Add tests for securityservice

[nonrtric/plt/sme.git] / capifcore / internal / securityservice / security_test.go

// -
//   ========================LICENSE_START=================================
//   O-RAN-SC
//   %%
//   Copyright (C) 2022: Nordix Foundation
//   %%
//   Licensed under the Apache License, Version 2.0 (the "License");
//   you may not use this file except in compliance with the License.
//   You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//   ========================LICENSE_END===================================
//

package security

import (
        "fmt"
        "net/http"
        "net/url"
        "os"
        "testing"

        "oransc.org/nonrtric/capifcore/internal/securityapi"

        "oransc.org/nonrtric/capifcore/internal/invokermanagement"
        "oransc.org/nonrtric/capifcore/internal/providermanagement"
        "oransc.org/nonrtric/capifcore/internal/publishservice"

        "github.com/labstack/echo/v4"

        "oransc.org/nonrtric/capifcore/internal/common29122"

        invokermocks "oransc.org/nonrtric/capifcore/internal/invokermanagement/mocks"
        servicemocks "oransc.org/nonrtric/capifcore/internal/providermanagement/mocks"
        publishmocks "oransc.org/nonrtric/capifcore/internal/publishservice/mocks"

        "github.com/deepmap/oapi-codegen/pkg/middleware"
        "github.com/deepmap/oapi-codegen/pkg/testutil"
        echomiddleware "github.com/labstack/echo/v4/middleware"
        "github.com/stretchr/testify/assert"
        "github.com/stretchr/testify/mock"
)

func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
        invokerRegisterMock := invokermocks.InvokerRegister{}
        invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
        invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
        serviceRegisterMock := servicemocks.ServiceRegister{}
        serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
        apiRegisterMock := publishmocks.APIRegister{}
        apiRegisterMock.On("IsAPIRegistered", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)

        requestHandler := getEcho(&serviceRegisterMock, &apiRegisterMock, &invokerRegisterMock)

        data := url.Values{}
        data.Set("client_id", "id")
        data.Add("client_secret", "secret")
        data.Add("grant_type", "client_credentials")
        data.Add("scope", "scope#aefId:path")
        encodedData := data.Encode()

        result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)

        assert.Equal(t, http.StatusCreated, result.Code())
        var resultResponse securityapi.AccessTokenRsp
        err := result.UnmarshalBodyToObject(&resultResponse)
        assert.NoError(t, err, "error unmarshaling response")
        assert.NotEmpty(t, resultResponse.AccessToken)
        assert.Equal(t, "scope#aefId:path", *resultResponse.Scope)
        assert.Equal(t, securityapi.AccessTokenRspTokenTypeBearer, resultResponse.TokenType)
        assert.Equal(t, common29122.DurationSec(0), resultResponse.ExpiresIn)
        invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", "id")
        invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", "id", "secret")
        serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", "aefId")
        apiRegisterMock.AssertCalled(t, "IsAPIRegistered", "aefId", "path")
}

func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
        invokerRegisterMock := invokermocks.InvokerRegister{}
        invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)

        requestHandler := getEcho(nil, nil, &invokerRegisterMock)

        data := url.Values{}
        data.Set("client_id", "id")
        data.Add("client_secret", "secret")
        data.Add("grant_type", "client_credentials")
        data.Add("scope", "scope#aefId:path")
        encodedData := data.Encode()

        result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)

        assert.Equal(t, http.StatusBadRequest, result.Code())
        var problemDetails common29122.ProblemDetails
        err := result.UnmarshalBodyToObject(&problemDetails)
        assert.NoError(t, err, "error unmarshaling response")
        badRequest := http.StatusBadRequest
        assert.Equal(t, &badRequest, problemDetails.Status)
        errMsg := "Invoker not registered"
        assert.Equal(t, &errMsg, problemDetails.Cause)
}

func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
        invokerRegisterMock := invokermocks.InvokerRegister{}
        invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
        invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)

        requestHandler := getEcho(nil, nil, &invokerRegisterMock)

        data := url.Values{}
        data.Set("client_id", "id")
        data.Add("client_secret", "secret")
        data.Add("grant_type", "client_credentials")
        data.Add("scope", "scope#aefId:path")
        encodedData := data.Encode()

        result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)

        assert.Equal(t, http.StatusBadRequest, result.Code())
        var problemDetails common29122.ProblemDetails
        err := result.UnmarshalBodyToObject(&problemDetails)
        assert.NoError(t, err, "error unmarshaling response")
        badRequest := http.StatusBadRequest
        assert.Equal(t, &badRequest, problemDetails.Status)
        errMsg := "Invoker secret not valid"
        assert.Equal(t, &errMsg, problemDetails.Cause)
}

func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
        invokerRegisterMock := invokermocks.InvokerRegister{}
        invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
        invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
        serviceRegisterMock := servicemocks.ServiceRegister{}
        serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)

        requestHandler := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock)

        data := url.Values{}
        data.Set("client_id", "id")
        data.Add("client_secret", "secret")
        data.Add("grant_type", "client_credentials")
        data.Add("scope", "scope#aefId:path")
        encodedData := data.Encode()

        result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)

        assert.Equal(t, http.StatusBadRequest, result.Code())
        var problemDetails common29122.ProblemDetails
        err := result.UnmarshalBodyToObject(&problemDetails)
        assert.NoError(t, err, "error unmarshaling response")
        badRequest := http.StatusBadRequest
        assert.Equal(t, &badRequest, problemDetails.Status)
        errMsg := "Function not registered"
        assert.Equal(t, &errMsg, problemDetails.Cause)
}

func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
        invokerRegisterMock := invokermocks.InvokerRegister{}
        invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
        invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
        serviceRegisterMock := servicemocks.ServiceRegister{}
        serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
        apiRegisterMock := publishmocks.APIRegister{}
        apiRegisterMock.On("IsAPIRegistered", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)

        requestHandler := getEcho(&serviceRegisterMock, &apiRegisterMock, &invokerRegisterMock)

        data := url.Values{}
        data.Set("client_id", "id")
        data.Add("client_secret", "secret")
        data.Add("grant_type", "client_credentials")
        data.Add("scope", "scope#aefId:path")
        encodedData := data.Encode()

        result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)

        assert.Equal(t, http.StatusBadRequest, result.Code())
        var problemDetails common29122.ProblemDetails
        err := result.UnmarshalBodyToObject(&problemDetails)
        assert.NoError(t, err, "error unmarshaling response")
        badRequest := http.StatusBadRequest
        assert.Equal(t, &badRequest, problemDetails.Status)
        errMsg := "API not published"
        assert.Equal(t, &errMsg, problemDetails.Cause)
}

func getEcho(serviceRegister providermanagement.ServiceRegister, apiRegister publishservice.APIRegister, invokerRegister invokermanagement.InvokerRegister) *echo.Echo {
        swagger, err := securityapi.GetSwagger()
        if err != nil {
                fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
                os.Exit(1)
        }

        swagger.Servers = nil

        s := NewSecurity(serviceRegister, apiRegister, invokerRegister)

        e := echo.New()
        e.Use(echomiddleware.Logger())
        e.Use(middleware.OapiRequestValidator(swagger))

        securityapi.RegisterHandlers(e, s)
        return e
}