func TestClientCredentials_PopulateTokenEndpointResponse(t *testing.T) { ctrl := gomock.NewController(t) store := internal.NewMockClientCredentialsGrantStorage(ctrl) chgen := internal.NewMockAccessTokenStrategy(ctrl) areq := fosite.NewAccessRequest(new(fosite.DefaultSession)) aresp := fosite.NewAccessResponse() defer ctrl.Finish() h := ClientCredentialsGrantHandler{ HandleHelper: &HandleHelper{ AccessTokenStorage: store, AccessTokenStrategy: chgen, AccessTokenLifespan: time.Hour, }, ScopeStrategy: fosite.HierarchicScopeStrategy, } for k, c := range []struct { description string mock func() req *http.Request expectErr error }{ { description: "should fail because not responsible", expectErr: fosite.ErrUnknownRequest, mock: func() { areq.GrantTypes = fosite.Arguments{""} }, }, { description: "should fail because client not allowed", expectErr: fosite.ErrInvalidGrant, mock: func() { areq.GrantTypes = fosite.Arguments{"client_credentials"} areq.Client = &fosite.DefaultClient{GrantTypes: fosite.Arguments{"foo"}} }, }, { description: "should pass", mock: func() { areq.GrantTypes = fosite.Arguments{"client_credentials"} areq.Session = &fosite.DefaultSession{} areq.Client = &fosite.DefaultClient{GrantTypes: fosite.Arguments{"client_credentials"}} chgen.EXPECT().GenerateAccessToken(nil, areq).Return("tokenfoo.bar", "bar", nil) store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil) }, }, } { c.mock() err := h.PopulateTokenEndpointResponse(nil, c.req, areq, aresp) assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr) t.Logf("Passed test case %d", k) } }
func TestExplicit_PopulateTokenEndpointResponse(t *testing.T) { ctrl := gomock.NewController(t) store := internal.NewMockOpenIDConnectRequestStorage(ctrl) defer ctrl.Finish() session := &DefaultSession{ Claims: &jwt.IDTokenClaims{ Subject: "peter", }, Headers: &jwt.Headers{}, } aresp := fosite.NewAccessResponse() areq := fosite.NewAccessRequest(session) httpreq := &http.Request{PostForm: url.Values{}} h := &OpenIDConnectExplicitHandler{ OpenIDConnectRequestStorage: store, IDTokenHandleHelper: &IDTokenHandleHelper{ IDTokenStrategy: j, }, } for k, c := range []struct { description string setup func() expectErr error }{ { description: "should fail because invalid response type", setup: func() {}, expectErr: fosite.ErrUnknownRequest, }, { description: "should fail because lookup returns not found", setup: func() { areq.GrantTypes = fosite.Arguments{"authorization_code"} areq.Client = &fosite.DefaultClient{ GrantTypes: fosite.Arguments{"authorization_code"}, ResponseTypes: fosite.Arguments{"id_token"}, } areq.Form.Set("code", "foobar") store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(nil, ErrNoSessionFound) }, expectErr: fosite.ErrUnknownRequest, }, { description: "should fail because lookup fails", setup: func() { areq.GrantTypes = fosite.Arguments{"authorization_code"} store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(nil, errors.New("")) }, expectErr: fosite.ErrServerError, }, { description: "should fail because missing scope in original request", setup: func() { areq.GrantTypes = fosite.Arguments{"authorization_code"} store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(fosite.NewAuthorizeRequest(), nil) }, expectErr: fosite.ErrMisconfiguration, }, { description: "should pass", setup: func() { r := fosite.NewAuthorizeRequest() r.Session = areq.Session r.GrantedScopes = fosite.Arguments{"openid"} r.Form.Set("nonce", "1111111111111111") store.EXPECT().GetOpenIDConnectSession(nil, gomock.Any(), areq).AnyTimes().Return(r, nil) }, }, } { c.setup() err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp) assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr) t.Logf("Passed test case %d", k) } }
func TestResourceOwnerFlow_PopulateTokenEndpointResponse(t *testing.T) { ctrl := gomock.NewController(t) store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl) chgen := internal.NewMockAccessTokenStrategy(ctrl) rtstr := internal.NewMockRefreshTokenStrategy(ctrl) aresp := fosite.NewAccessResponse() mockAT := "accesstoken.foo.bar" mockRT := "refreshtoken.bar.foo" defer ctrl.Finish() areq := fosite.NewAccessRequest(nil) httpreq := &http.Request{PostForm: url.Values{}} h := ResourceOwnerPasswordCredentialsGrantHandler{ ResourceOwnerPasswordCredentialsGrantStorage: store, HandleHelper: &HandleHelper{ AccessTokenStorage: store, AccessTokenStrategy: chgen, AccessTokenLifespan: time.Hour, }, RefreshTokenStrategy: rtstr, } for k, c := range []struct { description string setup func() expectErr error expect func() }{ { description: "should fail because not responsible", expectErr: fosite.ErrUnknownRequest, setup: func() { areq.GrantTypes = fosite.Arguments{""} }, }, { description: "should pass", setup: func() { areq.Session = &fosite.DefaultSession{} areq.GrantTypes = fosite.Arguments{"password"} chgen.EXPECT().GenerateAccessToken(nil, areq).Return(mockAT, "bar", nil) store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil) }, expect: func() { assert.Nil(t, aresp.GetExtra("refresh_token"), "unexpected refresh token") }, }, { description: "should pass - offline scope", setup: func() { areq.GrantTypes = fosite.Arguments{"password"} areq.GrantScope("offline") rtstr.EXPECT().GenerateRefreshToken(nil, areq).Return(mockRT, "bar", nil) store.EXPECT().CreateRefreshTokenSession(nil, "bar", areq).Return(nil) chgen.EXPECT().GenerateAccessToken(nil, areq).Return(mockAT, "bar", nil) store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil) }, expect: func() { assert.NotNil(t, aresp.GetExtra("refresh_token"), "expected refresh token") }, }, } { c.setup() err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp) assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr) if c.expect != nil { c.expect() } t.Logf("Passed test case %d", k) } }