func TestHandlerCreation(t *testing.T) { kl := new(mockKeyLoader) u, _ := url.Parse("localhost") crp := revoke.NewCachingRevokeProvider(u) h := New(kl, crp) jh, ok := h.(*jwtHandler) if !ok { t.Fatalf("Wrong type for the handler = %v", reflect.TypeOf(h)) } if jh.keyLoader != kl { t.Error("Handler doesn't have the right key loader") } }
func Run(settings *options.Settings) { log.Printf("Started server (%s) at %v, /metrics endpoint at %v\n", version, settings.ListenAddress, settings.MetricsListenAddress) ht.UserAgent = fmt.Sprintf("%v/%s", os.Args[0], version) setupMetrics(settings) ph := tokeninfoproxy.NewTokenInfoProxyHandler(settings.UpstreamTokenInfoURL, settings.UpstreamCacheMaxSize, settings.UpstreamCacheTTL) kl := openid.NewCachingOpenIDProviderLoader(settings.OpenIDProviderConfigurationURL) crp := revoke.NewCachingRevokeProvider(settings.RevocationProviderUrl) jh := jwthandler.New(kl, crp) mux := http.NewServeMux() mux.Handle("/health", healthcheck.NewHandler(kl, version)) mux.Handle("/oauth2/tokeninfo", tokeninfo.NewHandler(ph, jh)) mux.Handle("/oauth2/connect/keys", jwks.NewHandler(kl)) log.Fatal(http.ListenAndServe(settings.ListenAddress, mux)) }
func TestHandler(t *testing.T) { kl := new(mockKeyLoader) u, _ := url.Parse("localhost") crp := revoke.NewCachingRevokeProvider(u) h := New(kl, crp) for _, test := range []struct { token string wantCode int wantBody string }{ {"", http.StatusBadRequest, `{"error":"invalid_request","error_description":"Access Token not valid"}` + "\n"}, {"foo", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"Access Token not valid"}` + "\n"}, {testRSAToken, http.StatusOK, testRSAToken}, {testECDSAToken, http.StatusOK, testECDSAToken}, } { w := httptest.NewRecorder() req, _ := http.NewRequest("GET", "http://example.com/oauth2/tokeninfo?access_token="+test.token, nil) h.ServeHTTP(w, req) if test.wantCode != w.Code { t.Errorf("Wrong status code. Wanted %d, got %d", test.wantCode, w.Code) } if !strings.Contains(w.Body.String(), test.wantBody) { t.Errorf("Wrong response body. Wanted %q, got %q", test.wantBody, w.Body.String()) } if test.wantCode == http.StatusOK { var ti processor.TokenInfo if err := json.NewDecoder(w.Body).Decode(&ti); err != nil { t.Error("Could not recover TokenInfo from response: ", err) } if ti.ExpiresIn <= 0 { t.Error("Recovered token info had an invalid expire time") } } } }
func TestRoutingMatch(t *testing.T) { kl := new(mockKeyLoader) u, _ := url.Parse("localhost") crp := revoke.NewCachingRevokeProvider(u) h := New(kl, crp) for _, test := range []struct { url string want bool }{ {"http://example.com/oauth2/tokeninfo", false}, {"http://example.com/oauth2/tokeninfo?access_token", false}, {"http://example.com/oauth2/tokeninfo?access_token=foo", false}, {"http://example.com/oauth2/tokeninfo?access_token=foo.bar", false}, {"http://example.com/oauth2/tokeninfo?access_token=header.claims.signature", true}, } { req, _ := http.NewRequest("GET", test.url, nil) match := h.Match(req) if match != test.want { t.Errorf("Matching fail for URL %q. Wanted %t, got %t", test.url, test.want, match) } } }