add more tests

Author: ndyakov

azure_default_identity_provider.go

@@ -15,16 +15,31 @@ type DefaultAzureIdentityProviderOptions struct {
 	AzureOptions *azidentity.DefaultAzureCredentialOptions
 	// Scopes is the list of scopes used to request a token from the identity provider.
 	Scopes []string
+
+	// credFactory is a factory for creating the default Azure credential.
+	// This is used for testing purposes, to allow mocking the credential creation.
+	// If not provided, the default implementation - azidentity.NewDefaultAzureCredential will be used
+	credFactory credFactory
+}
+
+type credFactory interface {
+	NewDefaultAzureCredential(options *azidentity.DefaultAzureCredentialOptions) (defaultAzureCredential, error)
 }
 
 type defaultAzureCredential interface {
 	GetToken(ctx context.Context, options policy.TokenRequestOptions) (azcore.AccessToken, error)
 }
 
+type defaultCredFactory struct{}
+
+func (d *defaultCredFactory) NewDefaultAzureCredential(options *azidentity.DefaultAzureCredentialOptions) (defaultAzureCredential, error) {
+	return azidentity.NewDefaultAzureCredential(options)
+}
+
 type DefaultAzureIdentityProvider struct {
-	options *azidentity.DefaultAzureCredentialOptions
-	cred    defaultAzureCredential
-	scopes  []string
+	options     *azidentity.DefaultAzureCredentialOptions
+	credFactory credFactory
+	scopes      []string
 }
 
 // NewDefaultAzureIdentityProvider creates a new DefaultAzureIdentityProvider.
@@ -33,21 +48,26 @@ func NewDefaultAzureIdentityProvider(opts DefaultAzureIdentityProviderOptions) (
 		opts.Scopes = []string{RedisScopeDefault}
 	}
 
-	return &DefaultAzureIdentityProvider{options: opts.AzureOptions, scopes: opts.Scopes}, nil
+	return &DefaultAzureIdentityProvider{
+		options:     opts.AzureOptions,
+		scopes:      opts.Scopes,
+		credFactory: opts.credFactory,
+	}, nil
 }
 
 // RequestToken requests a token from the Azure Default Identity provider.
 // It returns the token, the expiration time, and an error if any.
 func (a *DefaultAzureIdentityProvider) RequestToken() (IdentityProviderResponse, error) {
-	var err error
-	if a.cred == nil {
-		a.cred, err = azidentity.NewDefaultAzureCredential(a.options)
-		if err != nil {
-			return nil, fmt.Errorf("failed to create default azure credential: %w", err)
-		}
+	credFactory := a.credFactory
+	if credFactory == nil {
+		credFactory = &defaultCredFactory{}
+	}
+	cred, err := credFactory.NewDefaultAzureCredential(a.options)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create default azure credential: %w", err)
 	}
 
-	token, err := a.cred.GetToken(context.TODO(), policy.TokenRequestOptions{Scopes: a.scopes})
+	token, err := cred.GetToken(context.TODO(), policy.TokenRequestOptions{Scopes: a.scopes})
 	if err != nil {
 		return nil, fmt.Errorf("failed to get token: %w", err)
 	}

azure_default_identity_provider_test.go

@@ -49,18 +49,19 @@ func TestAzureDefaultIdentityProvider_RequestToken(t *testing.T) {
 	assert.Error(t, err, "failed to request token")
 
 	// use mockAzureCredential to simulate the environment
-	mockCreds := &mockAzureCredential{}
-	provider.cred = mockCreds
-	mockToken := azcore.AccessToken{
+	mToken := azcore.AccessToken{
 		Token: testJWTtoken,
 	}
-	mockCreds.On("GetToken", mock.Anything, mock.Anything).Return(mockToken, nil)
-
+	mCreds := &mockAzureCredential{}
+	mCreds.On("GetToken", mock.Anything, mock.Anything).Return(mToken, nil)
+	mCredFactory := &mockCredFactory{}
+	mCredFactory.On("NewDefaultAzureCredential", mock.Anything).Return(mCreds, nil)
+	provider.credFactory = mCredFactory
 	token, err = provider.RequestToken()
 	assert.NotNil(t, token, "token should not be nil")
 	assert.NoError(t, err, "failed to request token")
 	assert.Equal(t, ResponseTypeAccessToken, token.Type(), "token type should be access token")
-	assert.Equal(t, mockToken, token.AccessToken(), "access token should be equal to testJWTtoken")
+	assert.Equal(t, mToken, token.AccessToken(), "access token should be equal to testJWTtoken")
 }
 
 func TestAzureDefaultIdentityProvider_RequestTokenWithScopes(t *testing.T) {
@@ -73,22 +74,34 @@ func TestAzureDefaultIdentityProvider_RequestTokenWithScopes(t *testing.T) {
 		t.Fatalf("failed to create DefaultAzureIdentityProvider: %v", err)
 	}
 
-	// Request a token from the provider
-	token, err := provider.RequestToken()
-	assert.Nil(t, token, "token should be nil")
-	assert.Error(t, err, "failed to request token")
-
-	// use mockAzureCredential to simulate the environment
-	mockCreds := &mockAzureCredential{}
-	provider.cred = mockCreds
-	mockToken := azcore.AccessToken{
-		Token: testJWTtoken,
-	}
-	mockCreds.On("GetToken", mock.Anything, policy.TokenRequestOptions{Scopes: scopes}).Return(mockToken, nil)
+	t.Run("RequestToken with custom scopes", func(t *testing.T) {
+		// Request a token from the provider
+		token, err := provider.RequestToken()
+		assert.Nil(t, token, "token should be nil")
+		assert.Error(t, err, "failed to request token")
 
-	token, err = provider.RequestToken()
-	assert.NotNil(t, token, "token should not be nil")
-	assert.NoError(t, err, "failed to request token")
-	assert.Equal(t, ResponseTypeAccessToken, token.Type(), "token type should be access token")
-	assert.Equal(t, mockToken, token.AccessToken(), "access token should be equal to testJWTtoken")
+		// use mockAzureCredential to simulate the environment
+		mToken := azcore.AccessToken{
+			Token: testJWTtoken,
+		}
+		mCreds := &mockAzureCredential{}
+		mCreds.On("GetToken", mock.Anything, policy.TokenRequestOptions{Scopes: scopes}).Return(mToken, nil)
+		mCredFactory := &mockCredFactory{}
+		mCredFactory.On("NewDefaultAzureCredential", mock.Anything).Return(mCreds, nil)
+		provider.credFactory = mCredFactory
+		token, err = provider.RequestToken()
+		assert.NotNil(t, token, "token should not be nil")
+		assert.NoError(t, err, "failed to request token")
+		assert.Equal(t, ResponseTypeAccessToken, token.Type(), "token type should be access token")
+		assert.Equal(t, mToken, token.AccessToken(), "access token should be equal to testJWTtoken")
+	})
+	t.Run("RequestToken with error from credFactory", func(t *testing.T) {
+		// use mockAzureCredential to simulate the environment
+		mCredFactory := &mockCredFactory{}
+		mCredFactory.On("NewDefaultAzureCredential", mock.Anything).Return(nil, assert.AnError)
+		provider.credFactory = mCredFactory
+		token, err := provider.RequestToken()
+		assert.Nil(t, token, "token should be nil")
+		assert.Error(t, err, "failed to request token")
+	})
 }

entraid_test.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"github.com/stretchr/testify/mock"
 )
 
@@ -94,5 +95,21 @@ type mockAzureCredential struct {
 
 func (m *mockAzureCredential) GetToken(ctx context.Context, options policy.TokenRequestOptions) (azcore.AccessToken, error) {
 	args := m.Called(ctx, options)
+	if args.Get(0) == nil {
+		return azcore.AccessToken{}, args.Error(1)
+	}
 	return args.Get(0).(azcore.AccessToken), args.Error(1)
 }
+
+type mockCredFactory struct {
+	// Mock implementation of the credFactory interface
+	mock.Mock
+}
+
+func (m *mockCredFactory) NewDefaultAzureCredential(options *azidentity.DefaultAzureCredentialOptions) (defaultAzureCredential, error) {
+	args := m.Called(options)
+	if args.Get(0) == nil {
+		return nil, args.Error(1)
+	}
+	return args.Get(0).(defaultAzureCredential), args.Error(1)
+}

token_manager.go

@@ -90,11 +90,10 @@ var defaultIdentityProviderResponseParser IdentityProviderResponseParserFunc = f
 	switch response.Type() {
 	case ResponseTypeAuthResult:
 		authResult := response.AuthResult()
-		if authResult.IDToken.RawToken == "" {
-			return nil, fmt.Errorf("auth result id token is empty")
+		if authResult.ExpiresOn.Before(time.Now()) {
+			return nil, fmt.Errorf("auth result expired or invalid")
 		}
 		rawToken = authResult.IDToken.RawToken
-
 		username = authResult.IDToken.Oid
 		password = rawToken
 		expiresOn = authResult.ExpiresOn.UTC()

token_manager_test.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/public"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -379,27 +380,30 @@ func TestTokenManager_Start(t *testing.T) {
 
 func TestDefaultIdentityProviderResponseParser(t *testing.T) {
 	t.Parallel()
-	/*
-		t.Run("Default IdentityProviderResponseParser with type AuthResult", func(t *testing.T) {
-			idpResponse, err := NewIDPResponse(ResponseTypeAuthResult,
-				&public.AuthResult{
-					ExpiresOn: time.Now().Add(time.Hour),
-				})
-			assert.NoError(t, err)
-			//_, err := defaultIdentityProviderResponseParser(idpResponse)
-			//assert.NoError(t, err)
-			//assert.NotNil(t, token)
-		})
-	*/
+	t.Run("Default IdentityProviderResponseParser with type AuthResult", func(t *testing.T) {
+		authResult := &public.AuthResult{
+			ExpiresOn: time.Now().Add(time.Hour).UTC(),
+		}
+		idpResponse, err := NewIDPResponse(ResponseTypeAuthResult,
+			authResult)
+		assert.NoError(t, err)
+		token, err := defaultIdentityProviderResponseParser(idpResponse)
+		assert.NoError(t, err)
+		assert.NotNil(t, token)
+		assert.Equal(t, authResult.ExpiresOn, token.ExpirationOn())
+	})
 	t.Run("Default IdentityProviderResponseParser with type AccessToken", func(t *testing.T) {
-		idpResponse, err := NewIDPResponse(ResponseTypeAccessToken, &azcore.AccessToken{
+		accessToken := &azcore.AccessToken{
 			Token:     testJWTtoken,
-			ExpiresOn: time.Now().Add(time.Hour),
-		})
+			ExpiresOn: time.Now().Add(time.Hour).UTC(),
+		}
+		idpResponse, err := NewIDPResponse(ResponseTypeAccessToken, accessToken)
 		assert.NoError(t, err)
 		token, err := defaultIdentityProviderResponseParser(idpResponse)
 		assert.NoError(t, err)
 		assert.NotNil(t, token)
+		assert.Equal(t, accessToken.ExpiresOn, token.ExpirationOn())
+		assert.Equal(t, accessToken.Token, token.RawCredentials())
 	})
 	t.Run("Default IdentityProviderResponseParser with type RawToken", func(t *testing.T) {
 		idpResponse, err := NewIDPResponse(ResponseTypeRawToken, testJWTtoken)