forgejo/modules/setting/oauth2_test.go

// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package setting

import (
	"os"
	"testing"

	"code.gitea.io/gitea/modules/generate"
	"code.gitea.io/gitea/modules/test"

	"github.com/stretchr/testify/assert"
)

func TestGetGeneralSigningSecret(t *testing.T) {
	// when there is no general signing secret, it should be generated, and keep the same value
	generalSigningSecret.Store(nil)
	s1 := GetGeneralTokenSigningSecret()
	assert.NotNil(t, s1)
	s2 := GetGeneralTokenSigningSecret()
	assert.Equal(t, s1, s2)

	// the config value should always override any pre-generated value
	cfg, _ := NewConfigProviderFromData(`
[oauth2]
JWT_SECRET = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
`)
	defer test.MockVariableValue(&InstallLock, true)()
	loadOAuth2From(cfg)
	actual := GetGeneralTokenSigningSecret()
	expected, _ := generate.DecodeJwtSecret("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")
	assert.Len(t, actual, 32)
	assert.EqualValues(t, expected, actual)
}

func TestGetGeneralSigningSecretSave(t *testing.T) {
	defer test.MockVariableValue(&InstallLock, true)()

	old := GetGeneralTokenSigningSecret()
	assert.Len(t, old, 32)

	tmpFile := t.TempDir() + "/app.ini"
	_ = os.WriteFile(tmpFile, nil, 0o644)
	cfg, _ := NewConfigProviderFromFile(tmpFile)
	loadOAuth2From(cfg)
	generated := GetGeneralTokenSigningSecret()
	assert.Len(t, generated, 32)
	assert.NotEqual(t, old, generated)

	generalSigningSecret.Store(nil)
	cfg, _ = NewConfigProviderFromFile(tmpFile)
	loadOAuth2From(cfg)
	again := GetGeneralTokenSigningSecret()
	assert.Equal(t, generated, again)

	iniContent, err := os.ReadFile(tmpFile)
	assert.NoError(t, err)
	assert.Contains(t, string(iniContent), "JWT_SECRET = ")
}
Port "Use general token signing secret" Port of https://github.com/go-gitea/gitea/pull/29205 Use a clearly defined "signing secret" for token signing. (cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92) 2024-02-18 17:39:04 +00:00			`// Copyright 2024 The Gitea Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package setting`

			`import (`
Always load or generate oauth2 jwt secret (#30942) Fix #30923 (cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - modules/setting/oauth2.go Conflicted due to different ways of logging. Since the log message is removed anyway, resolved by removing it. - modules/setting/oauth2_test.go Manually copied the test added by Gitea. - routers/install/install.go Not a conflict per se, but adjusted to use NewJwtSecret(). 2024-05-14 14:21:38 +00:00			`"os"`
Port "Use general token signing secret" Port of https://github.com/go-gitea/gitea/pull/29205 Use a clearly defined "signing secret" for token signing. (cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92) 2024-02-18 17:39:04 +00:00			`"testing"`

			`"code.gitea.io/gitea/modules/generate"`
			`"code.gitea.io/gitea/modules/test"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestGetGeneralSigningSecret(t *testing.T) {`
			`// when there is no general signing secret, it should be generated, and keep the same value`
Always load or generate oauth2 jwt secret (#30942) Fix #30923 (cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - modules/setting/oauth2.go Conflicted due to different ways of logging. Since the log message is removed anyway, resolved by removing it. - modules/setting/oauth2_test.go Manually copied the test added by Gitea. - routers/install/install.go Not a conflict per se, but adjusted to use NewJwtSecret(). 2024-05-14 14:21:38 +00:00			`generalSigningSecret.Store(nil)`
Port "Use general token signing secret" Port of https://github.com/go-gitea/gitea/pull/29205 Use a clearly defined "signing secret" for token signing. (cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92) 2024-02-18 17:39:04 +00:00			`s1 := GetGeneralTokenSigningSecret()`
			`assert.NotNil(t, s1)`
			`s2 := GetGeneralTokenSigningSecret()`
			`assert.Equal(t, s1, s2)`

			`// the config value should always override any pre-generated value`
			cfg, _ := NewConfigProviderFromData(`
			`[oauth2]`
			`JWT_SECRET = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB`
			`)
			`defer test.MockVariableValue(&InstallLock, true)()`
			`loadOAuth2From(cfg)`
			`actual := GetGeneralTokenSigningSecret()`
			`expected, _ := generate.DecodeJwtSecret("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")`
			`assert.Len(t, actual, 32)`
			`assert.EqualValues(t, expected, actual)`
			`}`
Always load or generate oauth2 jwt secret (#30942) Fix #30923 (cherry picked from commit effb405cae88474c27f5c8322a2627019af1cf64) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - modules/setting/oauth2.go Conflicted due to different ways of logging. Since the log message is removed anyway, resolved by removing it. - modules/setting/oauth2_test.go Manually copied the test added by Gitea. - routers/install/install.go Not a conflict per se, but adjusted to use NewJwtSecret(). 2024-05-14 14:21:38 +00:00
			`func TestGetGeneralSigningSecretSave(t *testing.T) {`
			`defer test.MockVariableValue(&InstallLock, true)()`

			`old := GetGeneralTokenSigningSecret()`
			`assert.Len(t, old, 32)`

			`tmpFile := t.TempDir() + "/app.ini"`
			`_ = os.WriteFile(tmpFile, nil, 0o644)`
			`cfg, _ := NewConfigProviderFromFile(tmpFile)`
			`loadOAuth2From(cfg)`
			`generated := GetGeneralTokenSigningSecret()`
			`assert.Len(t, generated, 32)`
			`assert.NotEqual(t, old, generated)`

			`generalSigningSecret.Store(nil)`
			`cfg, _ = NewConfigProviderFromFile(tmpFile)`
			`loadOAuth2From(cfg)`
			`again := GetGeneralTokenSigningSecret()`
			`assert.Equal(t, generated, again)`

			`iniContent, err := os.ReadFile(tmpFile)`
			`assert.NoError(t, err)`
			`assert.Contains(t, string(iniContent), "JWT_SECRET = ")`
			`}`