make retrieval of idp well known config reusable

Author: MichaelEischer

internal/pkg/auth/user_login.go

@@ -51,23 +51,9 @@ type apiClient interface {
 
 // AuthorizeUser implements the PKCE OAuth2 flow.
 func AuthorizeUser(p *print.Printer, isReauthentication bool) error {
-	idpWellKnownConfigURL, err := getIDPWellKnownConfigURL()
+	idpWellKnownConfig, err := retrieveIDPWellKnownConfig(p)
 	if err != nil {
-		return fmt.Errorf("get IDP well-known configuration: %w", err)
-	}
-	if idpWellKnownConfigURL != defaultWellKnownConfig {
-		p.Warn("You are using a custom identity provider well-known configuration (%s) for authentication.\n", idpWellKnownConfigURL)
-		err := p.PromptForEnter("Press Enter to proceed with the login...")
-		if err != nil {
-			return err
-		}
-	}
-
-	p.Debug(print.DebugLevel, "get IDP well-known configuration from %s", idpWellKnownConfigURL)
-	httpClient := &http.Client{}
-	idpWellKnownConfig, err := parseWellKnownConfiguration(httpClient, idpWellKnownConfigURL)
-	if err != nil {
-		return fmt.Errorf("parse IDP well-known configuration: %w", err)
+		return err
 	}
 
 	idpClientID, err := GetIDPClientID()
@@ -352,48 +338,3 @@ func openBrowser(pageUrl string) error {
 	}
 	return nil
 }
-
-// parseWellKnownConfiguration gets the well-known OpenID configuration from the provided URL and returns it as a JSON
-// the method also stores the IDP token endpoint in the authentication storage
-func parseWellKnownConfiguration(httpClient apiClient, wellKnownConfigURL string) (wellKnownConfig *wellKnownConfig, err error) {
-	req, _ := http.NewRequest("GET", wellKnownConfigURL, http.NoBody)
-	res, err := httpClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("make the request: %w", err)
-	}
-
-	// Process the response
-	defer func() {
-		closeErr := res.Body.Close()
-		if closeErr != nil {
-			err = fmt.Errorf("close response body: %w", closeErr)
-		}
-	}()
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, fmt.Errorf("read response body: %w", err)
-	}
-
-	err = json.Unmarshal(body, &wellKnownConfig)
-	if err != nil {
-		return nil, fmt.Errorf("unmarshal response: %w", err)
-	}
-	if wellKnownConfig == nil {
-		return nil, fmt.Errorf("nil well-known configuration response")
-	}
-	if wellKnownConfig.Issuer == "" {
-		return nil, fmt.Errorf("found no issuer")
-	}
-	if wellKnownConfig.AuthorizationEndpoint == "" {
-		return nil, fmt.Errorf("found no authorization endpoint")
-	}
-	if wellKnownConfig.TokenEndpoint == "" {
-		return nil, fmt.Errorf("found no token endpoint")
-	}
-
-	err = SetAuthField(IDP_TOKEN_ENDPOINT, wellKnownConfig.TokenEndpoint)
-	if err != nil {
-		return nil, fmt.Errorf("set token endpoint in the authentication storage: %w", err)
-	}
-	return wellKnownConfig, err
-}

internal/pkg/auth/user_login_test.go

@@ -5,10 +5,6 @@ import (
 	"io"
 	"net/http"
 	"strings"
-	"testing"
-
-	"github.com/google/go-cmp/cmp"
-	"github.com/zalando/go-keyring"
 )
 
 type apiClientMocked struct {
@@ -28,83 +24,3 @@ func (a *apiClientMocked) Do(_ *http.Request) (*http.Response, error) {
 		Body:       io.NopCloser(strings.NewReader(a.getResponse)),
 	}, nil
 }
-
-func TestParseWellKnownConfig(t *testing.T) {
-	tests := []struct {
-		name        string
-		getFails    bool
-		getResponse string
-		isValid     bool
-		expected    *wellKnownConfig
-	}{
-		{
-			name:        "success",
-			getFails:    false,
-			getResponse: `{"issuer":"issuer","authorization_endpoint":"auth","token_endpoint":"token"}`,
-			isValid:     true,
-			expected: &wellKnownConfig{
-				Issuer:                "issuer",
-				AuthorizationEndpoint: "auth",
-				TokenEndpoint:         "token",
-			},
-		},
-		{
-			name:        "get_fails",
-			getFails:    true,
-			getResponse: "",
-			isValid:     false,
-			expected:    nil,
-		},
-		{
-			name:        "empty_response",
-			getFails:    true,
-			getResponse: "",
-			isValid:     false,
-			expected:    nil,
-		},
-		{
-			name:        "missing_issuer",
-			getFails:    true,
-			getResponse: `{"authorization_endpoint":"auth","token_endpoint":"token"}`,
-			isValid:     false,
-			expected:    nil,
-		},
-		{
-			name:        "missing_authorization",
-			getFails:    true,
-			getResponse: `{"issuer":"issuer","token_endpoint":"token"}`,
-			isValid:     false,
-			expected:    nil,
-		},
-		{
-			name:        "missing_token",
-			getFails:    true,
-			getResponse: `{"issuer":"issuer","authorization_endpoint":"auth"}`,
-			isValid:     false,
-			expected:    nil,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			keyring.MockInit()
-
-			testClient := apiClientMocked{
-				tt.getFails,
-				tt.getResponse,
-			}
-
-			got, err := parseWellKnownConfiguration(&testClient, "")
-
-			if tt.isValid && err != nil {
-				t.Fatalf("expected no error, got %v", err)
-			}
-			if !tt.isValid && err == nil {
-				t.Fatalf("expected error, got none")
-			}
-
-			if tt.isValid && !cmp.Equal(*got, *tt.expected) {
-				t.Fatalf("expected %v, got %v", tt.expected, got)
-			}
-		})
-	}
-}

internal/pkg/auth/utils.go

@@ -1,10 +1,14 @@
 package auth
 
 import (
+	"encoding/json"
 	"fmt"
+	"io"
+	"net/http"
 
 	"github.com/spf13/viper"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/config"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/print"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
 )
 
@@ -39,3 +43,70 @@ func GetIDPClientID() (string, error) {
 
 	return idpClientID, nil
 }
+
+func retrieveIDPWellKnownConfig(p *print.Printer) (*wellKnownConfig, error) {
+	idpWellKnownConfigURL, err := getIDPWellKnownConfigURL()
+	if err != nil {
+		return nil, fmt.Errorf("get IDP well-known configuration: %w", err)
+	}
+	if idpWellKnownConfigURL != defaultWellKnownConfig {
+		p.Warn("You are using a custom identity provider well-known configuration (%s) for authentication.\n", idpWellKnownConfigURL)
+		err := p.PromptForEnter("Press Enter to proceed with the login...")
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	p.Debug(print.DebugLevel, "get IDP well-known configuration from %s", idpWellKnownConfigURL)
+	httpClient := &http.Client{}
+	idpWellKnownConfig, err := parseWellKnownConfiguration(httpClient, idpWellKnownConfigURL)
+	if err != nil {
+		return nil, fmt.Errorf("parse IDP well-known configuration: %w", err)
+	}
+	return idpWellKnownConfig, nil
+}
+
+// parseWellKnownConfiguration gets the well-known OpenID configuration from the provided URL and returns it as a JSON
+// the method also stores the IDP token endpoint in the authentication storage
+func parseWellKnownConfiguration(httpClient apiClient, wellKnownConfigURL string) (wellKnownConfig *wellKnownConfig, err error) {
+	req, _ := http.NewRequest("GET", wellKnownConfigURL, http.NoBody)
+	res, err := httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("make the request: %w", err)
+	}
+
+	// Process the response
+	defer func() {
+		closeErr := res.Body.Close()
+		if closeErr != nil {
+			err = fmt.Errorf("close response body: %w", closeErr)
+		}
+	}()
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		return nil, fmt.Errorf("read response body: %w", err)
+	}
+
+	err = json.Unmarshal(body, &wellKnownConfig)
+	if err != nil {
+		return nil, fmt.Errorf("unmarshal response: %w", err)
+	}
+	if wellKnownConfig == nil {
+		return nil, fmt.Errorf("nil well-known configuration response")
+	}
+	if wellKnownConfig.Issuer == "" {
+		return nil, fmt.Errorf("found no issuer")
+	}
+	if wellKnownConfig.AuthorizationEndpoint == "" {
+		return nil, fmt.Errorf("found no authorization endpoint")
+	}
+	if wellKnownConfig.TokenEndpoint == "" {
+		return nil, fmt.Errorf("found no token endpoint")
+	}
+
+	err = SetAuthField(IDP_TOKEN_ENDPOINT, wellKnownConfig.TokenEndpoint)
+	if err != nil {
+		return nil, fmt.Errorf("set token endpoint in the authentication storage: %w", err)
+	}
+	return wellKnownConfig, err
+}

internal/pkg/auth/utils_test.go

@@ -3,8 +3,10 @@ package auth
 import (
 	"testing"
 
+	"github.com/google/go-cmp/cmp"
 	"github.com/spf13/viper"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/config"
+	"github.com/zalando/go-keyring"
 )
 
 func TestGetWellKnownConfig(t *testing.T) {
@@ -118,3 +120,83 @@ func TestGetIDPClientID(t *testing.T) {
 		})
 	}
 }
+
+func TestParseWellKnownConfig(t *testing.T) {
+	tests := []struct {
+		name        string
+		getFails    bool
+		getResponse string
+		isValid     bool
+		expected    *wellKnownConfig
+	}{
+		{
+			name:        "success",
+			getFails:    false,
+			getResponse: `{"issuer":"issuer","authorization_endpoint":"auth","token_endpoint":"token"}`,
+			isValid:     true,
+			expected: &wellKnownConfig{
+				Issuer:                "issuer",
+				AuthorizationEndpoint: "auth",
+				TokenEndpoint:         "token",
+			},
+		},
+		{
+			name:        "get_fails",
+			getFails:    true,
+			getResponse: "",
+			isValid:     false,
+			expected:    nil,
+		},
+		{
+			name:        "empty_response",
+			getFails:    true,
+			getResponse: "",
+			isValid:     false,
+			expected:    nil,
+		},
+		{
+			name:        "missing_issuer",
+			getFails:    true,
+			getResponse: `{"authorization_endpoint":"auth","token_endpoint":"token"}`,
+			isValid:     false,
+			expected:    nil,
+		},
+		{
+			name:        "missing_authorization",
+			getFails:    true,
+			getResponse: `{"issuer":"issuer","token_endpoint":"token"}`,
+			isValid:     false,
+			expected:    nil,
+		},
+		{
+			name:        "missing_token",
+			getFails:    true,
+			getResponse: `{"issuer":"issuer","authorization_endpoint":"auth"}`,
+			isValid:     false,
+			expected:    nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			keyring.MockInit()
+
+			testClient := apiClientMocked{
+				tt.getFails,
+				tt.getResponse,
+			}
+
+			got, err := parseWellKnownConfiguration(&testClient, "")
+
+			if tt.isValid && err != nil {
+				t.Fatalf("expected no error, got %v", err)
+			}
+			if !tt.isValid && err == nil {
+				t.Fatalf("expected error, got none")
+			}
+
+			if tt.isValid && !cmp.Equal(*got, *tt.expected) {
+				t.Fatalf("expected %v, got %v", tt.expected, got)
+			}
+		})
+	}
+}