func TestAuthorizeImplicitEndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockImplicitGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeImplicitGrantTypeHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{mock: func() { areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{}) }},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(nil)
aresp.EXPECT().AddFragment("access_token", "foo.bar")
aresp.EXPECT().AddFragment("expires_in", strconv.Itoa(int(h.AccessTokenLifespan/time.Second)))
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
areq.EXPECT().SetResponseTypeHandled("token")
areq.EXPECT().GetState().Return("state")
areq.EXPECT().GetGrantedScopes().Return(fosite.Arguments{"scope"})
},
expectErr: nil,
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(nil, fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{Key: "foo", Signature: "bar"}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().AddQuery(gomock.Eq("code"), gomock.Eq("foo.bar"))
aresp.EXPECT().AddQuery(gomock.Eq("scope"), gomock.Any())
aresp.EXPECT().AddQuery(gomock.Eq("state"), gomock.Any())
areq.EXPECT().SetResponseTypeHandled(gomock.Eq("code"))
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetState()
},
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
authreq := internal.NewMockAuthorizeRequester(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: ach,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678") // grant_type REQUIRED. Value MUST be set to "authorization_code".
},
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", errors.New("foo"))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return("asdf")
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), "asdf").Return(nil, pkg.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New("foo"))
},
expectErr: fosite.ErrServerError,
},
{
// clients mismatch
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("bar", nil)
store.EXPECT().GetAuthorizeCodeSession("bar", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "bar"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession("signature", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(time.Hour))
authreq.EXPECT().GetSession().Return("sess")
areq.EXPECT().SetSession("sess")
areq.EXPECT().SetGrantTypeHandled("authorization_code")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}