func TestAuthorizeImplicitEndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockImplicitGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeImplicitGrantTypeHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{mock: func() { areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{}) }},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(nil)
aresp.EXPECT().AddFragment("access_token", "foo.bar")
aresp.EXPECT().AddFragment("expires_in", strconv.Itoa(int(h.AccessTokenLifespan/time.Second)))
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
areq.EXPECT().SetResponseTypeHandled("token")
areq.EXPECT().GetState().Return("state")
areq.EXPECT().GetGrantedScopes().Return(fosite.Arguments{"scope"})
},
expectErr: nil,
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestIssueImplicitToken(t *testing.T) {
ctrl := gomock.NewController(t)
resp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
httpreq := &http.Request{}
ar := fosite.NewAuthorizeRequest()
ar.Form = url.Values{"nonce": {"111111111111"}}
ar.SetSession(&DefaultSession{Claims: &jwt.IDTokenClaims{
Subject: "peter",
}, Headers: &jwt.Headers{}})
resp.EXPECT().AddFragment("id_token", gomock.Any())
h := &IDTokenHandleHelper{IDTokenStrategy: strat}
err := h.IssueImplicitIDToken(nil, httpreq, ar, resp)
assert.Nil(t, err, "%s", err)
}
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(nil, fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{Key: "foo", Signature: "bar"}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().AddQuery(gomock.Eq("code"), gomock.Eq("foo.bar"))
aresp.EXPECT().AddQuery(gomock.Eq("scope"), gomock.Any())
aresp.EXPECT().AddQuery(gomock.Eq("state"), gomock.Any())
areq.EXPECT().SetResponseTypeHandled(gomock.Eq("code"))
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetState()
},
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeImplicit_EndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAccessTokenStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
httpreq := &http.Request{Form: url.Values{}}
areq.Session = new(fosite.DefaultSession)
h := AuthorizeImplicitGrantTypeHandler{
AccessTokenStorage: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling the response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"a"}
},
},
{
description: "should fail because access token generation failed",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"token"}
areq.Client = &fosite.DefaultClient{
GrantTypes: fosite.Arguments{"implicit"},
ResponseTypes: fosite.Arguments{"token"},
}
chgen.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because persistance failed",
setup: func() {
chgen.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
store.EXPECT().CreateAccessTokenSession(nil, "ats", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.State = "state"
areq.GrantedScopes = fosite.Arguments{"scope"}
store.EXPECT().CreateAccessTokenSession(nil, "ats", areq).AnyTimes().Return(nil)
aresp.EXPECT().AddFragment("access_token", "access.ats")
aresp.EXPECT().AddFragment("expires_in", gomock.Any())
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
},
expectErr: nil,
},
} {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestExplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
httpreq := &http.Request{Form: url.Values{}}
h := &OpenIDConnectExplicitHandler{
OpenIDConnectRequestStorage: store,
IDTokenHandleHelper: &IDTokenHandleHelper{
IDTokenStrategy: j,
},
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling an empty response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{""}
},
},
{
description: "should pass because scope openid is not set",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"code"}
areq.Client = &fosite.DefaultClient{
ResponseTypes: fosite.Arguments{"code", "id_token"},
}
areq.Scopes = fosite.Arguments{""}
},
},
{
description: "should fail because no code set",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"openid"}
areq.Form.Set("nonce", "11111111111111111111111111111")
aresp.EXPECT().GetCode().Return("")
},
expectErr: fosite.ErrMisconfiguration,
},
{
description: "should fail because lookup fails",
setup: func() {
aresp.EXPECT().GetCode().AnyTimes().Return("codeexample")
store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", areq).AnyTimes().Return(nil)
},
},
} {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeCode_HandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockAuthorizeCodeStrategy(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
httpreq := &http.Request{Form: url.Values{}}
areq.Session = new(fosite.DefaultSession)
h := AuthorizeExplicitGrantHandler{
AuthorizeCodeGrantStorage: store,
AuthorizeCodeStrategy: chgen,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling an empty response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{""}
},
},
{
description: "should pass because not responsible for handling an invalid response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"foo"}
},
},
{
description: "should fail because redirect uri is not https",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"code"}
areq.Client = &fosite.DefaultClient{ResponseTypes: fosite.Arguments{"code"}}
areq.RedirectURI, _ = url.Parse("http://asdf.de/cb")
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because authorize code generation failed",
setup: func() {
areq.RedirectURI, _ = url.Parse("https://foobar.com/cb")
chgen.EXPECT().GenerateAuthorizeCode(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because could not presist authorize code session",
setup: func() {
chgen.EXPECT().GenerateAuthorizeCode(nil, areq).AnyTimes().Return("someauthcode.authsig", "authsig", nil)
store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"a", "b"}
areq.State = "superstate"
store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(nil)
aresp.EXPECT().AddQuery("code", "someauthcode.authsig")
aresp.EXPECT().AddQuery("scope", strings.Join(areq.GrantedScopes, " "))
aresp.EXPECT().AddQuery("state", areq.State)
},
},
} {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
