// X-Auth-Uri が ID プロバイダでないなら response_type を code id_token にすることの検査。
func TestAuthForSelector(t *testing.T) {
// ////////////////////////////////
// logutil.SetupConsole(logRoot, level.ALL)
// defer logutil.SetupConsole(logRoot, level.OFF)
// ////////////////////////////////
page := newTestPage([]jwk.Key{test_taKey}, []idpdb.Element{test_idp})
r, err := newAuthRequest()
if err != nil {
t.Fatal(err)
}
r.Header.Set("X-Auth-Uri", test_idp.Id()+"a/auth")
w := httptest.NewRecorder()
page.HandleAuth(w, r)
if w.Code != http.StatusFound {
t.Error(w.Code)
t.Fatal(http.StatusFound)
} else if uri, err := url.Parse(w.HeaderMap.Get("Location")); err != nil {
t.Fatal(err)
} else if q := uri.Query(); len(q) == 0 {
t.Fatal("no query")
} else if respType, respType2 := strsetutil.New("code", "id_token"), request.FormValueSet(q.Get("response_type")); !reflect.DeepEqual(respType2, respType) {
t.Error(respType2)
t.Fatal(respType)
}
}
func TestCoopResponse(t *testing.T) {
tok := "McnSl40-QRtAxBoBOmj9GJfALyNdJy"
tokType := "Bearer"
expIn := 2817 * time.Second
scop := strsetutil.New("openid")
idsTok := []byte("eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjcwMDAiLCJleHAiOjE0MzI4MjI1MzMsImlhdCI6MTQzMjgwMDkzMywiaWRzIjp7Im1haW4iOnsic3ViIjoiWi0wWnRGZWlyaU1kWkZIYlNDR3ZDbHplclBYWkU5SGJKNWlaREx2X3hVWSJ9fSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDoxNjA0Iiwic3ViIjoiaHR0cDovL2xvY2FsaG9zdDo3MDAwIn0.JRCRQRJkE5UTwniZqYf6Y-DncD58Qs0GQe5SF7A_K66nymZR9mUrXWj0rAG6NcXEsH5IpoFfcYUVLylx_XxyrKNK8ynGgiGwOblNW41rb2FmLmtFdf3Y03z9ID5hWJsEJmyup071s5WUeURAa3xv-h-t-cSBqXIv_R-TPWGyWSKVSe6lKudfOh74rrG_5IHheFs3hKiyw9viVJRV9sOekcrV93ppdUweguxx_AgSjFhdEh6atmUy5ft3Oz3doqfSQHQ2xMR_V9cFryzXrfJDyual4KBFMQHJ3LU2kyuoebKpHjwT5Iv3Bn-QY7U_SIO4vvcBuOcvjNyWyymla6KzPA")
body, err := json.Marshal(map[string]interface{}{
"access_token": tok,
"token_type": tokType,
"expires_in": int(expIn / time.Second),
"scope": requtil.ValueSetForm(scop),
"ids_token": string(idsTok),
})
if err != nil {
t.Fatal(err)
}
r, err := http.ReadResponse(bufio.NewReader(io.MultiReader(
strings.NewReader("HTTP/1.1 200 OK\r\n"+"Content-Type: application/json\r\n"+"\r\n"),
bytes.NewReader(body),
)), nil)
if err != nil {
t.Fatal(err)
}
resp, err := parseCoopResponse(r)
if err != nil {
t.Fatal(err)
} else if resp.token() != tok {
t.Error(resp.token())
t.Fatal(tok)
} else if resp.tokenType() != tokType {
t.Error(resp.tokenType())
t.Fatal(tokType)
} else if resp.expiresIn() != expIn {
t.Error(resp.expiresIn())
t.Fatal(expIn)
} else if !reflect.DeepEqual(resp.scope(), scop) {
t.Error(resp.scope())
t.Fatal(scop)
} else if !bytes.Equal(resp.idsToken(), idsTok) {
t.Error(resp.idsToken())
t.Fatal(idsTok)
}
}
if hndl.sigKid != "" {
ass.SetHeader(tagKid, hndl.sigKid)
}
ass.SetClaim(tagIss, hndl.selfId)
ass.SetClaim(tagSub, hndl.selfId)
ass.SetClaim(tagAud, aud)
ass.SetClaim(tagJti, hndl.idGen.String(hndl.jtiLen))
now := time.Now()
ass.SetClaim(tagExp, now.Add(hndl.jtiExpIn).Unix())
ass.SetClaim(tagIat, now.Unix())
if err := ass.Sign(keys); err != nil {
return nil, erro.Wrap(err)
}
data, err := ass.Encode()
if err != nil {
return nil, erro.Wrap(err)
}
return data, nil
}
// セッションを発行しても良い属性かどうか。
func sessionEnable(attrName string) bool {
return sessEnAttrs[attrName]
}
var sessEnAttrs = strsetutil.New(
tagIss,
tagSub,
)
