func TestAuthorizeImplicitEndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockImplicitGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeImplicitGrantTypeHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{mock: func() { areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{}) }},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(nil)
aresp.EXPECT().AddFragment("access_token", "foo.bar")
aresp.EXPECT().AddFragment("expires_in", strconv.Itoa(int(h.AccessTokenLifespan/time.Second)))
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
areq.EXPECT().SetResponseTypeHandled("token")
areq.EXPECT().GetState().Return("state")
areq.EXPECT().GetGrantedScopes().Return(fosite.Arguments{"scope"})
},
expectErr: nil,
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockClientCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := ClientCredentialsGrantHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("client_credentials")
areq.EXPECT().SetGrantTypeHandled("client_credentials")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := ResourceOwnerPasswordCredentialsGrantHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "", nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().SetAccessToken("foo.bar")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
areq.EXPECT().GetGrantedScopes()
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestClientCredentials_PopulateTokenEndpointResponse(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockClientCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := fosite.NewAccessRequest(new(fosite.DefaultSession))
aresp := fosite.NewAccessResponse()
defer ctrl.Finish()
h := ClientCredentialsGrantHandler{
HandleHelper: &HandleHelper{
AccessTokenStorage: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
},
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
mock func()
req *http.Request
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
mock: func() {
areq.GrantTypes = fosite.Arguments{""}
},
},
{
description: "should fail because client not allowed",
expectErr: fosite.ErrInvalidGrant,
mock: func() {
areq.GrantTypes = fosite.Arguments{"client_credentials"}
areq.Client = &fosite.DefaultClient{GrantTypes: fosite.Arguments{"foo"}}
},
},
{
description: "should pass",
mock: func() {
areq.GrantTypes = fosite.Arguments{"client_credentials"}
areq.Session = &fosite.DefaultSession{}
areq.Client = &fosite.DefaultClient{GrantTypes: fosite.Arguments{"client_credentials"}}
chgen.EXPECT().GenerateAccessToken(nil, areq).Return("tokenfoo.bar", "bar", nil)
store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil)
},
},
} {
c.mock()
err := h.PopulateTokenEndpointResponse(nil, c.req, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestIssueAccessToken(t *testing.T) {
ctrl := gomock.NewController(t)
areq := &fosite.AccessRequest{}
aresp := &fosite.AccessResponse{Extra: map[string]interface{}{}}
accessStrat := internal.NewMockAccessTokenStrategy(ctrl)
accessStore := internal.NewMockAccessTokenStorage(ctrl)
httpReq := &http.Request{}
defer ctrl.Finish()
helper := HandleHelper{
AccessTokenStorage: accessStore,
AccessTokenStrategy: accessStrat,
AccessTokenLifespan: time.Hour,
}
areq.Session = &fosite.DefaultSession{}
for k, c := range []struct {
mock func()
err error
}{
{
mock: func() {
accessStrat.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New(""))
},
err: errors.New(""),
},
{
mock: func() {
accessStrat.EXPECT().GenerateAccessToken(nil, areq).Return("token", "signature", nil)
accessStore.EXPECT().CreateAccessTokenSession(nil, "signature", areq).Return(errors.New(""))
},
err: errors.New(""),
},
{
mock: func() {
accessStrat.EXPECT().GenerateAccessToken(nil, areq).Return("token", "signature", nil)
accessStore.EXPECT().CreateAccessTokenSession(nil, "signature", areq).Return(nil)
},
err: nil,
},
} {
c.mock()
err := helper.IssueAccessToken(nil, httpReq, areq, aresp)
require.Equal(t, err == nil, c.err == nil)
if c.err != nil {
assert.EqualError(t, err, c.err.Error(), "Case %d", k)
}
}
}
func TestClientCredentials_HandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockClientCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := ClientCredentialsGrantHandler{
HandleHelper: &HandleHelper{
AccessTokenStorage: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
},
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
mock func()
req *http.Request
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
mock: func() {
areq.EXPECT().GetGrantTypes().Return(fosite.Arguments{""})
},
},
{
description: "should pass",
mock: func() {
areq.EXPECT().GetSession().Return(new(fosite.DefaultSession))
areq.EXPECT().GetGrantTypes().Return(fosite.Arguments{"client_credentials"})
areq.EXPECT().GetRequestedScopes().Return([]string{"foo", "bar", "baz.bar"})
areq.EXPECT().GetClient().Return(&fosite.DefaultClient{
GrantTypes: fosite.Arguments{"client_credentials"},
Scopes: []string{"foo", "bar", "baz"},
})
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAccessTokenStrategy(ctrl)
rch := internal.NewMockRefreshTokenStrategy(ctrl)
auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: auch,
AccessTokenStrategy: ach,
RefreshTokenStrategy: rch,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetGrantedScopes()
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.at", "at", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.rt", "rt", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
aresp.EXPECT().SetAccessToken("access.at")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("refresh_token", "refresh.rt")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("state", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil)
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeCode_PopulateTokenEndpointResponse(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAccessTokenStrategy(ctrl)
rch := internal.NewMockRefreshTokenStrategy(ctrl)
auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
areq := fosite.NewAccessRequest(new(fosite.DefaultSession))
httpreq := &http.Request{PostForm: url.Values{}}
authreq := fosite.NewAuthorizeRequest()
areq.Session = new(fosite.DefaultSession)
h := AuthorizeExplicitGrantHandler{
AuthorizeCodeGrantStorage: store,
AuthorizeCodeStrategy: auch,
AccessTokenStrategy: ach,
RefreshTokenStrategy: rch,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
setup: func() {
areq.GrantTypes = fosite.Arguments{"123"}
},
},
{
description: "should fail because authcode not found",
setup: func() {
areq.GrantTypes = fosite.Arguments{"authorization_code"}
areq.Client = &fosite.DefaultClient{
GrantTypes: fosite.Arguments{"authorization_code"},
}
httpreq.PostForm.Add("code", "authcode")
auch.EXPECT().AuthorizeCodeSignature("authcode").AnyTimes().Return("authsig")
store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).Return(nil, fosite.ErrNotFound)
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because validation failed",
setup: func() {
store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).AnyTimes().Return(authreq, nil)
auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").Return(errors.New(""))
},
expectErr: fosite.ErrInvalidRequest,
},
{
description: "should fail because access token generation failed",
setup: func() {
authreq.GrantedScopes = []string{"offline"}
auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").AnyTimes().Return(nil)
ach.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New("error"))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because refresh token generation failed",
setup: func() {
ach.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
rch.EXPECT().GenerateRefreshToken(nil, areq).Return("", "", errors.New("error"))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because persisting failed",
setup: func() {
rch.EXPECT().GenerateRefreshToken(nil, areq).AnyTimes().Return("refresh.rts", "rts", nil)
store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"foo", "offline"}
store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(nil)
aresp.EXPECT().SetAccessToken("access.ats")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("refresh_token", "refresh.rts")
aresp.EXPECT().SetExpiresIn(gomock.Any())
aresp.EXPECT().SetScopes(areq.GrantedScopes)
},
},
} {
c.setup()
err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestAuthorizeImplicit_EndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAccessTokenStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
httpreq := &http.Request{Form: url.Values{}}
areq.Session = new(fosite.DefaultSession)
h := AuthorizeImplicitGrantTypeHandler{
AccessTokenStorage: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
ScopeStrategy: fosite.HierarchicScopeStrategy,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling the response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"a"}
},
},
{
description: "should fail because access token generation failed",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"token"}
areq.Client = &fosite.DefaultClient{
GrantTypes: fosite.Arguments{"implicit"},
ResponseTypes: fosite.Arguments{"token"},
}
chgen.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because persistance failed",
setup: func() {
chgen.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
store.EXPECT().CreateAccessTokenSession(nil, "ats", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.State = "state"
areq.GrantedScopes = fosite.Arguments{"scope"}
store.EXPECT().CreateAccessTokenSession(nil, "ats", areq).AnyTimes().Return(nil)
aresp.EXPECT().AddFragment("access_token", "access.ats")
aresp.EXPECT().AddFragment("expires_in", gomock.Any())
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
},
expectErr: nil,
},
} {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestResourceOwnerFlow_PopulateTokenEndpointResponse(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
rtstr := internal.NewMockRefreshTokenStrategy(ctrl)
aresp := fosite.NewAccessResponse()
mockAT := "accesstoken.foo.bar"
mockRT := "refreshtoken.bar.foo"
defer ctrl.Finish()
areq := fosite.NewAccessRequest(nil)
httpreq := &http.Request{PostForm: url.Values{}}
h := ResourceOwnerPasswordCredentialsGrantHandler{
ResourceOwnerPasswordCredentialsGrantStorage: store,
HandleHelper: &HandleHelper{
AccessTokenStorage: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
},
RefreshTokenStrategy: rtstr,
}
for k, c := range []struct {
description string
setup func()
expectErr error
expect func()
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
setup: func() {
areq.GrantTypes = fosite.Arguments{""}
},
},
{
description: "should pass",
setup: func() {
areq.Session = &fosite.DefaultSession{}
areq.GrantTypes = fosite.Arguments{"password"}
chgen.EXPECT().GenerateAccessToken(nil, areq).Return(mockAT, "bar", nil)
store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil)
},
expect: func() {
assert.Nil(t, aresp.GetExtra("refresh_token"), "unexpected refresh token")
},
},
{
description: "should pass - offline scope",
setup: func() {
areq.GrantTypes = fosite.Arguments{"password"}
areq.GrantScope("offline")
rtstr.EXPECT().GenerateRefreshToken(nil, areq).Return(mockRT, "bar", nil)
store.EXPECT().CreateRefreshTokenSession(nil, "bar", areq).Return(nil)
chgen.EXPECT().GenerateAccessToken(nil, areq).Return(mockAT, "bar", nil)
store.EXPECT().CreateAccessTokenSession(nil, "bar", areq).Return(nil)
},
expect: func() {
assert.NotNil(t, aresp.GetExtra("refresh_token"), "expected refresh token")
},
},
} {
c.setup()
err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
if c.expect != nil {
c.expect()
}
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockRefreshTokenGrantStorage(ctrl)
rcts := internal.NewMockRefreshTokenStrategy(ctrl)
acts := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{})
h := RefreshTokenGrantHandler{
Store: store,
RefreshTokenStrategy: rcts,
AccessTokenStrategy: acts,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "refresh", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "refresh", nil)
rcts.EXPECT().ValidateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(nil)
store.EXPECT().DeleteRefreshTokenSession(gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.token", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.token", "refresh", nil)
rcts.EXPECT().ValidateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(nil)
store.EXPECT().DeleteRefreshTokenSession(gomock.Any()).Return(nil)
aresp.EXPECT().SetAccessToken("access.token")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
aresp.EXPECT().SetExtra("refresh_token", "refresh.token")
areq.EXPECT().GetGrantedScopes()
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestRefreshFlow_PopulateTokenEndpointResponse(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockRefreshTokenGrantStorage(ctrl)
rcts := internal.NewMockRefreshTokenStrategy(ctrl)
acts := internal.NewMockAccessTokenStrategy(ctrl)
areq := fosite.NewAccessRequest(nil)
aresp := internal.NewMockAccessResponder(ctrl)
httpreq := &http.Request{PostForm: url.Values{}}
defer ctrl.Finish()
areq.Client = &fosite.DefaultClient{}
h := RefreshTokenGrantHandler{
RefreshTokenGrantStorage: store,
RefreshTokenStrategy: rcts,
AccessTokenStrategy: acts,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should fail because not responsible",
expectErr: fosite.ErrUnknownRequest,
setup: func() {
areq.GrantTypes = fosite.Arguments{"313"}
},
},
{
description: "should fail because access token generation fails",
setup: func() {
areq.GrantTypes = fosite.Arguments{"refresh_token"}
httpreq.PostForm.Add("refresh_token", "foo.reftokensig")
rcts.EXPECT().RefreshTokenSignature("foo.reftokensig").AnyTimes().Return("reftokensig")
acts.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because access token generation fails",
setup: func() {
acts.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.atsig", "atsig", nil)
rcts.EXPECT().GenerateRefreshToken(nil, areq).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should fail because persisting fails",
setup: func() {
rcts.EXPECT().GenerateRefreshToken(nil, areq).AnyTimes().Return("refresh.resig", "resig", nil)
store.EXPECT().PersistRefreshTokenGrantSession(nil, "reftokensig", "atsig", "resig", areq).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
areq.Session = &fosite.DefaultSession{}
store.EXPECT().PersistRefreshTokenGrantSession(nil, "reftokensig", "atsig", "resig", areq).AnyTimes().Return(nil)
aresp.EXPECT().SetAccessToken("access.atsig")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExpiresIn(gomock.Any())
aresp.EXPECT().SetScopes(gomock.Any())
aresp.EXPECT().SetExtra("refresh_token", "refresh.resig")
},
},
} {
c.setup()
err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestRevokeToken(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockTokenRevocationStorage(ctrl)
atStrat := internal.NewMockAccessTokenStrategy(ctrl)
rtStrat := internal.NewMockRefreshTokenStrategy(ctrl)
ar := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := TokenRevocationHandler{
TokenRevocationStorage: store,
RefreshTokenStrategy: rtStrat,
AccessTokenStrategy: atStrat,
}
var token string
var tokenType fosite.TokenType
for k, c := range []struct {
description string
mock func()
expectErr error
}{
{
description: "should pass - refresh token discovery first; refresh token found",
expectErr: nil,
mock: func() {
token = "foo"
tokenType = fosite.RefreshToken
rtStrat.EXPECT().RefreshTokenSignature(token)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil)
ar.EXPECT().GetID()
store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any())
store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any())
},
},
{
description: "should pass - access token discovery first; access token found",
expectErr: nil,
mock: func() {
token = "foo"
tokenType = fosite.AccessToken
atStrat.EXPECT().AccessTokenSignature(token)
store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil)
ar.EXPECT().GetID()
store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any())
store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any())
},
},
{
description: "should pass - refresh token discovery first; refresh token not found",
expectErr: nil,
mock: func() {
token = "foo"
tokenType = fosite.AccessToken
atStrat.EXPECT().AccessTokenSignature(token)
store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
rtStrat.EXPECT().RefreshTokenSignature(token)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil)
ar.EXPECT().GetID()
store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any())
store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any())
},
},
{
description: "should pass - access token discovery first; access token not found",
expectErr: nil,
mock: func() {
token = "foo"
tokenType = fosite.RefreshToken
rtStrat.EXPECT().RefreshTokenSignature(token)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
atStrat.EXPECT().AccessTokenSignature(token)
store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(ar, nil)
ar.EXPECT().GetID()
store.EXPECT().RevokeRefreshToken(gomock.Any(), gomock.Any())
store.EXPECT().RevokeAccessToken(gomock.Any(), gomock.Any())
},
},
{
description: "should pass - refresh token discovery first; both tokens not found",
expectErr: fosite.ErrNotFound,
mock: func() {
token = "foo"
tokenType = fosite.RefreshToken
rtStrat.EXPECT().RefreshTokenSignature(token)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
atStrat.EXPECT().AccessTokenSignature(token)
store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
},
},
{
description: "should pass - access token discovery first; both tokens not found",
expectErr: fosite.ErrNotFound,
mock: func() {
token = "foo"
tokenType = fosite.AccessToken
atStrat.EXPECT().AccessTokenSignature(token)
store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
rtStrat.EXPECT().RefreshTokenSignature(token)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
},
},
} {
c.mock()
err := h.RevokeToken(nil, token, tokenType)
assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}