func TestManagerKeySet(t *testing.T) { ks, _ := testGenerator.Generate("") ks.Key("private") for name, m := range managers { _, err := m.GetKeySet("foo") pkg.AssertError(t, true, err, name) err = m.AddKeySet("bar", ks) pkg.AssertError(t, false, err, name) time.Sleep(time.Millisecond * 100) got, err := m.GetKeySet("bar") pkg.RequireError(t, false, err, name) assert.Equal(t, ks.Key("public"), got.Key("public"), name) assert.Equal(t, ks.Key("private"), got.Key("private"), name) err = m.DeleteKeySet("bar") pkg.AssertError(t, false, err, name) time.Sleep(time.Millisecond * 100) _, err = m.GetKeySet("bar") pkg.AssertError(t, true, err, name) } err := managers["http"].AddKeySet("nonono", ks) pkg.AssertError(t, true, err, "%s") }
func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) { ctx := context.Background() for k, m := range clientManagers { _, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{}) pkg.AssertError(t, true, err, "%s", k) err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest) pkg.AssertError(t, false, err, "%s", k) time.Sleep(100 * time.Millisecond) res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{ Session: &testSession{}, }) pkg.RequireError(t, false, err, "%s", k) c.AssertObjectKeysEqual(t, &defaultRequest, res, "Scopes", "GrantedScopes", "Form", "Session") err = m.DeleteOpenIDConnectSession(ctx, "4321") pkg.AssertError(t, false, err, "%s", k) time.Sleep(100 * time.Millisecond) _, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{}) pkg.AssertError(t, true, err, "%s", k) } }
func TestManagerKey(t *testing.T) { ks, _ := testGenerator.Generate("") priv := ks.Key("private") pub := ks.Key("public") for name, m := range managers { t.Logf("Running test %s", name) _, err := m.GetKey("faz", "baz") pkg.AssertError(t, true, err, name) err = m.AddKey("faz", First(priv)) pkg.AssertError(t, false, err, name) time.Sleep(time.Millisecond * 100) got, err := m.GetKey("faz", "private") pkg.RequireError(t, false, err, name) assert.Equal(t, priv, got.Keys, "%s", name) err = m.AddKey("faz", First(pub)) pkg.AssertError(t, false, err, name) time.Sleep(time.Millisecond * 100) got, err = m.GetKey("faz", "private") pkg.RequireError(t, false, err, name) assert.Equal(t, priv, got.Keys, "%s", name) got, err = m.GetKey("faz", "public") pkg.RequireError(t, false, err, name) assert.Equal(t, pub, got.Keys, "%s", name) err = m.DeleteKey("faz", "public") pkg.AssertError(t, false, err, name) time.Sleep(time.Millisecond * 100) ks, err = m.GetKey("faz", "public") pkg.AssertError(t, true, err, name) } err := managers["http"].AddKey("nonono", First(priv)) pkg.AssertError(t, true, err, "%s") }
func TestCreateGetFindDelete(t *testing.T) { for _, store := range managers { for _, c := range connections { _, err := store.Get("asdf") pkg.RequireError(t, true, err) err = store.Create(c) pkg.RequireError(t, false, err) time.Sleep(100 * time.Millisecond) res, err := store.Get(c.GetID()) pkg.RequireError(t, false, err) require.Equal(t, c, res) cs, err := store.FindAllByLocalSubject("peter") pkg.RequireError(t, false, err) assert.Len(t, cs, 1) require.Equal(t, c, cs[0]) res, err = store.FindByRemoteSubject("google", "peterson") pkg.RequireError(t, false, err) require.Equal(t, c, res) err = store.Delete(c.GetID()) pkg.RequireError(t, false, err) time.Sleep(100 * time.Millisecond) _, err = store.Get(c.GetID()) pkg.RequireError(t, true, err) } } }
func TestManagers(t *testing.T) { p := &ladon.DefaultPolicy{ ID: uuid.New(), Description: "description", Subjects: []string{"<peter>"}, Effect: ladon.AllowAccess, Resources: []string{"<article|user>"}, Actions: []string{"view"}, Conditions: ladon.Conditions{ "ip": &ladon.CIDRCondition{ CIDR: "1234", }, "owner": &ladon.EqualsSubjectCondition{}, }, } for k, m := range managers { _, err := m.Get(p.ID) pkg.AssertError(t, true, err, k) pkg.AssertError(t, false, m.Create(p), k) time.Sleep(200 * time.Millisecond) res, err := m.Get(p.ID) pkg.AssertError(t, false, err, k) assert.Equal(t, p, res, "%s", k) ps, err := m.FindPoliciesForSubject("peter") pkg.RequireError(t, false, err, k) require.Len(t, ps, 1, "%s", k) assert.Equal(t, p, ps[0], "%s", k) ps, err = m.FindPoliciesForSubject("stan") pkg.AssertError(t, false, err, k) assert.Len(t, ps, 0, "%s", k) pkg.AssertError(t, false, m.Delete(p.ID), k) _, err = m.Get(p.ID) pkg.AssertError(t, true, err, k) } }
func TestAuthCode(t *testing.T) { var code string var validConsent bool router.GET("/consent", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { tok, err := jwt.Parse(r.URL.Query().Get("challenge"), func(tt *jwt.Token) (interface{}, error) { if _, ok := tt.Method.(*jwt.SigningMethodRSA); !ok { return nil, errors.Errorf("Unexpected signing method: %v", tt.Header["alg"]) } pk, err := keyManager.GetKey(ConsentChallengeKey, "public") pkg.RequireError(t, false, err) return jwk.MustRSAPublic(jwk.First(pk.Keys)), nil }) pkg.RequireError(t, false, err) require.True(t, tok.Valid) consent, err := signConsentToken(map[string]interface{}{ "jti": uuid.New(), "exp": time.Now().Add(time.Hour).Unix(), "iat": time.Now().Unix(), "aud": "app-client", }) pkg.RequireError(t, false, err) http.Redirect(w, r, ejwt.ToString(tok.Claims["redir"])+"&consent="+consent, http.StatusFound) validConsent = true }) router.GET("/callback", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { code = r.URL.Query().Get("code") w.Write([]byte(r.URL.Query().Get("code"))) }) resp, err := http.Get(oauthConfig.AuthCodeURL("some-foo-state")) pkg.RequireError(t, false, err) defer resp.Body.Close() _, err = ioutil.ReadAll(resp.Body) pkg.RequireError(t, false, err) require.True(t, validConsent) require.NotEmpty(t, code) _, err = oauthConfig.Exchange(oauth2.NoContext, code) pkg.RequireError(t, false, err) }
func TestClientCredentials(t *testing.T) { tok, err := oauthClientConfig.Token(oauth2.NoContext) pkg.RequireError(t, false, err) assert.NotEmpty(t, tok.AccessToken) }