func generateSignedCode(core *roll.Core, subject, scope string, app *roll.Application) (string, error) { privateKey, err := core.RetrievePrivateKeyForApp(app.ClientID) if err != nil { return "", err } token, err := rolltoken.GenerateCode(subject, scope, app.ClientID, privateKey) return token, err }
func TestTokenValidCodeWithAdminScope(t *testing.T) { core, coreConfig := NewTestCore() ln, addr := TestServer(t, core) defer ln.Close() returnVal := roll.Application{ DeveloperEmail: "*****@*****.**", ClientID: "1111-2222-3333333-4444444", ApplicationName: "fight club", ClientSecret: "not for browser clients", RedirectURI: "http://localhost:3000/ab", LoginProvider: "xtrac://localhost:9000", } appRepoMock := coreConfig.ApplicationRepo.(*mocks.ApplicationRepo) appRepoMock.On("SystemRetrieveApplication", "1111-2222-3333333-4444444").Return(&returnVal, nil) privateKey, publicKey, err := secrets.GenerateKeyPair() assert.Nil(t, err) secretsMock := coreConfig.SecretsRepo.(*mocks.SecretsRepo) secretsMock.On("RetrievePrivateKeyForApp", "1111-2222-3333333-4444444").Return(privateKey, nil) secretsMock.On("RetrievePublicKeyForApp", "1111-2222-3333333-4444444").Return(publicKey, nil) code, err := rolltoken.GenerateCode("b-subject", "admin", returnVal.ClientID, privateKey) assert.Nil(t, err) resp, err := http.PostForm(addr+OAuth2TokenBaseURI, url.Values{"grant_type": {"authorization_code"}, "client_id": {"1111-2222-3333333-4444444"}, "client_secret": {"not for browser clients"}, "redirect_uri": {"http://localhost:3000/ab"}, "code": {code}}) assert.Nil(t, err) assert.Equal(t, http.StatusOK, resp.StatusCode) body := responseAsString(t, resp) var jsonResponse accessTokenResponse err = json.Unmarshal([]byte(body), &jsonResponse) assert.Nil(t, err) assert.True(t, jsonResponse.AccessToken != "") assert.True(t, jsonResponse.TokenType == "Bearer") token, err := jwt.Parse(jsonResponse.AccessToken, rolltoken.GenerateKeyExtractionFunction(core.SecretsRepo)) assert.Nil(t, err) scope, ok := token.Claims["scope"].(string) assert.True(t, ok) assert.Equal(t, "admin", scope) }
func TestTokenSignedWithWrongKey(t *testing.T) { core, coreConfig := NewTestCore() ln, addr := TestServer(t, core) defer ln.Close() returnVal := roll.Application{ DeveloperEmail: "*****@*****.**", ClientID: "1111-2222-3333333-4444444", ApplicationName: "fight club", ClientSecret: "not for browser clients", RedirectURI: "http://localhost:3000/ab", LoginProvider: "xtrac://localhost:9000", } appRepoMock := coreConfig.ApplicationRepo.(*mocks.ApplicationRepo) appRepoMock.On("SystemRetrieveApplication", "1111-2222-3333333-4444444").Return(&returnVal, nil) privateKey, publicKey, err := secrets.GenerateKeyPair() assert.Nil(t, err) secretsMock := coreConfig.SecretsRepo.(*mocks.SecretsRepo) secretsMock.On("RetrievePrivateKeyForApp", "1111-2222-3333333-4444444").Return(privateKey, nil) secretsMock.On("RetrievePublicKeyForApp", "1111-2222-3333333-4444444").Return(publicKey, nil) otherKey, _, err := secrets.GenerateKeyPair() assert.Nil(t, err) code, err := rolltoken.GenerateCode("a-subject", "", returnVal.ClientID, otherKey) assert.Nil(t, err) resp, err := http.PostForm(addr+OAuth2TokenBaseURI, url.Values{"grant_type": {"authorization_code"}, "client_id": {"1111-2222-3333333-4444444"}, "client_secret": {"not for browser clients"}, "redirect_uri": {"http://localhost:3000/ab"}, "code": {code}}) assert.Nil(t, err) body := responseAsString(t, resp) assert.True(t, strings.Contains(body, "verification error")) assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) }
func TestAuthCodeUsedForAccess(t *testing.T) { app := roll.Application{ DeveloperEmail: "*****@*****.**", ClientID: "1111-2222-3333333-4444444", ApplicationName: "fight club", ClientSecret: "not for browser clients", RedirectURI: "http://localhost:3000/ab", LoginProvider: "xtrac://localhost:9000", } appRepoMock := new(mocks.ApplicationRepo) appRepoMock.On("RetrieveApplication", "1111-2222-3333333-4444444").Return(&app, nil) privateKey, publicKey, err := secrets.GenerateKeyPair() assert.Nil(t, err) secretsMock := new(mocks.SecretsRepo) secretsMock.On("RetrievePrivateKeyForApp", "1111-2222-3333333-4444444").Return(privateKey, nil) secretsMock.On("RetrievePublicKeyForApp", "1111-2222-3333333-4444444").Return(publicKey, nil) adminRepo := new(mocks.AdminRepo) token, err := rolltoken.GenerateCode("a-subject", "", app.ClientID, privateKey) assert.Nil(t, err) testServer := httptest.NewServer(Wrap(secretsMock, adminRepo, []string{}, echoHandler())) defer testServer.Close() client := http.Client{} req, err := http.NewRequest("POST", testServer.URL, nil) assert.Nil(t, err) req.Header.Add("Authorization", "Bearer "+token) resp, err := client.Do(req) assert.Nil(t, err) assert.Equal(t, http.StatusUnauthorized, resp.StatusCode) }