Esempio n. 1
0
func TestHandlerCreation(t *testing.T) {
	kl := new(mockKeyLoader)
	u, _ := url.Parse("localhost")
	crp := revoke.NewCachingRevokeProvider(u)
	h := New(kl, crp)
	jh, ok := h.(*jwtHandler)
	if !ok {
		t.Fatalf("Wrong type for the handler = %v", reflect.TypeOf(h))
	}

	if jh.keyLoader != kl {
		t.Error("Handler doesn't have the right key loader")
	}
}
Esempio n. 2
0
func Run(settings *options.Settings) {
	log.Printf("Started server (%s) at %v, /metrics endpoint at %v\n",
		version, settings.ListenAddress, settings.MetricsListenAddress)
	ht.UserAgent = fmt.Sprintf("%v/%s", os.Args[0], version)
	setupMetrics(settings)

	ph := tokeninfoproxy.NewTokenInfoProxyHandler(settings.UpstreamTokenInfoURL, settings.UpstreamCacheMaxSize, settings.UpstreamCacheTTL)
	kl := openid.NewCachingOpenIDProviderLoader(settings.OpenIDProviderConfigurationURL)
	crp := revoke.NewCachingRevokeProvider(settings.RevocationProviderUrl)
	jh := jwthandler.New(kl, crp)

	mux := http.NewServeMux()
	mux.Handle("/health", healthcheck.NewHandler(kl, version))
	mux.Handle("/oauth2/tokeninfo", tokeninfo.NewHandler(ph, jh))
	mux.Handle("/oauth2/connect/keys", jwks.NewHandler(kl))
	log.Fatal(http.ListenAndServe(settings.ListenAddress, mux))
}
Esempio n. 3
0
func TestHandler(t *testing.T) {
	kl := new(mockKeyLoader)
	u, _ := url.Parse("localhost")
	crp := revoke.NewCachingRevokeProvider(u)
	h := New(kl, crp)

	for _, test := range []struct {
		token    string
		wantCode int
		wantBody string
	}{
		{"", http.StatusBadRequest, `{"error":"invalid_request","error_description":"Access Token not valid"}` + "\n"},
		{"foo", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"Access Token not valid"}` + "\n"},
		{testRSAToken, http.StatusOK, testRSAToken},
		{testECDSAToken, http.StatusOK, testECDSAToken},
	} {
		w := httptest.NewRecorder()
		req, _ := http.NewRequest("GET", "http://example.com/oauth2/tokeninfo?access_token="+test.token, nil)
		h.ServeHTTP(w, req)

		if test.wantCode != w.Code {
			t.Errorf("Wrong status code. Wanted %d, got %d", test.wantCode, w.Code)
		}

		if !strings.Contains(w.Body.String(), test.wantBody) {
			t.Errorf("Wrong response body. Wanted %q, got %q", test.wantBody, w.Body.String())
		}

		if test.wantCode == http.StatusOK {
			var ti processor.TokenInfo
			if err := json.NewDecoder(w.Body).Decode(&ti); err != nil {
				t.Error("Could not recover TokenInfo from response: ", err)
			}

			if ti.ExpiresIn <= 0 {
				t.Error("Recovered token info had an invalid expire time")
			}
		}
	}
}
Esempio n. 4
0
func TestRoutingMatch(t *testing.T) {
	kl := new(mockKeyLoader)
	u, _ := url.Parse("localhost")
	crp := revoke.NewCachingRevokeProvider(u)
	h := New(kl, crp)
	for _, test := range []struct {
		url  string
		want bool
	}{
		{"http://example.com/oauth2/tokeninfo", false},
		{"http://example.com/oauth2/tokeninfo?access_token", false},
		{"http://example.com/oauth2/tokeninfo?access_token=foo", false},
		{"http://example.com/oauth2/tokeninfo?access_token=foo.bar", false},
		{"http://example.com/oauth2/tokeninfo?access_token=header.claims.signature", true},
	} {
		req, _ := http.NewRequest("GET", test.url, nil)
		match := h.Match(req)
		if match != test.want {
			t.Errorf("Matching fail for URL %q. Wanted %t, got %t", test.url, test.want, match)
		}

	}
}