Ejemplo n.º 1
0
func authEndpoint(rw http.ResponseWriter, req *http.Request) {
	ctx := NewContext()

	ar, err := oauth2.NewAuthorizeRequest(ctx, req)
	if err != nil {
		log.Printf("Error occurred in NewAuthorizeRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
		oauth2.WriteAuthorizeError(rw, ar, err)
		return
	}

	if req.Form.Get("username") != "peter" {
		rw.Header().Set("Content-Type", "text/html; charset=utf-8")
		rw.Write([]byte(`<h1>Login page</h1>`))
		rw.Write([]byte(`
			<p>Howdy! This is the log in page. For this example, it is enough to supply the username.</p>
			<form method="post">
				<input type="text" name="username" /> <small>try peter</small><br>
				<input type="submit">
			</form>
		`))
		return
	}

	// Normally, this would be the place where you would check if the user is logged in and gives his consent.
	// For this test, let's assume that the user exists, is logged in, and gives his consent...

	if typeof(*selectedStrategy) == "strategy.JWTStrategy" {
		// JWT
		claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
			time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

		mySessionData := strategy.JWTSession{
			JWTClaimsCtx: *claims,
			JWTHeaders:   make(map[string]interface{}),
		}

		response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData)
		if err != nil {
			log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAuthorizeError(rw, ar, err)
			return
		}
		oauth2.WriteAuthorizeResponse(rw, ar, response)

	} else {
		// HMAC
		mySessionData := session{User: "******"}

		response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData)
		if err != nil {
			log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAuthorizeError(rw, ar, err)
			return
		}
		oauth2.WriteAuthorizeResponse(rw, ar, response)
	}
}
Ejemplo n.º 2
0
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
	ctx := NewContext()

	if typeof(*selectedStrategy) == "strategy.JWTStrategy" {
		// JWT
		claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
			time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

		mySessionData := strategy.JWTSession{
			JWTClaimsCtx: *claims,
			JWTHeaders:   make(map[string]interface{}),
		}

		accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData)
		if err != nil {
			log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAccessError(rw, accessRequest, err)
			return
		}

		response, err := oauth2.NewAccessResponse(ctx, req, accessRequest)
		if err != nil {
			log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAccessError(rw, accessRequest, err)
			return
		}

		oauth2.WriteAccessResponse(rw, accessRequest, response)
	} else {
		// HMAC
		mySessionData := session{}

		accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData)
		if err != nil {
			log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAccessError(rw, accessRequest, err)
			return
		}

		response, err := oauth2.NewAccessResponse(ctx, req, accessRequest)
		if err != nil {
			log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
			oauth2.WriteAccessError(rw, accessRequest, err)
			return
		}

		oauth2.WriteAccessResponse(rw, accessRequest, response)
	}
}
Ejemplo n.º 3
0
func TestRejectsAlgAndTypHeader(t *testing.T) {
	for _, headers := range []map[string]interface{}{
		{"alg": "foo"},
		{"typ": "foo"},
		{"typ": "foo", "alg": "foo"},
	} {
		claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
			time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

		j := JWTEnigma{
			PrivateKey: []byte(TestCertificates[0][1]),
			PublicKey:  []byte(TestCertificates[1][1]),
		}
		_, _, err := j.Generate(claims, headers)
		assert.NotNil(t, err)
	}
}
Ejemplo n.º 4
0
func TestGenerateJWT(t *testing.T) {
	claims, err := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
		time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

	j := JWTEnigma{
		PrivateKey: []byte(TestCertificates[0][1]),
		PublicKey:  []byte(TestCertificates[1][1]),
	}

	token, sig, err := j.Generate(claims, make(map[string]interface{}))
	require.Nil(t, err, "%s", err)
	require.NotNil(t, token)

	sig, err = j.Validate(token)
	require.Nil(t, err, "%s", err)

	sig, err = j.Validate(token + "." + "0123456789")
	require.NotNil(t, err, "%s", err)

	partToken := strings.Split(token, ".")[2]

	sig, err = j.Validate(partToken)
	require.NotNil(t, err, "%s", err)

	// Lets change the public certificate to a different public one...
	j.PublicKey = []byte("new")

	_, err = j.Validate(token)
	require.NotNil(t, err, "%s", err)

	// Reset public key
	j.PublicKey = []byte(TestCertificates[1][1])

	// Lets change the private certificate to a different one...
	j.PrivateKey = []byte("new")
	_, _, err = j.Generate(claims, make(map[string]interface{}))
	require.NotNil(t, err, "%s", err)

	// Reset private key
	j.PrivateKey = []byte(TestCertificates[0][1])

	// Lets validate the exp claim
	claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
		time.Now().Add(-time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

	token, sig, err = j.Generate(claims, make(map[string]interface{}))
	require.Nil(t, err, "%s", err)
	require.NotNil(t, token)
	t.Logf("%s.%s", token, sig)

	sig, err = j.Validate(token)
	require.NotNil(t, err, "%s", err)

	// Lets validate the nbf claim
	claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
		time.Now().Add(time.Hour), time.Now().Add(time.Hour), time.Now(), make(map[string]interface{}))

	token, sig, err = j.Generate(claims, make(map[string]interface{}))
	require.Nil(t, err, "%s", err)
	require.NotNil(t, token)
	t.Logf("%s.%s", token, sig)

	sig, err = j.Validate(token)
	require.NotNil(t, err, "%s", err)

}
Ejemplo n.º 5
0
	"github.com/ory-am/fosite/enigma/jwthelper"
	"github.com/stretchr/testify/assert"
)

var s = HMACSHAStrategy{
	Enigma: &enigma.HMACSHAEnigma{GlobalSecret: []byte("foobarfoobarfoobarfoobar")},
}

var j = &JWTStrategy{
	Enigma: &enigma.JWTEnigma{
		PrivateKey: []byte(enigma.TestCertificates[0][1]),
		PublicKey:  []byte(enigma.TestCertificates[1][1]),
	},
}

var claims, claimsErr = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
	time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))

var r = &fosite.Request{
	Client: &client.SecureClient{
		Secret: []byte("foobarfoobarfoobarfoobar"),
	},

	Session: &JWTSession{
		JWTClaimsCtx: *claims,
		JWTHeaders:   make(map[string]interface{}),
	},
}

func TestAccessToken(t *testing.T) {
	// HMAC
	token, signature, err := s.GenerateAccessToken(nil, nil, r)