Oidc: Improve config internals & adapt tests #782

internal/api/api_test.go

@@ -26,6 +26,15 @@ func NewApiTest() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config
 	return app, router, service.Config()
 }
 
+// NewApiTestWithOIDC returns new API test helper configured for OIDC.
+func NewApiTestWithOIDC() (app *gin.Engine, router *gin.RouterGroup, conf *config.Config) {
+	app, router, conf = NewApiTest()
+	conf.Options().OidcIssuerUrl = "http://dummy-oidc:9998"
+	conf.Options().OidcClientID = "native"
+	conf.Options().OidcClientSecret = "random"
+	return app, router, conf
+}
+
 // AuthenticateAdmin Register session routes and returns valid SessionId.
 // Call this func after registering other routes and before performing other requests.
 func AuthenticateAdmin(app *gin.Engine, router *gin.RouterGroup) (sessId string) {

internal/api/auth.go

@@ -14,7 +14,7 @@ import (
 // GET /api/v1/auth/
 func AuthEndpoints(router *gin.RouterGroup) {
 	conf := service.Config()
-	if conf.OidcIssuerUrl() == nil || conf.OidcClientId() == "" || conf.OidcClientSecret() == "" {
+	if conf.OidcIssuerUrl().String() == "" || conf.OidcClientId() == "" || conf.OidcClientSecret() == "" {
 		log.Debugf("no oidc provider configured. skip mounting endpoints")
 		return
 	}

internal/api/auth_test.go

@@ -12,7 +12,7 @@ import (
 
 func TestAuthEndpoints(t *testing.T) {
 	t.Run("successful oidc authentication", func(t *testing.T) {
-		app, router, _ := NewApiTest()
+		app, router, _ := NewApiTestWithOIDC()
 		AuthEndpoints(router)
 
 		// Step 1a: Request AuthURL
@@ -55,7 +55,7 @@ func TestAuthEndpoints(t *testing.T) {
 	})
 
 	t.Run("oidc authentication: missing cookie", func(t *testing.T) {
-		app, router, _ := NewApiTest()
+		app, router, _ := NewApiTestWithOIDC()
 		AuthEndpoints(router)
 
 		// Step 1a: Request AuthURL

internal/api/session.go

@@ -66,7 +66,7 @@ func CreateSession(router *gin.RouterGroup) {
 				return
 			}
 
-			oidcEnabled := conf.OidcIssuerUrl() != nil && conf.OidcClientId() != "" && conf.OidcClientSecret() != ""
+			oidcEnabled := conf.OidcIssuerUrl().String() == "" && conf.OidcClientId() != "" && conf.OidcClientSecret() != ""
 			if user.ID != entity.Admin.ID && oidcEnabled && !user.External() {
 				log.Warn("Internal users are disabled when using OpenID Connect")
 				c.AbortWithStatusJSON(400, gin.H{"error": i18n.Msg(i18n.ErrInvalidCredentials)})

internal/commands/users.go

@@ -288,7 +288,7 @@ func usersUpdateAction(ctx *cli.Context) error {
 func callWithDependencies(ctx *cli.Context, f func(conf *config.Config) error) error {
 	conf := config.NewConfig(ctx)
 
-	if conf.OidcIssuerUrl() != nil && conf.OidcClientId() != "" && conf.OidcClientSecret() != "" {
+	if conf.OidcIssuerUrl().String() == "" && conf.OidcClientId() != "" && conf.OidcClientSecret() != "" {
 		log.Warn("Internal users are disabled when using OpenID Connect")
 	}
 

internal/config/oidc.go

@@ -4,12 +4,12 @@ import "net/url"
 
 func (c *Config) OidcIssuerUrl() *url.URL {
 	if c.Options().OidcIssuerUrl == "" {
-		return nil
+		return new(url.URL)
 	}
 	res, err := url.Parse(c.Options().OidcIssuerUrl)
 	if err != nil {
 		log.Debugf("error parsing oidc issuer url: %q", err)
-		return nil
+		return new(url.URL)
 	}
 	return res
 }

internal/config/test.go

@@ -52,31 +52,28 @@ func NewTestOptions() *Options {
 	}
 
 	c := &Options{
-		Name:             "PhotoPrism",
-		Version:          "0.0.0",
-		Copyright:        "(c) 2018-2021 Michael Mayer",
-		Debug:            true,
-		Public:           true,
-		Experimental:     true,
-		ReadOnly:         false,
-		DetectNSFW:       true,
-		UploadNSFW:       false,
-		AssetsPath:       assetsPath,
-		AutoIndex:        -1,
-		AutoImport:       7200,
-		StoragePath:      testDataPath,
-		CachePath:        testDataPath + "/cache",
-		OriginalsPath:    testDataPath + "/originals",
-		ImportPath:       testDataPath + "/import",
-		TempPath:         testDataPath + "/temp",
-		ConfigPath:       testDataPath + "/config",
-		SidecarPath:      testDataPath + "/sidecar",
-		DatabaseDriver:   dbDriver,
-		DatabaseDsn:      dbDsn,
-		AdminPassword:    "photoprism",
-		OidcIssuerUrl:    "http://dummy-oidc:9998",
-		OidcClientID:     "native",
-		OidcClientSecret: "random",
+		Name:           "PhotoPrism",
+		Version:        "0.0.0",
+		Copyright:      "(c) 2018-2021 Michael Mayer",
+		Debug:          true,
+		Public:         true,
+		Experimental:   true,
+		ReadOnly:       false,
+		DetectNSFW:     true,
+		UploadNSFW:     false,
+		AssetsPath:     assetsPath,
+		AutoIndex:      -1,
+		AutoImport:     7200,
+		StoragePath:    testDataPath,
+		CachePath:      testDataPath + "/cache",
+		OriginalsPath:  testDataPath + "/originals",
+		ImportPath:     testDataPath + "/import",
+		TempPath:       testDataPath + "/temp",
+		ConfigPath:     testDataPath + "/config",
+		SidecarPath:    testDataPath + "/sidecar",
+		DatabaseDriver: dbDriver,
+		DatabaseDsn:    dbDsn,
+		AdminPassword:  "photoprism",
 	}
 
 	return c