func runRevokeTokenTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2TokenIntrospectionFactory, compose.OAuth2TokenRevocationFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2AppClient(ts)
token, err := oauthClient.Token(goauth.NoContext)
assert.Nil(t, err)
resp, _, errs := gorequest.New().Post(ts.URL+"/revoke").
SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret).
Type("form").
SendStruct(map[string]string{"token": "asdf"}).End()
assert.Len(t, errs, 0)
assert.Equal(t, 200, resp.StatusCode)
resp, _, errs = gorequest.New().Post(ts.URL+"/revoke").
SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret).
Type("form").
SendStruct(map[string]string{"token": token.AccessToken}).End()
assert.Len(t, errs, 0)
assert.Equal(t, 200, resp.StatusCode)
hres, _, errs := gorequest.New().Get(ts.URL+"/info").
Set("Authorization", "bearer "+token.AccessToken).
End()
require.Len(t, errs, 0)
assert.Equal(t, http.StatusUnauthorized, hres.StatusCode)
}
func runClientCredentialsGrantTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2TokenIntrospectionFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2AppClient(ts)
for k, c := range []struct {
description string
setup func()
err bool
}{
{
description: "should pass",
setup: func() {
},
},
} {
c.setup()
token, err := oauthClient.Token(goauth.NoContext)
require.Equal(t, c.err, err != nil, "(%d) %s\n%s\n%s", k, c.description, c.err, err)
if !c.err {
assert.NotEmpty(t, token.AccessToken, "(%d) %s\n%s", k, c.description, token)
}
t.Logf("Passed test case %d", k)
}
}
func runTestAuthorizeImplicitGrant(t *testing.T, strategy interface{}) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2AuthorizeImplicitFactory, compose.OAuth2TokenIntrospectionFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2Client(ts)
fositeStore.Clients["my-client"].RedirectURIs[0] = ts.URL + "/callback"
var state string
for k, c := range []struct {
description string
setup func()
authStatusCode int
}{
{
description: "should pass",
setup: func() {
state = "12345678901234567890"
},
authStatusCode: http.StatusOK,
},
} {
c.setup()
var callbackURL *url.URL
authURL := strings.Replace(oauthClient.AuthCodeURL(state), "response_type=code", "response_type=token", -1)
client := &http.Client{
CheckRedirect: func(req *http.Request, via []*http.Request) error {
callbackURL = req.URL
return errors.New("Dont follow redirects")
},
}
resp, err := client.Get(authURL)
require.NotNil(t, err)
if resp.StatusCode == http.StatusOK {
fragment, err := url.ParseQuery(callbackURL.Fragment)
require.Nil(t, err)
expires, err := strconv.Atoi(fragment.Get("expires_in"))
require.Nil(t, err)
token := &goauth.Token{
AccessToken: fragment.Get("access_token"),
TokenType: fragment.Get("token_type"),
RefreshToken: fragment.Get("refresh_token"),
Expiry: time.Now().Add(time.Duration(expires) * time.Second),
}
httpClient := oauthClient.Client(goauth.NoContext, token)
resp, err := httpClient.Get(ts.URL + "/info")
require.Nil(t, err, "(%d) %s", k, c.description)
assert.Equal(t, http.StatusNoContent, resp.StatusCode, "(%d) %s", k, c.description)
}
t.Logf("Passed test case (%d) %s", k, c.description)
}
}
func runAuthorizeCodeGrantTest(t *testing.T, strategy interface{}) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2AuthorizeExplicitFactory, compose.OAuth2TokenIntrospectionFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2Client(ts)
fositeStore.Clients["my-client"].RedirectURIs[0] = ts.URL + "/callback"
var state string
for k, c := range []struct {
description string
setup func()
authStatusCode int
}{
{
description: "should pass",
setup: func() {
oauthClient = newOAuth2Client(ts)
state = "12345678901234567890"
},
authStatusCode: http.StatusOK,
},
} {
c.setup()
resp, err := http.Get(oauthClient.AuthCodeURL(state))
require.Nil(t, err)
require.Equal(t, c.authStatusCode, resp.StatusCode, "(%d) %s", k, c.description)
if resp.StatusCode == http.StatusOK {
token, err := oauthClient.Exchange(goauth.NoContext, resp.Request.URL.Query().Get("code"))
require.Nil(t, err, "(%d) %s", k, c.description)
require.NotEmpty(t, token.AccessToken, "(%d) %s", k, c.description)
httpClient := oauthClient.Client(goauth.NoContext, token)
resp, err := httpClient.Get(ts.URL + "/info")
require.Nil(t, err, "(%d) %s", k, c.description)
assert.Equal(t, http.StatusNoContent, resp.StatusCode, "(%d) %s", k, c.description)
}
t.Logf("Passed test case (%d) %s", k, c.description)
}
}
func runResourceOwnerPasswordCredentialsGrantTest(t *testing.T, strategy hst.AccessTokenStrategy) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2ResourceOwnerPasswordCredentialsFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
var username, password string
oauthClient := newOAuth2Client(ts)
for k, c := range []struct {
description string
setup func()
err bool
}{
{
description: "should fail because invalid password",
setup: func() {
username = "******"
password = "******"
},
err: true,
},
{
description: "should pass",
setup: func() {
password = "******"
},
},
} {
c.setup()
token, err := oauthClient.PasswordCredentialsToken(oauth2.NoContext, username, password)
require.Equal(t, c.err, err != nil, "(%d) %s\n%s\n%s", k, c.description, c.err, err)
if !c.err {
assert.NotEmpty(t, token.AccessToken, "(%d) %s\n%s", k, c.description, token)
}
t.Logf("Passed test case %d", k)
}
}
func runIntrospectTokenTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2TokenIntrospectionFactory)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2AppClient(ts)
a, err := oauthClient.Token(goauth.NoContext)
require.Nil(t, err)
b, err := oauthClient.Token(goauth.NoContext)
require.Nil(t, err)
for _, c := range []struct {
prepare func(*gorequest.SuperAgent) *gorequest.SuperAgent
isActive bool
scopes string
}{
{
prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
return s.SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret)
},
isActive: true,
scopes: "",
},
{
prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
return s.Set("Authorization", "bearer "+a.AccessToken)
},
isActive: true,
scopes: "fosite",
},
{
prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
return s.Set("Authorization", "bearer "+a.AccessToken)
},
isActive: true,
scopes: "",
},
{
prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
return s.Set("Authorization", "bearer "+a.AccessToken)
},
isActive: false,
scopes: "foo",
},
{
prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
return s.Set("Authorization", "bearer "+b.AccessToken)
},
isActive: false,
scopes: "",
},
} {
res := struct {
Active bool `json:"active"`
}{}
s := gorequest.New()
s = s.Post(ts.URL + "/introspect").
Type("form").
SendStruct(map[string]string{"token": b.AccessToken, "scope": c.scopes})
_, bytes, errs := c.prepare(s).End()
assert.Nil(t, json.Unmarshal([]byte(bytes), &res))
t.Logf("Got answer: %s", bytes)
assert.Len(t, errs, 0)
assert.Equal(t, c.isActive, res.Active)
}
}
func runRefreshTokenGrantTest(t *testing.T, strategy interface{}) {
f := compose.Compose(
new(compose.Config),
fositeStore,
strategy,
compose.OAuth2AuthorizeExplicitFactory,
compose.OAuth2RefreshTokenGrantFactory,
compose.OAuth2TokenIntrospectionFactory,
)
ts := mockServer(t, f, &fosite.DefaultSession{})
defer ts.Close()
oauthClient := newOAuth2Client(ts)
state := "1234567890"
fositeStore.Clients["my-client"].RedirectURIs[0] = ts.URL + "/callback"
for k, c := range []struct {
description string
setup func()
pass bool
}{
{
description: "should fail because scope missing",
setup: func() {},
pass: false,
},
{
description: "should pass",
setup: func() {
oauthClient.Scopes = []string{"fosite", "offline"}
},
pass: true,
},
} {
c.setup()
resp, err := http.Get(oauthClient.AuthCodeURL(state))
require.Nil(t, err)
require.Equal(t, http.StatusOK, resp.StatusCode, "(%d) %s", k, c.description)
if resp.StatusCode == http.StatusOK {
token, err := oauthClient.Exchange(oauth2.NoContext, resp.Request.URL.Query().Get("code"))
require.Nil(t, err, "(%d) %s", k, c.description)
require.NotEmpty(t, token.AccessToken, "(%d) %s", k, c.description)
t.Logf("Token %s\n", token)
token.Expiry = token.Expiry.Add(-time.Hour * 24)
t.Logf("Token %s\n", token)
tokenSource := oauthClient.TokenSource(oauth2.NoContext, token)
refreshed, err := tokenSource.Token()
if c.pass {
require.Nil(t, err, "(%d) %s: %s", k, c.description, err)
assert.NotEqual(t, token.RefreshToken, refreshed.RefreshToken, "(%d) %s", k, c.description)
assert.NotEqual(t, token.AccessToken, refreshed.AccessToken, "(%d) %s", k, c.description)
} else {
require.NotNil(t, err, "(%d) %s: %s", k, c.description, err)
}
}
t.Logf("Passed test case (%d) %s", k, c.description)
}
}