jwks <- function(){
     return(NULL)
   }
 
-  # match kid
   jwks <- jsonlite::fromJSON(httr::content(response, type = "text", encoding = "UTF-8"))$keys
   return(jwks)
 }
 
-match_pub_key_in_jwks <- function(jwks, jwt_header){
+match_kid_in_jwks <- function(jwks, jwt_header){
   index <- which(jwks$kid == jwt_header$kid)
   return(index)
 }

diff --git a/tests/testthat/test_oauth2_google.R b/tests/testthat/test_oauth2_google.R
@@ -38,7 +38,7 @@ testthat::test_that("test that the function requires HTTP_AUTHORIZATION header i
   testthat::expect_false(res$is_authed)
 })
 
-testthat::test_that("test that the function requires valid HTTP_AUTHORIZATION", {
+testthat::test_that("test that the function fails if token is invalid", {
   # test data
   test_req <- list(HTTP_AUTHORIZATION = "xxx.xxx.xxx")
   test_res <- list()
@@ -51,25 +51,7 @@ testthat::test_that("test that the function requires valid HTTP_AUTHORIZATION",
   testthat::expect_false(res$is_authed)
 })
 
-testthat::test_that("test that the function requires valid HTTP_AUTHORIZATION that matches google key", {
-  # test data
-  key <- openssl::rsa_keygen()
-  pub_key <- as.list(key)$pubkey
-  token <- jose::jwt_claim(name = "Franz",
-                     uid = 509)
-  jwt <- jose::jwt_encode_sig(token, key)
-  test_req <- list(HTTP_AUTHORIZATION = jwt)
-  test_res <- list()
-  client_id <- "xxx"
-
-  res <- sealr::is_authed_oauth2_google(req = test_req,
-                                        res = test_res,
-                                        token_location = "header",
-                                        client_id = test_client_id)
-  testthat::expect_false(res$is_authed)
-})
-
-
+# TEST FUNCTION WITH HELP OF MOCKING ---------------------------------------------
 testthat::test_that("test that the function works with all arguments", {
 
   test_res <- list()
@@ -92,7 +74,7 @@ testthat::test_that("test that the function works with all arguments", {
   test_req <- list(HTTP_AUTHORIZATION = jwt)
 
   mockery::stub(sealr::is_authed_oauth2_google, "download_jwks", data.frame())
-  mockery::stub(sealr::is_authed_oauth2_google, "match_pub_key_in_jwks", 1)
+  mockery::stub(sealr::is_authed_oauth2_google, "match_kid_in_jwks", 1)
   mockery::stub(sealr::is_authed_oauth2_google, "parse_pub_key_in_jwks", pub_key)
 
 
@@ -104,18 +86,49 @@ testthat::test_that("test that the function works with all arguments", {
   testthat::expect_true(res$is_authed)
 })
 
-
-
 testthat::test_that("test that the function works without optional hd check", {
 
+  # public key to to be used as signature for JWT
+  key <- openssl::rsa_keygen()
+  pub_key <- as.list(key)$pubkey
+
+  # test data
   test_res <- list()
   test_kid = "thisismykid"
   test_client_id = "xxx"
 
+  # generate JWT
+  token <- jose::jwt_claim(name = "Franz",
+                           uid = 509,
+                           aud = test_client_id,
+                           iss = "https://accounts.google.com")
+
+  jwt <- jose::jwt_encode_sig(token, key, header = list(kid = test_kid))
+  test_req <- list(HTTP_AUTHORIZATION = jwt)
+
+  mockery::stub(sealr::is_authed_oauth2_google, "download_jwks", data.frame())
+  mockery::stub(sealr::is_authed_oauth2_google, "match_kid_in_jwks", 1)
+  mockery::stub(sealr::is_authed_oauth2_google, "parse_pub_key_in_jwks", pub_key)
+
+
+  res <- sealr::is_authed_oauth2_google(req = test_req,
+                                        res = test_res,
+                                        token_location = "header",
+                                        client_id = test_client_id)
+  testthat::expect_true(res$is_authed)
+})
+
+testthat::test_that("test that the function fails when download of jwks fails", {
+
   # public key to to be used as signature for JWT
   key <- openssl::rsa_keygen()
   pub_key <- as.list(key)$pubkey
 
+  # test data
+  test_res <- list()
+  test_kid = "thisismykid"
+  test_client_id = "xxx"
+
   # generate JWT
   token <- jose::jwt_claim(name = "Franz",
                            uid = 509,
@@ -125,14 +138,49 @@ testthat::test_that("test that the function works without optional hd check", {
   jwt <- jose::jwt_encode_sig(token, key, header = list(kid = test_kid))
   test_req <- list(HTTP_AUTHORIZATION = jwt)
 
-  mockery::stub(sealr::is_authed_oauth2_google, "download_jwks", data.frame())
-  mockery::stub(sealr::is_authed_oauth2_google, "match_pub_key_in_jwks", 1)
-  mockery::stub(sealr::is_authed_oauth2_google, "parse_pub_key_in_jwks", pub_key)
+  # NULL is returned when download fails
+  mockery::stub(sealr::is_authed_oauth2_google, "download_jwks", NULL)
 
+  res <- sealr::is_authed_oauth2_google(req = test_req,
+                                        res = test_res,
+                                        token_location = "header",
+                                        client_id = test_client_id)
+  testthat::expect_false(res$is_authed)
+  testthat::expect_equal(res$code, 500)
+  testthat::expect_equal(res$message, "Authentication Error. Hint: jwks_uri")
+
+})
+
+testthat::test_that("test that the function fails if kid is not part of jwks", {
+
+  # public key to to be used as signature for JWT
+  key <- openssl::rsa_keygen()
+  pub_key <- as.list(key)$pubkey
+
+  # test data
+  test_res <- list()
+  test_kid = "thisismykid"
+  test_client_id = "xxx"
+
+  # generate JWT
+  token <- jose::jwt_claim(name = "Franz",
+                           uid = 509,
+                           aud = test_client_id,
+                           iss = "https://accounts.google.com")
+
+  jwt <- jose::jwt_encode_sig(token, key, header = list(kid = test_kid))
+  test_req <- list(HTTP_AUTHORIZATION = jwt)
+
+  # NULL is returned when download fails
+  mockery::stub(sealr::is_authed_oauth2_google, "download_jwks", data.frame(kid = c("1", "2", "3")))
 
   res <- sealr::is_authed_oauth2_google(req = test_req,
                                         res = test_res,
                                         token_location = "header",
                                         client_id = test_client_id)
-  testthat::expect_true(res$is_authed)
+  testthat::expect_false(res$is_authed)
+  testthat::expect_equal(res$code, 500)
+  testthat::expect_equal(res$message, "Authentication Error. Hint: jwks_uri")
+
 })
+