func authEndpoint(rw http.ResponseWriter, req *http.Request) {
ctx := NewContext()
ar, err := oauth2.NewAuthorizeRequest(ctx, req)
if err != nil {
log.Printf("Error occurred in NewAuthorizeRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAuthorizeError(rw, ar, err)
return
}
if req.Form.Get("username") != "peter" {
rw.Header().Set("Content-Type", "text/html; charset=utf-8")
rw.Write([]byte(`<h1>Login page</h1>`))
rw.Write([]byte(`
<p>Howdy! This is the log in page. For this example, it is enough to supply the username.</p>
<form method="post">
<input type="text" name="username" /> <small>try peter</small><br>
<input type="submit">
</form>
`))
return
}
// Normally, this would be the place where you would check if the user is logged in and gives his consent.
// For this test, let's assume that the user exists, is logged in, and gives his consent...
if typeof(*selectedStrategy) == "strategy.JWTStrategy" {
// JWT
claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
mySessionData := strategy.JWTSession{
JWTClaimsCtx: *claims,
JWTHeaders: make(map[string]interface{}),
}
response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData)
if err != nil {
log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAuthorizeError(rw, ar, err)
return
}
oauth2.WriteAuthorizeResponse(rw, ar, response)
} else {
// HMAC
mySessionData := session{User: "******"}
response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData)
if err != nil {
log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAuthorizeError(rw, ar, err)
return
}
oauth2.WriteAuthorizeResponse(rw, ar, response)
}
}
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) {
ctx := NewContext()
if typeof(*selectedStrategy) == "strategy.JWTStrategy" {
// JWT
claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
mySessionData := strategy.JWTSession{
JWTClaimsCtx: *claims,
JWTHeaders: make(map[string]interface{}),
}
accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData)
if err != nil {
log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAccessError(rw, accessRequest, err)
return
}
response, err := oauth2.NewAccessResponse(ctx, req, accessRequest)
if err != nil {
log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAccessError(rw, accessRequest, err)
return
}
oauth2.WriteAccessResponse(rw, accessRequest, response)
} else {
// HMAC
mySessionData := session{}
accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData)
if err != nil {
log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAccessError(rw, accessRequest, err)
return
}
response, err := oauth2.NewAccessResponse(ctx, req, accessRequest)
if err != nil {
log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack())
oauth2.WriteAccessError(rw, accessRequest, err)
return
}
oauth2.WriteAccessResponse(rw, accessRequest, response)
}
}
func TestRejectsAlgAndTypHeader(t *testing.T) {
for _, headers := range []map[string]interface{}{
{"alg": "foo"},
{"typ": "foo"},
{"typ": "foo", "alg": "foo"},
} {
claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
j := JWTEnigma{
PrivateKey: []byte(TestCertificates[0][1]),
PublicKey: []byte(TestCertificates[1][1]),
}
_, _, err := j.Generate(claims, headers)
assert.NotNil(t, err)
}
}
func TestGenerateJWT(t *testing.T) {
claims, err := jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
j := JWTEnigma{
PrivateKey: []byte(TestCertificates[0][1]),
PublicKey: []byte(TestCertificates[1][1]),
}
token, sig, err := j.Generate(claims, make(map[string]interface{}))
require.Nil(t, err, "%s", err)
require.NotNil(t, token)
sig, err = j.Validate(token)
require.Nil(t, err, "%s", err)
sig, err = j.Validate(token + "." + "0123456789")
require.NotNil(t, err, "%s", err)
partToken := strings.Split(token, ".")[2]
sig, err = j.Validate(partToken)
require.NotNil(t, err, "%s", err)
// Lets change the public certificate to a different public one...
j.PublicKey = []byte("new")
_, err = j.Validate(token)
require.NotNil(t, err, "%s", err)
// Reset public key
j.PublicKey = []byte(TestCertificates[1][1])
// Lets change the private certificate to a different one...
j.PrivateKey = []byte("new")
_, _, err = j.Generate(claims, make(map[string]interface{}))
require.NotNil(t, err, "%s", err)
// Reset private key
j.PrivateKey = []byte(TestCertificates[0][1])
// Lets validate the exp claim
claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(-time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
token, sig, err = j.Generate(claims, make(map[string]interface{}))
require.Nil(t, err, "%s", err)
require.NotNil(t, token)
t.Logf("%s.%s", token, sig)
sig, err = j.Validate(token)
require.NotNil(t, err, "%s", err)
// Lets validate the nbf claim
claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now().Add(time.Hour), time.Now(), make(map[string]interface{}))
token, sig, err = j.Generate(claims, make(map[string]interface{}))
require.Nil(t, err, "%s", err)
require.NotNil(t, token)
t.Logf("%s.%s", token, sig)
sig, err = j.Validate(token)
require.NotNil(t, err, "%s", err)
}
"github.com/ory-am/fosite/enigma/jwthelper"
"github.com/stretchr/testify/assert"
)
var s = HMACSHAStrategy{
Enigma: &enigma.HMACSHAEnigma{GlobalSecret: []byte("foobarfoobarfoobarfoobar")},
}
var j = &JWTStrategy{
Enigma: &enigma.JWTEnigma{
PrivateKey: []byte(enigma.TestCertificates[0][1]),
PublicKey: []byte(enigma.TestCertificates[1][1]),
},
}
var claims, claimsErr = jwthelper.NewClaimsContext("fosite", "peter", "group0", "",
time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{}))
var r = &fosite.Request{
Client: &client.SecureClient{
Secret: []byte("foobarfoobarfoobarfoobar"),
},
Session: &JWTSession{
JWTClaimsCtx: *claims,
JWTHeaders: make(map[string]interface{}),
},
}
func TestAccessToken(t *testing.T) {
// HMAC
token, signature, err := s.GenerateAccessToken(nil, nil, r)