CC refactors

jvanderhoof · jvanderhoof · commit 5c834796c174 · 2023-05-24T06:35:00.000-06:00
diff --git a/app/domain/authentication/authn_jwt/v2/data_objects/authenticator_contract.rb b/app/domain/authentication/authn_jwt/v2/data_objects/authenticator_contract.rb
@@ -77,7 +77,7 @@ class AuthenticatorContract < Dry::Validation::Contract
 
           # Verify that a variable has been created for one of: `jwks-uri`, `public-keys`, or `provider-uri`
           rule(:jwks_uri, :public_keys, :provider_uri) do
-            if %i[jwks_uri provider_uri public_keys].all? { |item| values[item].nil? }
+            if all_are?(array: %i[jwks_uri provider_uri public_keys], values: values, check: :nil?)
               utils.failed_response(
                 key: key,
                 error: Errors::Authentication::AuthnJwt::InvalidSigningKeySettings.new(
@@ -89,7 +89,8 @@ class AuthenticatorContract < Dry::Validation::Contract
 
           # Verify that a variable has been set for one of: `jwks-uri`, `public-keys`, or `provider-uri`
           rule(:jwks_uri, :public_keys, :provider_uri) do
-            if %i[jwks_uri provider_uri public_keys].all? { |item| values[item].blank? }
+            if all_are?(array: %i[jwks_uri provider_uri public_keys], values: values, check: :blank?)
+            # if %i[jwks_uri provider_uri public_keys].all? { |item| values[item].blank? }
               utils.failed_response(
                 key: key,
                 error: Errors::Authentication::AuthnJwt::InvalidSigningKeySettings.new(
@@ -328,6 +329,12 @@ def variable_empty?(key:, values:, variable:)
               )
             )
           end
+
+          def all_are?(array:, values:, check:)
+            array.all? { |item| values[item].send(check) }
+          end
+
+
         end
       end
     end
diff --git a/app/domain/authentication/authn_oidc/v2/strategy.rb b/app/domain/authentication/authn_oidc/v2/strategy.rb
@@ -4,6 +4,8 @@ module Authentication
   module AuthnOidc
     module V2
       class Strategy
+        REQUIRED_PARAMS = %i[code nonce].freeze
+
         def initialize(
           authenticator:,
           client: Authentication::AuthnOidc::V2::Client,
@@ -16,7 +18,7 @@ def initialize(
 
         def callback(parameters:, request_body: nil)
           # NOTE: `code_verifier` param is optional
-          %i[code nonce].each do |param|
+          REQUIRED_PARAMS.each do |param|
             unless parameters[param].present?
               raise Errors::Authentication::RequestBody::MissingRequestParam, param.to_s
             end
diff --git a/dev/start b/dev/start
@@ -433,7 +433,9 @@ init_jwt() {
 
   # OIDC is a special case on JWT, JWT automation tests contain scenarios with
   # OIDC providers.
-  configure_oidc_providers
+  # configure_oidc_providers
+  configure_oidc_authenticators
+  enable_oidc_authenticators
 
   echo "Configure jwks provider"
   docker-compose exec jwks "/tmp/create_nginx_certificate.sh"
diff --git a/spec/app/db/repository/authenticator_repository_spec.rb b/spec/app/db/repository/authenticator_repository_spec.rb
@@ -66,7 +66,7 @@
               arguments.each do |variable|
                 ::Secret.create(
                   resource_id: "rspec:variable:conjur/authn-oidc/#{service}/#{variable}",
-                  value: "#{variable}"
+                  value: variable.to_s
                 )
               end
             end
diff --git a/spec/app/domain/authentication/authn-jwt/v2/data_objects/authenticator_contract_spec.rb b/spec/app/domain/authentication/authn-jwt/v2/data_objects/authenticator_contract_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe(Authentication::AuthnOidc::V2::DataObjects::AuthenticatorContract) do
-  subject { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new.call(**params) }
+  subject { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new(utils: ::Util::ContractUtils).call(**params) }
   let(:default_args) { { account: 'foo', service_id: 'bar' } }
   let(:public_keys) { '{"type":"jwks","value":{"keys":[{}]}}' }
 
@@ -238,7 +238,7 @@
       end
     end
     context 'with claims in reserved claim list' do
-      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new }
+      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new(utils: ::Util::ContractUtils) }
       %w[iss exp nbf iat jti aud].each do |reserved_claim|
         enforced_claims = "foo-bar/b, #{reserved_claim}"
         it 'is unsuccessful' do
@@ -312,7 +312,7 @@
       end
     end
     context 'with claim alias in reserved claim list' do
-      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new }
+      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new(utils: ::Util::ContractUtils) }
       %w[iss exp nbf iat jti aud].each do |reserved_claim|
         enforced_claims = "foo:bar/b, #{reserved_claim}:bing/baz"
         it 'is unsuccessful' do
@@ -325,7 +325,7 @@
       end
     end
     context 'with claim target in reserved claim list' do
-      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new }
+      let(:contract) { Authentication::AuthnJwt::V2::DataObjects::AuthenticatorContract.new(utils: ::Util::ContractUtils) }
       %w[iss exp nbf iat jti aud].each do |reserved_claim|
         enforced_claims = "foo:bar/b, bing:#{reserved_claim}"
         it 'is unsuccessful' do
diff --git a/spec/app/domain/authentication/authn-jwt/v2/resolve_identity_spec.rb b/spec/app/domain/authentication/authn-jwt/v2/resolve_identity_spec.rb
@@ -275,7 +275,7 @@
         let(:allowed_roles) do
           [
             { role_id: 'rspec:host:bill', annotations: {} },
-            { role_id: 'rspec:host:bob',
+            { role_id: 'rspec:user:bob',
               annotations: {
                 'authn-jwt/bar/project_id' => 'test-1',
                 'authn-jwt/bar/iss' => 'test-2'

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@`
`66`	`66`	`arguments.each do \|variable\|`
`67`	`67`	`::Secret.create(`
`68`	`68`	`resource_id: "rspec:variable:conjur/authn-oidc/#{service}/#{variable}",`
`69`		`- value: "#{variable}"`
	`69`	`+ value: variable.to_s`
`70`	`70`	`)`
`71`	`71`	`end`
`72`	`72`	`end`
Original file line number	Diff line number	Diff line change
`@@ -275,7 +275,7 @@`
`275`	`275`	`let(:allowed_roles) do`
`276`	`276`	`[`
`277`	`277`	`{ role_id: 'rspec:host:bill', annotations: {} },`
`278`		`- { role_id: 'rspec:host:bob',`
	`278`	`+ { role_id: 'rspec:user:bob',`
`279`	`279`	`annotations: {`
`280`	`280`	`'authn-jwt/bar/project_id' => 'test-1',`
`281`	`281`	`'authn-jwt/bar/iss' => 'test-2'`