func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) { ctx := context.Background() for k, m := range clientManagers { _, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{}) pkg.AssertError(t, true, err, "%s", k) err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest) pkg.AssertError(t, false, err, "%s", k) time.Sleep(100 * time.Millisecond) res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{ Session: &testSession{}, }) pkg.RequireError(t, false, err, "%s", k) c.AssertObjectKeysEqual(t, &defaultRequest, res, "Scopes", "GrantedScopes", "Form", "Session") err = m.DeleteOpenIDConnectSession(ctx, "4321") pkg.AssertError(t, false, err, "%s", k) time.Sleep(100 * time.Millisecond) _, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{}) pkg.AssertError(t, true, err, "%s", k) } }
func TestCreateGetDelete(t *testing.T) { for _, c := range cases { err := s.Create(c) assert.Nil(t, err) get, err := s.Get(c.GetID()) assert.Nil(t, err) pkg.AssertObjectKeysEqual(t, c, get, "Description", "Subjects", "Resources", "Effect", "Permissions") assert.Equal(t, len(c.Conditions), len(get.GetConditions())) //assert.True(t, reflect.DeepEqual(c, get), "%v does not equal %v", c, get) } for _, c := range cases { assert.Nil(t, s.Delete(c.GetID())) _, err := s.Get(c.GetID()) assert.NotNil(t, err) } }
func TestCreateGetDelete(t *testing.T) { for k, s := range managers { for _, c := range managerPolicies { err := s.Create(c) assert.Nil(t, err, "%s: %s", k, err) time.Sleep(time.Millisecond * 100) get, err := s.Get(c.GetID()) assert.Nil(t, err, "%s: %s", k, err) pkg.AssertObjectKeysEqual(t, c, get, "Description", "Subjects", "Resources", "Effect", "Actions") assert.EqualValues(t, c.Conditions, get.GetConditions(), "%s", k) } for _, c := range managerPolicies { assert.Nil(t, s.Delete(c.GetID()), k) _, err := s.Get(c.GetID()) assert.NotNil(t, err, "%s: %s", k, err) } } }
func TestNewAccessRequest(t *testing.T) { ctrl := gomock.NewController(t) store := internal.NewMockStorage(ctrl) client := internal.NewMockClient(ctrl) handler := internal.NewMockTokenEndpointHandler(ctrl) hasher := internal.NewMockHasher(ctrl) defer ctrl.Finish() fosite := &Fosite{Store: store, Hasher: hasher} for k, c := range []struct { header http.Header form url.Values mock func() method string expectErr error expect *AccessRequest handlers TokenEndpointHandlers }{ { header: http.Header{}, expectErr: ErrInvalidRequest, method: "POST", mock: func() {}, }, { header: http.Header{}, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() {}, expectErr: ErrInvalidRequest, }, { header: http.Header{}, method: "POST", form: url.Values{ "grant_type": {"foo"}, "client_id": {"foo"}, }, expectErr: ErrInvalidRequest, mock: func() {}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "GET", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidRequest, mock: func() {}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrServerError, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(ErrServerError) }, handlers: TokenEndpointHandlers{"a": handler}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrUnsupportedGrantType, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) }, handlers: TokenEndpointHandlers{"a": handler}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrUnsupportedGrantType, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) { a.SetGrantTypeHandled("bar") }).Return(nil) }, handlers: TokenEndpointHandlers{"a": handler}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) { a.SetGrantTypeHandled("foo") a.SetScopes([]string{"asdfasdf"}) }).Return(nil) }, handlers: TokenEndpointHandlers{"a": handler}, expectErr: ErrInvalidScope, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) { a.SetGrantTypeHandled("foo") a.SetScopes([]string{DefaultRequiredScopeName}) }).Return(nil) }, handlers: TokenEndpointHandlers{"a": handler}, expect: &AccessRequest{ GrantType: "foo", HandledGrantType: []string{"foo"}, Client: client, }, }, } { r := &http.Request{ Header: c.header, PostForm: c.form, Form: c.form, Method: c.method, } c.mock() ctx := NewContext() fosite.TokenEndpointHandlers = c.handlers ar, err := fosite.NewAccessRequest(ctx, r, &struct{}{}) is := errors.Is(c.expectErr, err) assert.True(t, is, "%d\nwant: %s \ngot: %s", k, c.expectErr, err) if !is { t.Logf("Error occured: %s", err.(*errors.Error).ErrorStack()) } if err == nil { pkg.AssertObjectKeysEqual(t, c.expect, ar, "GrantType", "Client") assert.NotNil(t, ar.GetRequestedAt()) } t.Logf("Passed test case %d", k) } }
// Should pass // // * https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Terminology // The OAuth 2.0 specification allows for registration of space-separated response_type parameter values. // If a Response Type contains one of more space characters (%20), it is compared as a space-delimited list of // values in which the order of values does not matter. func TestNewAuthorizeRequest(t *testing.T) { ctrl := gomock.NewController(t) store := NewMockStorage(ctrl) defer ctrl.Finish() redir, _ := url.Parse("https://foo.bar/cb") for k, c := range []struct { desc string conf *Fosite r *http.Request query url.Values expectedError error mock func() expect *AuthorizeRequest }{ /* empty request */ { desc: "empty request fails", conf: &Fosite{Store: store}, r: &http.Request{}, expectedError: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Any()).Return(nil, errors.New("foo")) }, }, /* invalid redirect uri */ { desc: "invalid redirect uri fails", conf: &Fosite{Store: store}, query: url.Values{"redirect_uri": []string{"invalid"}}, expectedError: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Any()).Return(nil, errors.New("foo")) }, }, /* invalid client */ { desc: "invalid client fails", conf: &Fosite{Store: store}, query: url.Values{"redirect_uri": []string{"https://foo.bar/cb"}}, expectedError: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Any()).Return(nil, errors.New("foo")) }, }, /* redirect client mismatch */ { desc: "client and request redirects mismatch", conf: &Fosite{Store: store}, query: url.Values{ "client_id": []string{"1234"}, }, expectedError: ErrInvalidRequest, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"invalid"}}, nil) }, }, /* redirect client mismatch */ { desc: "client and request redirects mismatch", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": []string{""}, "client_id": []string{"1234"}, }, expectedError: ErrInvalidRequest, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"invalid"}}, nil) }, }, /* redirect client mismatch */ { desc: "client and request redirects mismatch", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": []string{"https://foo.bar/cb"}, "client_id": []string{"1234"}, }, expectedError: ErrInvalidRequest, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"invalid"}}, nil) }, }, /* no state */ { desc: "no state", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": []string{"https://foo.bar/cb"}, "client_id": []string{"1234"}, "response_type": []string{"code"}, }, expectedError: ErrInvalidState, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, }, /* short state */ { desc: "short state", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": {"https://foo.bar/cb"}, "client_id": {"1234"}, "response_type": {"code"}, "state": {"short"}, }, expectedError: ErrInvalidState, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, }, /* success case */ { desc: "should pass", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": {"https://foo.bar/cb"}, "client_id": {"1234"}, "response_type": {"code"}, "state": {"strong-state"}, "scope": {"foo bar"}, }, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, expectedError: ErrInvalidScope, }, { desc: "should not pass because hybrid flow is not active", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": {"https://foo.bar/cb"}, "client_id": {"1234"}, "response_type": {"code token"}, "state": {"strong-state"}, "scope": {DefaultRequiredScopeName + " foo bar"}, }, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, expectedError: ErrInvalidRequest, }, { desc: "should not pass because hybrid flow is not active", conf: &Fosite{Store: store}, query: url.Values{ "redirect_uri": {"https://foo.bar/cb"}, "client_id": {"1234"}, "response_type": {"code"}, "state": {"strong-state"}, "scope": {DefaultRequiredScopeName + " foo bar"}, }, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, expect: &AuthorizeRequest{ RedirectURI: redir, ResponseTypes: []string{"code"}, State: "strong-state", Request: Request{ Scopes: []string{DefaultRequiredScopeName, "foo", "bar"}, Client: &SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, }, }, }, { desc: "should pass", conf: &Fosite{Store: store, AllowHybridFlow: true}, query: url.Values{ "redirect_uri": {"https://foo.bar/cb"}, "client_id": {"1234"}, "response_type": {"code token"}, "state": {"strong-state"}, "scope": {DefaultRequiredScopeName + " foo bar"}, }, mock: func() { store.EXPECT().GetClient("1234").Return(&SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, nil) }, expect: &AuthorizeRequest{ RedirectURI: redir, ResponseTypes: []string{"code", "token"}, State: "strong-state", Request: Request{ Client: &SecureClient{RedirectURIs: []string{"https://foo.bar/cb"}}, Scopes: []string{DefaultRequiredScopeName, "foo", "bar"}, }, }, }, } { t.Logf("Joining test case %d", k) c.mock() if c.r == nil { c.r = &http.Request{Header: http.Header{}} if c.query != nil { c.r.URL = &url.URL{RawQuery: c.query.Encode()} } } ar, err := c.conf.NewAuthorizeRequest(context.Background(), c.r) assert.Equal(t, c.expectedError == nil, err == nil, "%d: %s\n%s", k, c.desc, err) if c.expectedError != nil { assert.Equal(t, err.Error(), c.expectedError.Error(), "%d: %s\n%s", k, c.desc, err) } else { pkg.AssertObjectKeysEqual(t, c.expect, ar, "ResponseTypes", "Scopes", "Client", "RedirectURI", "State") assert.NotNil(t, ar.GetRequestedAt()) } t.Logf("Passed test case %d", k) } }
func TestCreateAndGetCases(t *testing.T) { a := uuid.New() b := uuid.New() for _, c := range []struct { p account.CreateAccountRequest pass bool find bool }{ { p: account.CreateAccountRequest{ ID: a, Username: "******", Password: "******", Data: `{"foo": "bar"}`, }, pass: true, find: true, }, { p: account.CreateAccountRequest{ ID: a, Username: "******", Password: "******", Data: `{"foo": "bar"}`, }, pass: false, find: true, }, { p: account.CreateAccountRequest{ ID: b, Username: "******", Password: "******", Data: `{"foo": "bar"}`, }, pass: false, find: false, }, { p: account.CreateAccountRequest{ ID: uuid.New(), Username: uuid.New(), Password: "******", Data: "", }, pass: true, find: true, }, } { result, err := store.Create(c.p) if c.pass { assert.Nil(t, err) pkg.AssertObjectKeysEqual(t, c.p, result, "ID", "Username") result, err = store.Get(c.p.ID) assert.Equal(t, c.find, err == nil) if !c.find { continue } pkg.AssertObjectKeysEqual(t, c.p, result, "ID", "Username") } else { assert.NotNil(t, err) result, err = store.Get(c.p.ID) assert.Equal(t, c.find, err == nil) if !c.find { continue } pkg.AssertObjectKeysEqual(t, c.p, result, "ID", "Username") } } }
func TestNewAccessRequest(t *testing.T) { ctrl := gomock.NewController(t) store := internal.NewMockStorage(ctrl) client := internal.NewMockClient(ctrl) handler := internal.NewMockTokenEndpointHandler(ctrl) hasher := internal.NewMockHasher(ctrl) defer ctrl.Finish() fosite := &Fosite{Store: store, Hasher: hasher} for k, c := range []struct { header http.Header form url.Values mock func() method string expectErr error expect *AccessRequest handlers TokenEndpointHandlers }{ { header: http.Header{}, expectErr: ErrInvalidRequest, method: "POST", mock: func() {}, }, { header: http.Header{}, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() {}, expectErr: ErrInvalidRequest, }, { header: http.Header{}, method: "POST", form: url.Values{ "grant_type": {"foo"}, "client_id": {"foo"}, }, expectErr: ErrInvalidRequest, mock: func() {}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "GET", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidRequest, mock: func() {}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrInvalidClient, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().IsPublic().Return(false) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(errors.New("")) }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, expectErr: ErrServerError, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().IsPublic().Return(false) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any()).Return(ErrServerError) }, handlers: TokenEndpointHandlers{handler}, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().IsPublic().Return(false) client.EXPECT().GetHashedSecret().Return([]byte("foo")) hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil) handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) }, handlers: TokenEndpointHandlers{handler}, expect: &AccessRequest{ GrantTypes: Arguments{"foo"}, Request: Request{ Client: client, }, }, }, { header: http.Header{ "Authorization": {basicAuth("foo", "bar")}, }, method: "POST", form: url.Values{ "grant_type": {"foo"}, }, mock: func() { store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil) client.EXPECT().IsPublic().Return(true) handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) }, handlers: TokenEndpointHandlers{handler}, expect: &AccessRequest{ GrantTypes: Arguments{"foo"}, Request: Request{ Client: client, }, }, }, } { r := &http.Request{ Header: c.header, PostForm: c.form, Form: c.form, Method: c.method, } c.mock() ctx := NewContext() fosite.TokenEndpointHandlers = c.handlers ar, err := fosite.NewAccessRequest(ctx, r, new(DefaultSession)) assert.True(t, errors.Cause(err) == c.expectErr, "%d\nwant: %s \ngot: %s", k, c.expectErr, err) if err != nil { t.Logf("Error occured: %v", err) } else { pkg.AssertObjectKeysEqual(t, c.expect, ar, "GrantTypes", "Client") assert.NotNil(t, ar.GetRequestedAt()) } t.Logf("Passed test case %d", k) } }