func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAccessTokenStrategy(ctrl)
rch := internal.NewMockRefreshTokenStrategy(ctrl)
auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: auch,
AccessTokenStrategy: ach,
RefreshTokenStrategy: rch,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetGrantedScopes()
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.at", "at", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.rt", "rt", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
aresp.EXPECT().SetAccessToken("access.at")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("refresh_token", "refresh.rt")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("state", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil)
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(nil, fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{Key: "foo", Signature: "bar"}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().AddQuery(gomock.Eq("code"), gomock.Eq("foo.bar"))
aresp.EXPECT().AddQuery(gomock.Eq("scope"), gomock.Any())
aresp.EXPECT().AddQuery(gomock.Eq("state"), gomock.Any())
areq.EXPECT().SetResponseTypeHandled(gomock.Eq("code"))
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetState()
},
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
authreq := internal.NewMockAuthorizeRequester(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: ach,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678") // grant_type REQUIRED. Value MUST be set to "authorization_code".
},
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", errors.New("foo"))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return("asdf")
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), "asdf").Return(nil, pkg.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New("foo"))
},
expectErr: fosite.ErrServerError,
},
{
// clients mismatch
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("bar", nil)
store.EXPECT().GetAuthorizeCodeSession("bar", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "bar"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession("signature", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(time.Hour))
authreq.EXPECT().GetSession().Return("sess")
areq.EXPECT().SetSession("sess")
areq.EXPECT().SetGrantTypeHandled("authorization_code")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeCode_PopulateTokenEndpointResponse(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAccessTokenStrategy(ctrl)
rch := internal.NewMockRefreshTokenStrategy(ctrl)
auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
areq := fosite.NewAccessRequest(new(fosite.DefaultSession))
httpreq := &http.Request{PostForm: url.Values{}}
authreq := fosite.NewAuthorizeRequest()
areq.Session = new(fosite.DefaultSession)
h := AuthorizeExplicitGrantHandler{
AuthorizeCodeGrantStorage: store,
AuthorizeCodeStrategy: auch,
AccessTokenStrategy: ach,
RefreshTokenStrategy: rch,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
setup: func() {
areq.GrantTypes = fosite.Arguments{"123"}
},
},
{
description: "should fail because authcode not found",
setup: func() {
areq.GrantTypes = fosite.Arguments{"authorization_code"}
areq.Client = &fosite.DefaultClient{
GrantTypes: fosite.Arguments{"authorization_code"},
}
httpreq.PostForm.Add("code", "authcode")
auch.EXPECT().AuthorizeCodeSignature("authcode").AnyTimes().Return("authsig")
store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).Return(nil, fosite.ErrNotFound)
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because validation failed",
setup: func() {
store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).AnyTimes().Return(authreq, nil)
auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").Return(errors.New(""))
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because access token generation failed",
setup: func() {
authreq.GrantedScopes = []string{"offline"}
auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").AnyTimes().Return(nil)
ach.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New("error"))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because refresh token generation failed",
setup: func() {
ach.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
rch.EXPECT().GenerateRefreshToken(nil, areq).Return("", "", errors.New("error"))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because persisting failed",
setup: func() {
rch.EXPECT().GenerateRefreshToken(nil, areq).AnyTimes().Return("refresh.rts", "rts", nil)
store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"foo", "offline"}
store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(nil)
aresp.EXPECT().SetAccessToken("access.ats")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("refresh_token", "refresh.rts")
aresp.EXPECT().SetExpiresIn(gomock.Any())
aresp.EXPECT().SetScopes(areq.GrantedScopes)
},
},
} {
c.setup()
err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeCode_HandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
defer ctrl.Finish()
authreq := fosite.NewAuthorizeRequest()
areq := fosite.NewAccessRequest(nil)
httpreq := &http.Request{PostForm: url.Values{}}
areq.Session = new(fosite.DefaultSession)
authreq.Session = new(fosite.DefaultSession)
h := AuthorizeExplicitGrantHandler{
AuthorizeCodeGrantStorage: store,
AuthorizeCodeStrategy: ach,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
setup: func() {
areq.GrantTypes = fosite.Arguments{"12345678"} // grant_type REQUIRED. Value MUST be set to "authorization_code".
},
},
{
description: "should fail because authcode could not be retrieved (1)",
setup: func() {
areq.GrantTypes = fosite.Arguments{"authorization_code"} // grant_type REQUIRED. Value MUST be set to "authorization_code".
httpreq.PostForm = url.Values{"code": {"foo.bar"}}
ach.EXPECT().AuthorizeCodeSignature("foo.bar").AnyTimes().Return("bar")
store.EXPECT().GetAuthorizeCodeSession(nil, "bar", gomock.Any()).Return(nil, fosite.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because authcode validation failed",
setup: func() {
store.EXPECT().GetAuthorizeCodeSession(nil, "bar", gomock.Any()).AnyTimes().Return(authreq, nil)
ach.EXPECT().ValidateAuthorizeCode(nil, areq, "foo.bar").Return(errors.New(""))
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because client mismatch",
setup: func() {
ach.EXPECT().ValidateAuthorizeCode(nil, areq, "foo.bar").AnyTimes().Return(nil)
areq.Client = &fosite.DefaultClient{ID: "foo"}
authreq.Scopes = fosite.Arguments{"a", "b"}
authreq.Client = &fosite.DefaultClient{ID: "bar"}
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because redirect uri not provided",
setup: func() {
authreq.Form.Add("redirect_uri", "request-redir")
authreq.Client = &fosite.DefaultClient{ID: "foo"}
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should pass (2)",
setup: func() {
httpreq.PostForm = url.Values{"code": []string{"foo.bar"}}
authreq.Form.Del("redirect_uri")
authreq.RequestedAt = time.Now().Add(time.Hour)
},
},
} {
c.setup()
err := h.HandleTokenEndpointRequest(nil, httpreq, areq)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeCode_HandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockAuthorizeCodeStrategy(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
httpreq := &http.Request{Form: url.Values{}}
areq.Session = new(fosite.DefaultSession)
h := AuthorizeExplicitGrantHandler{
AuthorizeCodeGrantStorage: store,
AuthorizeCodeStrategy: chgen,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling an empty response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{""}
},
},
{
description: "should pass because not responsible for handling an invalid response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"foo"}
},
},
{
description: "should fail because redirect uri is not https",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"code"}
areq.Client = &fosite.DefaultClient{ResponseTypes: fosite.Arguments{"code"}}
areq.RedirectURI, _ = url.Parse("http://asdf.de/cb")
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because authorize code generation failed",
setup: func() {
areq.RedirectURI, _ = url.Parse("https://foobar.com/cb")
chgen.EXPECT().GenerateAuthorizeCode(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because could not presist authorize code session",
setup: func() {
chgen.EXPECT().GenerateAuthorizeCode(nil, areq).AnyTimes().Return("someauthcode.authsig", "authsig", nil)
store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"a", "b"}
areq.State = "superstate"
store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(nil)
aresp.EXPECT().AddQuery("code", "someauthcode.authsig")
aresp.EXPECT().AddQuery("scope", strings.Join(areq.GrantedScopes, " "))
aresp.EXPECT().AddQuery("state", areq.State)
},
},
} {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, errors.New("foo"))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
aresp.EXPECT().SetAccessToken(gomock.Eq("."))
aresp.EXPECT().SetTokenType(gomock.Eq("bearer"))
aresp.EXPECT().SetExtra(gomock.Eq("refresh_token"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("expires_in"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("state"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("scope"), gomock.Any())
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}