-
-
Notifications
You must be signed in to change notification settings - Fork 364
/
flow_explicit_auth_test.go
139 lines (125 loc) · 4.19 KB
/
flow_explicit_auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package openid
import (
"context"
"fmt"
"net/url"
"testing"
"github.com/ory/fosite/internal/gen"
"github.com/golang/mock/gomock"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
"github.com/ory/fosite"
"github.com/ory/fosite/internal"
"github.com/ory/fosite/token/jwt"
)
// expose key to verify id_token
var key = gen.MustRSAKey()
func makeOpenIDConnectExplicitHandler(ctrl *gomock.Controller, minParameterEntropy int) (OpenIDConnectExplicitHandler, *internal.MockOpenIDConnectRequestStorage) {
store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
config := &fosite.Config{MinParameterEntropy: minParameterEntropy}
var j = &DefaultStrategy{
Signer: &jwt.DefaultSigner{
GetPrivateKey: func(ctx context.Context) (interface{}, error) {
return key, nil
},
},
Config: config,
}
return OpenIDConnectExplicitHandler{
OpenIDConnectRequestStorage: store,
IDTokenHandleHelper: &IDTokenHandleHelper{
IDTokenStrategy: j,
},
OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(j.Signer, config),
Config: config,
}, store
}
func TestExplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
session := NewDefaultSession()
session.Claims.Subject = "foo"
areq.Session = session
areq.Form = url.Values{
"redirect_uri": {"https://foobar.com"},
}
for k, c := range []struct {
description string
setup func() OpenIDConnectExplicitHandler
expectErr error
}{
{
description: "should pass because not responsible for handling an empty response type",
setup: func() OpenIDConnectExplicitHandler {
h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
areq.ResponseTypes = fosite.Arguments{""}
return h
},
},
{
description: "should pass because scope openid is not set",
setup: func() OpenIDConnectExplicitHandler {
h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
areq.ResponseTypes = fosite.Arguments{"code"}
areq.Client = &fosite.DefaultClient{
ResponseTypes: fosite.Arguments{"code"},
}
areq.RequestedScope = fosite.Arguments{""}
return h
},
},
{
description: "should fail because no code set",
setup: func() OpenIDConnectExplicitHandler {
h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
areq.GrantedScope = fosite.Arguments{"openid"}
areq.Form.Set("nonce", "11111111111111111111111111111")
aresp.EXPECT().GetCode().Return("")
return h
},
expectErr: fosite.ErrMisconfiguration,
},
{
description: "should fail because lookup fails",
setup: func() OpenIDConnectExplicitHandler {
h, store := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
aresp.EXPECT().GetCode().AnyTimes().Return("codeexample")
store.EXPECT().CreateOpenIDConnectSession(gomock.Any(), "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).Return(errors.New(""))
return h
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() OpenIDConnectExplicitHandler {
h, store := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
store.EXPECT().CreateOpenIDConnectSession(gomock.Any(), "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).AnyTimes().Return(nil)
return h
},
},
{
description: "should fail because redirect url is missing",
setup: func() OpenIDConnectExplicitHandler {
areq.Form.Del("redirect_uri")
h, store := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
store.EXPECT().CreateOpenIDConnectSession(gomock.Any(), "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).AnyTimes().Return(nil)
return h
},
expectErr: fosite.ErrInvalidRequest,
},
} {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
h := c.setup()
err := h.HandleAuthorizeEndpointRequest(context.Background(), areq, aresp)
if c.expectErr != nil {
require.EqualError(t, err, c.expectErr.Error())
} else {
require.NoError(t, err)
}
})
}
}