Skip to content
Snippets Groups Projects
Select Git revision
  • refactor-deployment
  • main default protected
  • 49-creating-notifier-for-policy-change
  • new-ci
  • 60-implement-internal-storage
  • 26-policy-sign-data
  • 23-rego-get-ocm-invitation-function
  • add_opa_get_cache_value_ext
  • 15-add-ENV-variables-to-OPA-runtime
  • v1.4.3
  • v1.4.2-rc
  • v1.4.2-rc2
  • v1.4.2
  • v1.0.2
  • v1.0.2-rc
  • v1.0.3-rc
  • v1.4.1
  • v1.0.1-rc
  • v1.4.0
  • v1.3.1
  • v1.3.0
  • v1.2.2
22 results
Blame History Permalink
ocm_test.go 4.27 KiB 
package regofunc_test

import (
	"context"
	"encoding/json"
	"fmt"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/open-policy-agent/opa/rego"
	"github.com/stretchr/testify/assert"

	"code.vereign.com/gaiax/tsa/policy/internal/regofunc"
)

func TestGetLoginProofInvitationSuccess(t *testing.T) {
	expected := `{"link":"https://ocm:443/ocm/didcomm/?d_m=eyJAdHlwZSI","requestId":"2cf01406-b15f-4960-a6a7-7bc62cd37a3c"}`
	ocmResponse := `{
		"statusCode": 201,
		"message": "Presentation request send successfully",
		"data": {
			"presentationId": "2cf01406-b15f-4960-a6a7-7bc62cd37a3c",			
			"presentationMessage": "https://ocm:443/ocm/didcomm/?d_m=eyJAdHlwZSI"
		}
	}`

	ocmSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		_, _ = fmt.Fprint(w, ocmResponse)
	}))
	defer ocmSrv.Close()

	ocmFuncs := regofunc.NewOcmFuncs(ocmSrv.URL, http.DefaultClient)

	r := rego.New(
		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile"], {"openid": "credType1", "profile": "credType2"})`),
		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err := r.Eval(context.Background())
	assert.NoError(t, err)

	resultBytes, err := json.Marshal(resultSet[0].Expressions[0].Value)
	assert.NoError(t, err)
	assert.Equal(t, expected, string(resultBytes))

	// "scope to credential type" map with duplicate and empty credential types
	r = rego.New(
		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile", "email"], {"openid": "credType1", "profile": "credType1", "email": ""})`),
		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err = r.Eval(context.Background())
	assert.NoError(t, err)

	resultBytes, err = json.Marshal(resultSet[0].Expressions[0].Value)
	assert.NoError(t, err)
	assert.Equal(t, expected, string(resultBytes))
}

func TestGetLoginProofInvitationErr(t *testing.T) {
	ocmSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		_, _ = fmt.Fprint(w, `{"key":"value"}`)
	}))
	defer ocmSrv.Close()

	ocmFuncs := regofunc.NewOcmFuncs(ocmSrv.URL, http.DefaultClient)

	// invalid scopes array
	r := rego.New(
		rego.Query(`ocm.getLoginProofInvitation("openid", {"openid": "credType1", "profile": "credType2"})`),
		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err := r.Eval(context.Background())
	assert.Error(t, err)
	assert.Empty(t, resultSet)
	assert.Contains(t, err.Error(), "invalid scopes array")

	// invalid "scope to credential type" map
	r = rego.New(
		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile"], "map")`),
		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err = r.Eval(context.Background())
	assert.Error(t, err)
	assert.Empty(t, resultSet)
	assert.Contains(t, err.Error(), "invalid scope to credential type map")

	// empty types in "scope to credential type" map
	r = rego.New(
		rego.Query(`ocm.getLoginProofInvitation(["openid", "profile"], {"openid": "", "profile": ""})`),
		rego.Function2(ocmFuncs.GetLoginProofInvitation()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err = r.Eval(context.Background())
	assert.Error(t, err)
	assert.Empty(t, resultSet)
	assert.Contains(t, err.Error(), "no credential types found in the scope to type map")

}

func TestGetLoginProofResult(t *testing.T) {
	expected := `{"family_name":"Doe","name":"John"}`
	ocmResponse := `{
		"statusCode": 200,
		"data": {
			"state": "done",
			"presentations": [
				{
					"credentialSubject": {
						"family_name":"Doe"
					}
				},
				{
					"credentialSubject": {
						"name":"John"
					}
				}
			]
		}
	}`

	ocmSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		_, _ = fmt.Fprint(w, ocmResponse)
	}))
	defer ocmSrv.Close()

	ocmFuncs := regofunc.NewOcmFuncs(ocmSrv.URL, http.DefaultClient)

	r := rego.New(
		rego.Query(`ocm.getLoginProofResult("2cf01406-b15f-4960-a6a7-7bc62cd37a3c")`),
		rego.Function1(ocmFuncs.GetLoginProofResult()),
		rego.StrictBuiltinErrors(true),
	)

	resultSet, err := r.Eval(context.Background())
	assert.NoError(t, err)

	resultBytes, err := json.Marshal(resultSet[0].Expressions[0].Value)
	assert.NoError(t, err)
	assert.Equal(t, expected, string(resultBytes))
}