func TestHandlerCreation(t *testing.T) {
kl := new(mockKeyLoader)
u, _ := url.Parse("localhost")
crp := revoke.NewCachingRevokeProvider(u)
h := New(kl, crp)
jh, ok := h.(*jwtHandler)
if !ok {
t.Fatalf("Wrong type for the handler = %v", reflect.TypeOf(h))
}
if jh.keyLoader != kl {
t.Error("Handler doesn't have the right key loader")
}
}
func Run(settings *options.Settings) {
log.Printf("Started server (%s) at %v, /metrics endpoint at %v\n",
version, settings.ListenAddress, settings.MetricsListenAddress)
ht.UserAgent = fmt.Sprintf("%v/%s", os.Args[0], version)
setupMetrics(settings)
ph := tokeninfoproxy.NewTokenInfoProxyHandler(settings.UpstreamTokenInfoURL, settings.UpstreamCacheMaxSize, settings.UpstreamCacheTTL)
kl := openid.NewCachingOpenIDProviderLoader(settings.OpenIDProviderConfigurationURL)
crp := revoke.NewCachingRevokeProvider(settings.RevocationProviderUrl)
jh := jwthandler.New(kl, crp)
mux := http.NewServeMux()
mux.Handle("/health", healthcheck.NewHandler(kl, version))
mux.Handle("/oauth2/tokeninfo", tokeninfo.NewHandler(ph, jh))
mux.Handle("/oauth2/connect/keys", jwks.NewHandler(kl))
log.Fatal(http.ListenAndServe(settings.ListenAddress, mux))
}
func TestHandler(t *testing.T) {
kl := new(mockKeyLoader)
u, _ := url.Parse("localhost")
crp := revoke.NewCachingRevokeProvider(u)
h := New(kl, crp)
for _, test := range []struct {
token string
wantCode int
wantBody string
}{
{"", http.StatusBadRequest, `{"error":"invalid_request","error_description":"Access Token not valid"}` + "\n"},
{"foo", http.StatusUnauthorized, `{"error":"invalid_token","error_description":"Access Token not valid"}` + "\n"},
{testRSAToken, http.StatusOK, testRSAToken},
{testECDSAToken, http.StatusOK, testECDSAToken},
} {
w := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "http://example.com/oauth2/tokeninfo?access_token="+test.token, nil)
h.ServeHTTP(w, req)
if test.wantCode != w.Code {
t.Errorf("Wrong status code. Wanted %d, got %d", test.wantCode, w.Code)
}
if !strings.Contains(w.Body.String(), test.wantBody) {
t.Errorf("Wrong response body. Wanted %q, got %q", test.wantBody, w.Body.String())
}
if test.wantCode == http.StatusOK {
var ti processor.TokenInfo
if err := json.NewDecoder(w.Body).Decode(&ti); err != nil {
t.Error("Could not recover TokenInfo from response: ", err)
}
if ti.ExpiresIn <= 0 {
t.Error("Recovered token info had an invalid expire time")
}
}
}
}
func TestRoutingMatch(t *testing.T) {
kl := new(mockKeyLoader)
u, _ := url.Parse("localhost")
crp := revoke.NewCachingRevokeProvider(u)
h := New(kl, crp)
for _, test := range []struct {
url string
want bool
}{
{"http://example.com/oauth2/tokeninfo", false},
{"http://example.com/oauth2/tokeninfo?access_token", false},
{"http://example.com/oauth2/tokeninfo?access_token=foo", false},
{"http://example.com/oauth2/tokeninfo?access_token=foo.bar", false},
{"http://example.com/oauth2/tokeninfo?access_token=header.claims.signature", true},
} {
req, _ := http.NewRequest("GET", test.url, nil)
match := h.Match(req)
if match != test.want {
t.Errorf("Matching fail for URL %q. Wanted %t, got %t", test.url, test.want, match)
}
}
}