func makeNewUserRepo() (user.UserRepo, error) {
userRepo := user.NewUserRepo()
id := "testid-1"
err := userRepo.Create(nil, user.User{
ID: id,
Email: "*****@*****.**",
})
if err != nil {
return nil, err
}
err = userRepo.AddRemoteIdentity(nil, id, user.RemoteIdentity{
ConnectorID: "test_connector_id",
ID: "YYY",
})
if err != nil {
return nil, err
}
return userRepo, nil
}
func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
password, err := user.NewPasswordFromPlaintext("woof")
if err != nil {
t.Fatalf("unexpectd error: %q", err)
}
passwordInfo := user.PasswordInfo{
UserID: "elroy77",
Password: password,
}
cfg := &connector.LocalConnectorConfig{
PasswordInfos: []user.PasswordInfo{passwordInfo},
}
ci := oidc.ClientIdentity{
Credentials: oidc.ClientCredentials{
ID: "72de74a9",
Secret: "XXX",
},
}
cir := client.NewClientIdentityRepo([]oidc.ClientIdentity{ci})
issuerURL := url.URL{Scheme: "http", Host: "server.example.com"}
sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo())
k, err := key.GeneratePrivateKey()
if err != nil {
t.Fatalf("Unable to generate RSA key: %v", err)
}
km := key.NewPrivateKeyManager()
err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{k}, time.Now().Add(time.Minute)))
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
usr := user.User{
ID: "ID-test",
Email: "*****@*****.**",
DisplayName: "displayname",
}
userRepo := user.NewUserRepo()
if err := userRepo.Create(nil, usr); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
passwordInfoRepo := user.NewPasswordInfoRepo()
refreshTokenRepo, err := refreshtest.NewTestRefreshTokenRepo()
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
srv := &server.Server{
IssuerURL: issuerURL,
KeyManager: km,
SessionManager: sm,
ClientIdentityRepo: cir,
Templates: template.New(connector.LoginPageTemplateName),
Connectors: []connector.Connector{},
UserRepo: userRepo,
PasswordInfoRepo: passwordInfoRepo,
RefreshTokenRepo: refreshTokenRepo,
}
if err = srv.AddConnector(cfg); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
sClient := &phttp.HandlerClient{Handler: srv.HTTPHandler()}
pcfg, err := oidc.FetchProviderConfig(sClient, issuerURL.String())
if err != nil {
t.Fatalf("Failed to fetch provider config: %v", err)
}
ks := key.NewPublicKeySet([]jose.JWK{k.JWK()}, time.Now().Add(1*time.Hour))
ccfg := oidc.ClientConfig{
HTTPClient: sClient,
ProviderConfig: pcfg,
Credentials: ci.Credentials,
RedirectURL: "http://client.example.com",
KeySet: *ks,
}
cl, err := oidc.NewClient(ccfg)
if err != nil {
t.Fatalf("Failed creating oidc.Client: %v", err)
}
m := http.NewServeMux()
var claims jose.Claims
var refresh string
m.HandleFunc("/callback", handleCallbackFunc(cl, &claims, &refresh))
cClient := &phttp.HandlerClient{Handler: m}
// this will actually happen due to some interaction between the
// end-user and a remote identity provider
sessionID, err := sm.NewSession("bogus_idpc", ci.Credentials.ID, "bogus", url.URL{}, "", false, []string{"openid", "offline_access"})
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if _, err = sm.AttachRemoteIdentity(sessionID, passwordInfo.Identity()); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if _, err = sm.AttachUser(sessionID, usr.ID); err != nil {
t.Fatalf("Unexpected error: %v", err)
}
key, err := sm.NewSessionKey(sessionID)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
req, err := http.NewRequest("GET", fmt.Sprintf("http://client.example.com/callback?code=%s", key), nil)
if err != nil {
t.Fatalf("Failed creating HTTP request: %v", err)
}
resp, err := cClient.Do(req)
if err != nil {
t.Fatalf("Failed resolving HTTP requests against /callback: %v", err)
}
if err := verifyUserClaims(claims, &ci, &usr, issuerURL); err != nil {
t.Fatalf("Failed to verify claims: %v", err)
}
if resp.StatusCode != http.StatusOK {
t.Fatalf("Received status code %d, want %d", resp.StatusCode, http.StatusOK)
}
if refresh == "" {
t.Fatalf("No refresh token")
}
// Use refresh token to get a new ID token.
token, err := cl.RefreshToken(refresh)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
claims, err = token.Claims()
if err != nil {
t.Fatalf("Failed parsing claims from client token: %v", err)
}
if err := verifyUserClaims(claims, &ci, &usr, issuerURL); err != nil {
t.Fatalf("Failed to verify claims: %v", err)
}
}