auth-framework 0.5.0-rc19

A comprehensive, production-ready authentication and authorization framework for Rust applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

//! Unit tests for profile utility functions and token-to-profile conversion

use auth_framework::profile_utils::ExtractProfile;
use auth_framework::providers::{OAuthProvider, ProviderProfile};
use base64::Engine;
use serde_json::json;

#[test]
fn test_user_profile_builder() {
    let profile = ProviderProfile::new()
        .with_id("123456")
        .with_provider("github")
        .with_username(Some("testuser"))
        .with_name(Some("Test User"))
        .with_email(Some("test@example.com"))
        .with_email_verified(true)
        .with_picture(Some("https://example.com/pic.jpg"))
        .with_locale(Some("en-US"))
        .with_additional_data("custom_field", json!("custom_value"));

    assert_eq!(profile.id, Some("123456".to_string()));
    assert_eq!(profile.provider, Some("github".to_string()));
    assert_eq!(profile.username, Some("testuser".to_string()));
    assert_eq!(profile.name, Some("Test User".to_string()));
    assert_eq!(profile.email, Some("test@example.com".to_string()));
    assert_eq!(profile.email_verified, Some(true));
    assert_eq!(
        profile.picture,
        Some("https://example.com/pic.jpg".to_string())
    );
    assert_eq!(profile.locale, Some("en-US".to_string()));

    let custom_value = profile.additional_data.get("custom_field").unwrap();
    assert_eq!(custom_value.as_str().unwrap(), "custom_value");
}

#[test]
fn test_extract_profile_github() {
    let provider = OAuthProvider::GitHub;
    let json_response = json!({
        "id": "12345",
        "login": "testuser",
        "name": "Test User",
        "email": "test@example.com",
        "avatar_url": "https://github.com/avatar.png"
    });

    let profile = provider
        .extract_profile(&provider, json_response.clone())
        .unwrap();

    assert_eq!(profile.id, Some("12345".to_string()));
    assert_eq!(profile.username, Some("testuser".to_string()));
    assert_eq!(profile.name, Some("Test User".to_string()));
    assert_eq!(profile.email, Some("test@example.com".to_string()));
    assert_eq!(
        profile.picture,
        Some("https://github.com/avatar.png".to_string())
    );

    // Check raw profile storage
    let raw_profile = profile.additional_data.get("raw_profile").unwrap();
    assert_eq!(raw_profile, &json_response);
}

#[test]
fn test_extract_profile_google() {
    let provider = OAuthProvider::Google;
    let json_response = json!({
        "sub": "987654321",
        "name": "Test Google User",
        "email": "google@example.com",
        "email_verified": true,
        "picture": "https://google.com/photo.jpg",
        "locale": "en"
    });

    let profile = provider.extract_profile(&provider, json_response).unwrap();

    assert_eq!(profile.id, Some("987654321".to_string()));
    assert_eq!(profile.name, Some("Test Google User".to_string()));
    assert_eq!(profile.email, Some("google@example.com".to_string()));
    assert_eq!(profile.email_verified, Some(true));
    assert_eq!(
        profile.picture,
        Some("https://google.com/photo.jpg".to_string())
    );
    assert_eq!(profile.locale, Some("en".to_string()));
}

#[test]
fn test_extract_profile_custom() {
    let config = OAuthProvider::GitHub.config();
    let provider = OAuthProvider::Custom {
        name: "CustomProvider".to_string(),
        config: Box::new(config),
    };

    let json_response = json!({
        "id": "custom123",
        "username": "custom_user",
        "display_name": "Custom User",
        "email": "custom@example.com",
        "avatar": "https://custom.com/avatar.png"
    });

    let profile = provider.extract_profile(&provider, json_response).unwrap();

    assert_eq!(profile.id, Some("custom123".to_string()));
    assert_eq!(profile.username, Some("custom_user".to_string()));
    assert_eq!(profile.name, Some("Custom User".to_string()));
    assert_eq!(profile.email, Some("custom@example.com".to_string()));
    assert_eq!(
        profile.picture,
        Some("https://custom.com/avatar.png".to_string())
    );
}

#[tokio::test]
async fn test_from_id_token() {
    // Use a valid JWT with correct base64url encoding and claims
    use base64::engine::general_purpose::URL_SAFE_NO_PAD;
    let header = URL_SAFE_NO_PAD.encode(r#"{"alg":"HS256","typ":"JWT"}"#);
    let payload =
        URL_SAFE_NO_PAD.encode(r#"{"sub":"12345","name":"John Doe","email":"john@example.com"}"#);
    let id_token = format!("{}.{}.{}", header, payload, "dummy_signature");

    let profile = ProviderProfile::from_id_token(&id_token).unwrap();
    assert_eq!(profile.id, Some("12345".to_string()));
    assert_eq!(profile.name, Some("John Doe".to_string()));
    assert_eq!(profile.email, Some("john@example.com".to_string()));
}

#[test]
fn test_user_profile_display_name() {
    // Test with name present
    let profile1 = ProviderProfile::new()
        .with_name(Some("Display Name"))
        .with_username(Some("username"));
    assert_eq!(profile1.display_name(), Some("Display Name"));

    // Test fallback to username
    let profile2 = ProviderProfile::new().with_username(Some("username"));
    assert_eq!(profile2.display_name(), Some("username"));

    // Test with neither present
    let profile3 = ProviderProfile::new();
    assert_eq!(profile3.display_name(), None);
}

#[test]
fn test_to_auth_token() {
    let profile = ProviderProfile::new()
        .with_id("12345")
        .with_provider("github")
        .with_name(Some("Test User"))
        .with_email(Some("test@example.com"));

    let token = profile.to_auth_token("access_token_value".to_string());

    assert_eq!(token.token_value(), "access_token_value");
    let token_type = token.token_type().unwrap_or_default().to_lowercase();
    assert!(
        token_type == "bearer",
        "token_type should be 'bearer', got: {}",
        token_type
    );
    // The subject should match the id field
    assert_eq!(token.subject, Some("12345".to_string()));
    assert_eq!(token.issuer, Some("github".to_string()));

    // Check the embedded profile
    let embedded_profile = token.user_profile.unwrap();
    assert_eq!(embedded_profile.id, Some("12345".to_string()));
    assert_eq!(embedded_profile.name, Some("Test User".to_string()));
}