func TestCoopResponse(t *testing.T) {
tok := "McnSl40-QRtAxBoBOmj9GJfALyNdJy"
tokType := "Bearer"
expIn := 2817 * time.Second
scop := strsetutil.New("openid")
idsTok := []byte("eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjcwMDAiLCJleHAiOjE0MzI4MjI1MzMsImlhdCI6MTQzMjgwMDkzMywiaWRzIjp7Im1haW4iOnsic3ViIjoiWi0wWnRGZWlyaU1kWkZIYlNDR3ZDbHplclBYWkU5SGJKNWlaREx2X3hVWSJ9fSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDoxNjA0Iiwic3ViIjoiaHR0cDovL2xvY2FsaG9zdDo3MDAwIn0.JRCRQRJkE5UTwniZqYf6Y-DncD58Qs0GQe5SF7A_K66nymZR9mUrXWj0rAG6NcXEsH5IpoFfcYUVLylx_XxyrKNK8ynGgiGwOblNW41rb2FmLmtFdf3Y03z9ID5hWJsEJmyup071s5WUeURAa3xv-h-t-cSBqXIv_R-TPWGyWSKVSe6lKudfOh74rrG_5IHheFs3hKiyw9viVJRV9sOekcrV93ppdUweguxx_AgSjFhdEh6atmUy5ft3Oz3doqfSQHQ2xMR_V9cFryzXrfJDyual4KBFMQHJ3LU2kyuoebKpHjwT5Iv3Bn-QY7U_SIO4vvcBuOcvjNyWyymla6KzPA")
body, err := json.Marshal(map[string]interface{}{
"access_token": tok,
"token_type": tokType,
"expires_in": int(expIn / time.Second),
"scope": requtil.ValueSetForm(scop),
"ids_token": string(idsTok),
})
if err != nil {
t.Fatal(err)
}
r, err := http.ReadResponse(bufio.NewReader(io.MultiReader(
strings.NewReader("HTTP/1.1 200 OK\r\n"+"Content-Type: application/json\r\n"+"\r\n"),
bytes.NewReader(body),
)), nil)
if err != nil {
t.Fatal(err)
}
resp, err := parseCoopResponse(r)
if err != nil {
t.Fatal(err)
} else if resp.token() != tok {
t.Error(resp.token())
t.Fatal(tok)
} else if resp.tokenType() != tokType {
t.Error(resp.tokenType())
t.Fatal(tokType)
} else if resp.expiresIn() != expIn {
t.Error(resp.expiresIn())
t.Fatal(expIn)
} else if !reflect.DeepEqual(resp.scope(), scop) {
t.Error(resp.scope())
t.Fatal(scop)
} else if !bytes.Equal(resp.idsToken(), idsTok) {
t.Error(resp.idsToken())
t.Fatal(idsTok)
}
}
func (this *environment) authServe(w http.ResponseWriter, r *http.Request) error {
req, err := parseAuthRequest(r)
if err != nil {
return erro.Wrap(server.NewError(http.StatusBadRequest, erro.Unwrap(err).Error(), err))
}
log.Debug(this.logPref, "Parsed authentication request")
authUri := req.authUri()
queries := authUri.Query()
// response_type
var idp string
respType := map[string]bool{tagCode: true}
rawAuthUri := authUri.Scheme + "://" + authUri.Host + authUri.Path
if idps, err := this.idpDb.Search(map[string]string{
tagAuthorization_endpoint: "^" + rawAuthUri + "$",
}); err != nil {
return erro.Wrap(err)
} else if len(idps) == 1 {
idp = idps[0].Id()
log.Debug(this.logPref, "Destination is in ID provider "+idp)
} else {
// ID プロバイダ選択サービスか何か。
respType[tagId_token] = true
log.Debug(this.logPref, "Destination "+rawAuthUri+" is not ID provider")
}
queries.Set(tagResponse_type, request.ValueSetForm(respType))
// scope
if scop := request.FormValueSet(queries.Get(tagScope)); !scop[tagOpenid] {
scop[tagOpenid] = true
queries.Set(tagScope, request.ValueSetForm(scop))
log.Debug(this.logPref, `Added scope "`+tagOpenid+`"`)
}
// client_id
ta := queries.Get(tagClient_id)
if ta == "" {
ta = this.selfId
queries.Set(tagClient_id, ta)
log.Debug(this.logPref, "Act as default TA "+ta)
} else {
log.Debug(this.logPref, "Act as TA "+ta)
}
// redirect_uri
rediUri := queries.Get(tagRedirect_uri)
if rediUri == "" {
rediUri = this.rediUri
queries.Set(tagRedirect_uri, rediUri)
log.Debug(this.logPref, "Use default redirect uri "+rediUri)
} else {
log.Debug(this.logPref, "Use redirect uri "+rediUri)
}
// state
stat := this.idGen.String(this.statLen)
queries.Set(tagState, stat)
log.Debug(this.logPref, "Use state "+logutil.Mosaic(stat))
// nonce
nonc := this.idGen.String(this.noncLen)
queries.Set(tagNonce, nonc)
log.Debug(this.logPref, "Use nonce "+logutil.Mosaic(nonc))
authUri.RawQuery = queries.Encode()
sess := asession.New(
this.idGen.String(this.sessLen),
time.Now().Add(this.sessExpIn),
req.path(),
idp,
ta,
rediUri,
stat,
nonc,
)
if err := this.sessDb.Save(sess, sess.Expires().Add(this.sessDbExpIn-this.sessExpIn)); err != nil {
return erro.Wrap(err)
}
log.Info(this.logPref, "Generated user session "+logutil.Mosaic(sess.Id()))
http.SetCookie(w, this.newCookie(sess.Id(), sess.Expires()))
w.Header().Add(tagCache_control, tagNo_store)
w.Header().Add(tagPragma, tagNo_cache)
uri := authUri.String()
http.Redirect(w, r, uri, http.StatusFound)
log.Info(this.logPref, "Redirect to "+uri)
return nil
}
