func TestManagerKeySet(t *testing.T) {
ks, _ := testGenerator.Generate("")
ks.Key("private")
for name, m := range managers {
_, err := m.GetKeySet("foo")
pkg.AssertError(t, true, err, name)
err = m.AddKeySet("bar", ks)
pkg.AssertError(t, false, err, name)
time.Sleep(time.Millisecond * 100)
got, err := m.GetKeySet("bar")
pkg.RequireError(t, false, err, name)
assert.Equal(t, ks.Key("public"), got.Key("public"), name)
assert.Equal(t, ks.Key("private"), got.Key("private"), name)
err = m.DeleteKeySet("bar")
pkg.AssertError(t, false, err, name)
time.Sleep(time.Millisecond * 100)
_, err = m.GetKeySet("bar")
pkg.AssertError(t, true, err, name)
}
err := managers["http"].AddKeySet("nonono", ks)
pkg.AssertError(t, true, err, "%s")
}
func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) {
ctx := context.Background()
for k, m := range clientManagers {
_, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
pkg.AssertError(t, true, err, "%s", k)
err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest)
pkg.AssertError(t, false, err, "%s", k)
time.Sleep(100 * time.Millisecond)
res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{
Session: &testSession{},
})
pkg.RequireError(t, false, err, "%s", k)
c.AssertObjectKeysEqual(t, &defaultRequest, res, "Scopes", "GrantedScopes", "Form", "Session")
err = m.DeleteOpenIDConnectSession(ctx, "4321")
pkg.AssertError(t, false, err, "%s", k)
time.Sleep(100 * time.Millisecond)
_, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
pkg.AssertError(t, true, err, "%s", k)
}
}
func TestManagerKey(t *testing.T) {
ks, _ := testGenerator.Generate("")
priv := ks.Key("private")
pub := ks.Key("public")
for name, m := range managers {
t.Logf("Running test %s", name)
_, err := m.GetKey("faz", "baz")
pkg.AssertError(t, true, err, name)
err = m.AddKey("faz", First(priv))
pkg.AssertError(t, false, err, name)
time.Sleep(time.Millisecond * 100)
got, err := m.GetKey("faz", "private")
pkg.RequireError(t, false, err, name)
assert.Equal(t, priv, got.Keys, "%s", name)
err = m.AddKey("faz", First(pub))
pkg.AssertError(t, false, err, name)
time.Sleep(time.Millisecond * 100)
got, err = m.GetKey("faz", "private")
pkg.RequireError(t, false, err, name)
assert.Equal(t, priv, got.Keys, "%s", name)
got, err = m.GetKey("faz", "public")
pkg.RequireError(t, false, err, name)
assert.Equal(t, pub, got.Keys, "%s", name)
err = m.DeleteKey("faz", "public")
pkg.AssertError(t, false, err, name)
time.Sleep(time.Millisecond * 100)
ks, err = m.GetKey("faz", "public")
pkg.AssertError(t, true, err, name)
}
err := managers["http"].AddKey("nonono", First(priv))
pkg.AssertError(t, true, err, "%s")
}
func TestCreateGetFindDelete(t *testing.T) {
for _, store := range managers {
for _, c := range connections {
_, err := store.Get("asdf")
pkg.RequireError(t, true, err)
err = store.Create(c)
pkg.RequireError(t, false, err)
time.Sleep(100 * time.Millisecond)
res, err := store.Get(c.GetID())
pkg.RequireError(t, false, err)
require.Equal(t, c, res)
cs, err := store.FindAllByLocalSubject("peter")
pkg.RequireError(t, false, err)
assert.Len(t, cs, 1)
require.Equal(t, c, cs[0])
res, err = store.FindByRemoteSubject("google", "peterson")
pkg.RequireError(t, false, err)
require.Equal(t, c, res)
err = store.Delete(c.GetID())
pkg.RequireError(t, false, err)
time.Sleep(100 * time.Millisecond)
_, err = store.Get(c.GetID())
pkg.RequireError(t, true, err)
}
}
}
func TestManagers(t *testing.T) {
p := &ladon.DefaultPolicy{
ID: uuid.New(),
Description: "description",
Subjects: []string{"<peter>"},
Effect: ladon.AllowAccess,
Resources: []string{"<article|user>"},
Actions: []string{"view"},
Conditions: ladon.Conditions{
"ip": &ladon.CIDRCondition{
CIDR: "1234",
},
"owner": &ladon.EqualsSubjectCondition{},
},
}
for k, m := range managers {
_, err := m.Get(p.ID)
pkg.AssertError(t, true, err, k)
pkg.AssertError(t, false, m.Create(p), k)
time.Sleep(200 * time.Millisecond)
res, err := m.Get(p.ID)
pkg.AssertError(t, false, err, k)
assert.Equal(t, p, res, "%s", k)
ps, err := m.FindPoliciesForSubject("peter")
pkg.RequireError(t, false, err, k)
require.Len(t, ps, 1, "%s", k)
assert.Equal(t, p, ps[0], "%s", k)
ps, err = m.FindPoliciesForSubject("stan")
pkg.AssertError(t, false, err, k)
assert.Len(t, ps, 0, "%s", k)
pkg.AssertError(t, false, m.Delete(p.ID), k)
_, err = m.Get(p.ID)
pkg.AssertError(t, true, err, k)
}
}
func TestAuthCode(t *testing.T) {
var code string
var validConsent bool
router.GET("/consent", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
tok, err := jwt.Parse(r.URL.Query().Get("challenge"), func(tt *jwt.Token) (interface{}, error) {
if _, ok := tt.Method.(*jwt.SigningMethodRSA); !ok {
return nil, errors.Errorf("Unexpected signing method: %v", tt.Header["alg"])
}
pk, err := keyManager.GetKey(ConsentChallengeKey, "public")
pkg.RequireError(t, false, err)
return jwk.MustRSAPublic(jwk.First(pk.Keys)), nil
})
pkg.RequireError(t, false, err)
require.True(t, tok.Valid)
consent, err := signConsentToken(map[string]interface{}{
"jti": uuid.New(),
"exp": time.Now().Add(time.Hour).Unix(),
"iat": time.Now().Unix(),
"aud": "app-client",
})
pkg.RequireError(t, false, err)
http.Redirect(w, r, ejwt.ToString(tok.Claims["redir"])+"&consent="+consent, http.StatusFound)
validConsent = true
})
router.GET("/callback", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
code = r.URL.Query().Get("code")
w.Write([]byte(r.URL.Query().Get("code")))
})
resp, err := http.Get(oauthConfig.AuthCodeURL("some-foo-state"))
pkg.RequireError(t, false, err)
defer resp.Body.Close()
_, err = ioutil.ReadAll(resp.Body)
pkg.RequireError(t, false, err)
require.True(t, validConsent)
require.NotEmpty(t, code)
_, err = oauthConfig.Exchange(oauth2.NoContext, code)
pkg.RequireError(t, false, err)
}
func TestClientCredentials(t *testing.T) {
tok, err := oauthClientConfig.Token(oauth2.NoContext)
pkg.RequireError(t, false, err)
assert.NotEmpty(t, tok.AccessToken)
}