func authEndpoint(rw http.ResponseWriter, req *http.Request) { ctx := NewContext() ar, err := oauth2.NewAuthorizeRequest(ctx, req) if err != nil { log.Printf("Error occurred in NewAuthorizeRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAuthorizeError(rw, ar, err) return } if req.Form.Get("username") != "peter" { rw.Header().Set("Content-Type", "text/html; charset=utf-8") rw.Write([]byte(`<h1>Login page</h1>`)) rw.Write([]byte(` <p>Howdy! This is the log in page. For this example, it is enough to supply the username.</p> <form method="post"> <input type="text" name="username" /> <small>try peter</small><br> <input type="submit"> </form> `)) return } // Normally, this would be the place where you would check if the user is logged in and gives his consent. // For this test, let's assume that the user exists, is logged in, and gives his consent... if typeof(*selectedStrategy) == "strategy.JWTStrategy" { // JWT claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) mySessionData := strategy.JWTSession{ JWTClaimsCtx: *claims, JWTHeaders: make(map[string]interface{}), } response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData) if err != nil { log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAuthorizeError(rw, ar, err) return } oauth2.WriteAuthorizeResponse(rw, ar, response) } else { // HMAC mySessionData := session{User: "******"} response, err := oauth2.NewAuthorizeResponse(ctx, req, ar, &mySessionData) if err != nil { log.Printf("Error occurred in NewAuthorizeResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAuthorizeError(rw, ar, err) return } oauth2.WriteAuthorizeResponse(rw, ar, response) } }
func tokenEndpoint(rw http.ResponseWriter, req *http.Request) { ctx := NewContext() if typeof(*selectedStrategy) == "strategy.JWTStrategy" { // JWT claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) mySessionData := strategy.JWTSession{ JWTClaimsCtx: *claims, JWTHeaders: make(map[string]interface{}), } accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData) if err != nil { log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAccessError(rw, accessRequest, err) return } response, err := oauth2.NewAccessResponse(ctx, req, accessRequest) if err != nil { log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAccessError(rw, accessRequest, err) return } oauth2.WriteAccessResponse(rw, accessRequest, response) } else { // HMAC mySessionData := session{} accessRequest, err := oauth2.NewAccessRequest(ctx, req, &mySessionData) if err != nil { log.Printf("Error occurred in NewAccessRequest: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAccessError(rw, accessRequest, err) return } response, err := oauth2.NewAccessResponse(ctx, req, accessRequest) if err != nil { log.Printf("Error occurred in NewAccessResponse: %s\nStack: \n%s", err, err.(*errors.Error).ErrorStack()) oauth2.WriteAccessError(rw, accessRequest, err) return } oauth2.WriteAccessResponse(rw, accessRequest, response) } }
func TestRejectsAlgAndTypHeader(t *testing.T) { for _, headers := range []map[string]interface{}{ {"alg": "foo"}, {"typ": "foo"}, {"typ": "foo", "alg": "foo"}, } { claims, _ := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) j := JWTEnigma{ PrivateKey: []byte(TestCertificates[0][1]), PublicKey: []byte(TestCertificates[1][1]), } _, _, err := j.Generate(claims, headers) assert.NotNil(t, err) } }
func TestGenerateJWT(t *testing.T) { claims, err := jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) j := JWTEnigma{ PrivateKey: []byte(TestCertificates[0][1]), PublicKey: []byte(TestCertificates[1][1]), } token, sig, err := j.Generate(claims, make(map[string]interface{})) require.Nil(t, err, "%s", err) require.NotNil(t, token) sig, err = j.Validate(token) require.Nil(t, err, "%s", err) sig, err = j.Validate(token + "." + "0123456789") require.NotNil(t, err, "%s", err) partToken := strings.Split(token, ".")[2] sig, err = j.Validate(partToken) require.NotNil(t, err, "%s", err) // Lets change the public certificate to a different public one... j.PublicKey = []byte("new") _, err = j.Validate(token) require.NotNil(t, err, "%s", err) // Reset public key j.PublicKey = []byte(TestCertificates[1][1]) // Lets change the private certificate to a different one... j.PrivateKey = []byte("new") _, _, err = j.Generate(claims, make(map[string]interface{})) require.NotNil(t, err, "%s", err) // Reset private key j.PrivateKey = []byte(TestCertificates[0][1]) // Lets validate the exp claim claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(-time.Hour), time.Now(), time.Now(), make(map[string]interface{})) token, sig, err = j.Generate(claims, make(map[string]interface{})) require.Nil(t, err, "%s", err) require.NotNil(t, token) t.Logf("%s.%s", token, sig) sig, err = j.Validate(token) require.NotNil(t, err, "%s", err) // Lets validate the nbf claim claims, err = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now().Add(time.Hour), time.Now(), make(map[string]interface{})) token, sig, err = j.Generate(claims, make(map[string]interface{})) require.Nil(t, err, "%s", err) require.NotNil(t, token) t.Logf("%s.%s", token, sig) sig, err = j.Validate(token) require.NotNil(t, err, "%s", err) }
"github.com/ory-am/fosite/enigma/jwthelper" "github.com/stretchr/testify/assert" ) var s = HMACSHAStrategy{ Enigma: &enigma.HMACSHAEnigma{GlobalSecret: []byte("foobarfoobarfoobarfoobar")}, } var j = &JWTStrategy{ Enigma: &enigma.JWTEnigma{ PrivateKey: []byte(enigma.TestCertificates[0][1]), PublicKey: []byte(enigma.TestCertificates[1][1]), }, } var claims, claimsErr = jwthelper.NewClaimsContext("fosite", "peter", "group0", "", time.Now().Add(time.Hour), time.Now(), time.Now(), make(map[string]interface{})) var r = &fosite.Request{ Client: &client.SecureClient{ Secret: []byte("foobarfoobarfoobarfoobar"), }, Session: &JWTSession{ JWTClaimsCtx: *claims, JWTHeaders: make(map[string]interface{}), }, } func TestAccessToken(t *testing.T) { // HMAC token, signature, err := s.GenerateAccessToken(nil, nil, r)