capifcore/internal/securityservice/security_test.go

   1 // -
   2 //   ========================LICENSE_START=================================
   3 //   O-RAN-SC
   4 //   %%
   5 //   Copyright (C) 2022: Nordix Foundation
   6 //   %%
   7 //   Licensed under the Apache License, Version 2.0 (the "License");
   8 //   you may not use this file except in compliance with the License.
   9 //   You may obtain a copy of the License at
  10 //
  11 //        http://www.apache.org/licenses/LICENSE-2.0
  12 //
  13 //   Unless required by applicable law or agreed to in writing, software
  14 //   distributed under the License is distributed on an "AS IS" BASIS,
  15 //   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 //   See the License for the specific language governing permissions and
  17 //   limitations under the License.
  18 //   ========================LICENSE_END===================================
  19 //
  20
  21 package security
  22
  23 import (
  24         "fmt"
  25         "net/http"
  26         "net/url"
  27         "os"
  28         "testing"
  29
  30         "oransc.org/nonrtric/capifcore/internal/securityapi"
  31
  32         "oransc.org/nonrtric/capifcore/internal/invokermanagement"
  33         "oransc.org/nonrtric/capifcore/internal/providermanagement"
  34         "oransc.org/nonrtric/capifcore/internal/publishservice"
  35
  36         "github.com/labstack/echo/v4"
  37
  38         "oransc.org/nonrtric/capifcore/internal/common29122"
  39
  40         invokermocks "oransc.org/nonrtric/capifcore/internal/invokermanagement/mocks"
  41         servicemocks "oransc.org/nonrtric/capifcore/internal/providermanagement/mocks"
  42         publishmocks "oransc.org/nonrtric/capifcore/internal/publishservice/mocks"
  43
  44         "github.com/deepmap/oapi-codegen/pkg/middleware"
  45         "github.com/deepmap/oapi-codegen/pkg/testutil"
  46         echomiddleware "github.com/labstack/echo/v4/middleware"
  47         "github.com/stretchr/testify/assert"
  48         "github.com/stretchr/testify/mock"
  49 )
  50
  51 func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
  52         invokerRegisterMock := invokermocks.InvokerRegister{}
  53         invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
  54         invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
  55         serviceRegisterMock := servicemocks.ServiceRegister{}
  56         serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
  57         publishRegisterMock := publishmocks.PublishRegister{}
  58         publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
  59
  60         requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock)
  61
  62         data := url.Values{}
  63         clientId := "id"
  64         clientSecret := "secret"
  65         aefId := "aefId"
  66         path := "path"
  67         data.Set("client_id", clientId)
  68         data.Add("client_secret", clientSecret)
  69         data.Add("grant_type", "client_credentials")
  70         data.Add("scope", "scope#"+aefId+":"+path)
  71         encodedData := data.Encode()
  72
  73         result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
  74
  75         assert.Equal(t, http.StatusCreated, result.Code())
  76         var resultResponse securityapi.AccessTokenRsp
  77         err := result.UnmarshalBodyToObject(&resultResponse)
  78         assert.NoError(t, err, "error unmarshaling response")
  79         assert.NotEmpty(t, resultResponse.AccessToken)
  80         assert.Equal(t, "scope#"+aefId+":"+path, *resultResponse.Scope)
  81         assert.Equal(t, securityapi.AccessTokenRspTokenTypeBearer, resultResponse.TokenType)
  82         assert.Equal(t, common29122.DurationSec(0), resultResponse.ExpiresIn)
  83         invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
  84         invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
  85         serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
  86         publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
  87 }
  88
  89 func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
  90         invokerRegisterMock := invokermocks.InvokerRegister{}
  91         invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
  92
  93         requestHandler := getEcho(nil, nil, &invokerRegisterMock)
  94
  95         data := url.Values{}
  96         data.Set("client_id", "id")
  97         data.Add("client_secret", "secret")
  98         data.Add("grant_type", "client_credentials")
  99         data.Add("scope", "scope#aefId:path")
 100         encodedData := data.Encode()
 101
 102         result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
 103
 104         assert.Equal(t, http.StatusBadRequest, result.Code())
 105         var problemDetails common29122.ProblemDetails
 106         err := result.UnmarshalBodyToObject(&problemDetails)
 107         assert.NoError(t, err, "error unmarshaling response")
 108         badRequest := http.StatusBadRequest
 109         assert.Equal(t, &badRequest, problemDetails.Status)
 110         errMsg := "Invoker not registered"
 111         assert.Equal(t, &errMsg, problemDetails.Cause)
 112 }
 113
 114 func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
 115         invokerRegisterMock := invokermocks.InvokerRegister{}
 116         invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
 117         invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
 118
 119         requestHandler := getEcho(nil, nil, &invokerRegisterMock)
 120
 121         data := url.Values{}
 122         data.Set("client_id", "id")
 123         data.Add("client_secret", "secret")
 124         data.Add("grant_type", "client_credentials")
 125         data.Add("scope", "scope#aefId:path")
 126         encodedData := data.Encode()
 127
 128         result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
 129
 130         assert.Equal(t, http.StatusBadRequest, result.Code())
 131         var problemDetails common29122.ProblemDetails
 132         err := result.UnmarshalBodyToObject(&problemDetails)
 133         assert.NoError(t, err, "error unmarshaling response")
 134         badRequest := http.StatusBadRequest
 135         assert.Equal(t, &badRequest, problemDetails.Status)
 136         errMsg := "Invoker secret not valid"
 137         assert.Equal(t, &errMsg, problemDetails.Cause)
 138 }
 139
 140 func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
 141         invokerRegisterMock := invokermocks.InvokerRegister{}
 142         invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
 143         invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
 144         serviceRegisterMock := servicemocks.ServiceRegister{}
 145         serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
 146
 147         requestHandler := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock)
 148
 149         data := url.Values{}
 150         data.Set("client_id", "id")
 151         data.Add("client_secret", "secret")
 152         data.Add("grant_type", "client_credentials")
 153         data.Add("scope", "scope#aefId:path")
 154         encodedData := data.Encode()
 155
 156         result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
 157
 158         assert.Equal(t, http.StatusBadRequest, result.Code())
 159         var problemDetails common29122.ProblemDetails
 160         err := result.UnmarshalBodyToObject(&problemDetails)
 161         assert.NoError(t, err, "error unmarshaling response")
 162         badRequest := http.StatusBadRequest
 163         assert.Equal(t, &badRequest, problemDetails.Status)
 164         errMsg := "Function not registered"
 165         assert.Equal(t, &errMsg, problemDetails.Cause)
 166 }
 167
 168 func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
 169         invokerRegisterMock := invokermocks.InvokerRegister{}
 170         invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
 171         invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
 172         serviceRegisterMock := servicemocks.ServiceRegister{}
 173         serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
 174         publishRegisterMock := publishmocks.PublishRegister{}
 175         publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
 176
 177         requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock)
 178
 179         data := url.Values{}
 180         data.Set("client_id", "id")
 181         data.Add("client_secret", "secret")
 182         data.Add("grant_type", "client_credentials")
 183         data.Add("scope", "scope#aefId:path")
 184         encodedData := data.Encode()
 185
 186         result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
 187
 188         assert.Equal(t, http.StatusBadRequest, result.Code())
 189         var problemDetails common29122.ProblemDetails
 190         err := result.UnmarshalBodyToObject(&problemDetails)
 191         assert.NoError(t, err, "error unmarshaling response")
 192         badRequest := http.StatusBadRequest
 193         assert.Equal(t, &badRequest, problemDetails.Status)
 194         errMsg := "API not published"
 195         assert.Equal(t, &errMsg, problemDetails.Cause)
 196 }
 197
 198 func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister) *echo.Echo {
 199         swagger, err := securityapi.GetSwagger()
 200         if err != nil {
 201                 fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
 202                 os.Exit(1)
 203         }
 204
 205         swagger.Servers = nil
 206
 207         s := NewSecurity(serviceRegister, publishRegister, invokerRegister)
 208
 209         e := echo.New()
 210         e.Use(echomiddleware.Logger())
 211         e.Use(middleware.OapiRequestValidator(swagger))
 212
 213         securityapi.RegisterHandlers(e, s)
 214         return e
 215 }