From 308ce7c964a625c43a1860771c04990ebea472e7 Mon Sep 17 00:00:00 2001
From: Richard87 <richard.hagen@gmail.com>
Date: Thu, 18 Apr 2024 10:02:49 +0200
Subject: [PATCH] add tests

---
 .github/workflows/pr.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 43be949..b4bedf9 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -68,6 +68,12 @@ jobs:
             script: |
               return await core.getIDToken()
             result-encoding: string
+        - uses: actions/github-script@v7
+          id: get-invalid-aud-id-token
+          with:
+            script: |
+              return await core.getIDToken("invalid-audience")
+            result-encoding: string
         - name: Test Auth
           env:
             LOG_PRETTY: True
@@ -76,6 +82,7 @@ jobs:
             AUDIENCE: "https://github.com/equinor"
             SUBJECTS: repo:equinor/radix-oauth-guard:pull_request
             GH_TOKEN: ${{ steps.get-id-token.outputs.result }}
+            INVALID_GH_TOKEN: ${{ steps.get-invalid-aud-id-token.outputs.result }}
           run: |
             function assert() {
               local $token="${1}"
@@ -91,6 +98,9 @@ jobs:
             sleep 2s
             
             assert "${GH_TOKEN}" "200" "Valid token is OK"
+            assert "" "401" "No token is unauthorized"
+            assert "ABCD${GH_TOKEN}" "403" "Invalid token is forbidden"
+            assert "${INVALID_GH_TOKEN}" "403" "Wrong Audience is forbidden"
             
             kill -9 $GO_PID
             echo "Curl status code: ${CURL_RESPONSE}!"