Пример #1
0
func TestManagerKeySet(t *testing.T) {
	ks, _ := testGenerator.Generate("")
	ks.Key("private")

	for name, m := range managers {
		_, err := m.GetKeySet("foo")
		pkg.AssertError(t, true, err, name)

		err = m.AddKeySet("bar", ks)
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err := m.GetKeySet("bar")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, ks.Key("public"), got.Key("public"), name)
		assert.Equal(t, ks.Key("private"), got.Key("private"), name)

		err = m.DeleteKeySet("bar")
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		_, err = m.GetKeySet("bar")
		pkg.AssertError(t, true, err, name)
	}

	err := managers["http"].AddKeySet("nonono", ks)
	pkg.AssertError(t, true, err, "%s")
}
Пример #2
0
func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) {
	ctx := context.Background()
	for k, m := range clientManagers {
		_, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
		pkg.AssertError(t, true, err, "%s", k)

		err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest)
		pkg.AssertError(t, false, err, "%s", k)

		time.Sleep(100 * time.Millisecond)

		res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{
			Session: &testSession{},
		})
		pkg.RequireError(t, false, err, "%s", k)
		c.AssertObjectKeysEqual(t, &defaultRequest, res, "Scopes", "GrantedScopes", "Form", "Session")

		err = m.DeleteOpenIDConnectSession(ctx, "4321")
		pkg.AssertError(t, false, err, "%s", k)

		time.Sleep(100 * time.Millisecond)

		_, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
		pkg.AssertError(t, true, err, "%s", k)
	}
}
Пример #3
0
func TestManagerKey(t *testing.T) {
	ks, _ := testGenerator.Generate("")
	priv := ks.Key("private")
	pub := ks.Key("public")

	for name, m := range managers {
		t.Logf("Running test %s", name)

		_, err := m.GetKey("faz", "baz")
		pkg.AssertError(t, true, err, name)

		err = m.AddKey("faz", First(priv))
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err := m.GetKey("faz", "private")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, priv, got.Keys, "%s", name)

		err = m.AddKey("faz", First(pub))
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		got, err = m.GetKey("faz", "private")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, priv, got.Keys, "%s", name)

		got, err = m.GetKey("faz", "public")
		pkg.RequireError(t, false, err, name)
		assert.Equal(t, pub, got.Keys, "%s", name)

		err = m.DeleteKey("faz", "public")
		pkg.AssertError(t, false, err, name)

		time.Sleep(time.Millisecond * 100)

		ks, err = m.GetKey("faz", "public")
		pkg.AssertError(t, true, err, name)
	}

	err := managers["http"].AddKey("nonono", First(priv))
	pkg.AssertError(t, true, err, "%s")
}
Пример #4
0
func TestCreateGetFindDelete(t *testing.T) {
	for _, store := range managers {
		for _, c := range connections {
			_, err := store.Get("asdf")
			pkg.RequireError(t, true, err)

			err = store.Create(c)
			pkg.RequireError(t, false, err)

			time.Sleep(100 * time.Millisecond)

			res, err := store.Get(c.GetID())
			pkg.RequireError(t, false, err)
			require.Equal(t, c, res)

			cs, err := store.FindAllByLocalSubject("peter")
			pkg.RequireError(t, false, err)
			assert.Len(t, cs, 1)
			require.Equal(t, c, cs[0])

			res, err = store.FindByRemoteSubject("google", "peterson")
			pkg.RequireError(t, false, err)
			require.Equal(t, c, res)

			err = store.Delete(c.GetID())
			pkg.RequireError(t, false, err)

			time.Sleep(100 * time.Millisecond)

			_, err = store.Get(c.GetID())
			pkg.RequireError(t, true, err)
		}
	}
}
Пример #5
0
func TestManagers(t *testing.T) {
	p := &ladon.DefaultPolicy{
		ID:          uuid.New(),
		Description: "description",
		Subjects:    []string{"<peter>"},
		Effect:      ladon.AllowAccess,
		Resources:   []string{"<article|user>"},
		Actions:     []string{"view"},
		Conditions: ladon.Conditions{
			"ip": &ladon.CIDRCondition{
				CIDR: "1234",
			},
			"owner": &ladon.EqualsSubjectCondition{},
		},
	}

	for k, m := range managers {
		_, err := m.Get(p.ID)
		pkg.AssertError(t, true, err, k)
		pkg.AssertError(t, false, m.Create(p), k)

		time.Sleep(200 * time.Millisecond)

		res, err := m.Get(p.ID)
		pkg.AssertError(t, false, err, k)
		assert.Equal(t, p, res, "%s", k)

		ps, err := m.FindPoliciesForSubject("peter")
		pkg.RequireError(t, false, err, k)
		require.Len(t, ps, 1, "%s", k)
		assert.Equal(t, p, ps[0], "%s", k)

		ps, err = m.FindPoliciesForSubject("stan")
		pkg.AssertError(t, false, err, k)
		assert.Len(t, ps, 0, "%s", k)

		pkg.AssertError(t, false, m.Delete(p.ID), k)

		_, err = m.Get(p.ID)
		pkg.AssertError(t, true, err, k)
	}
}
Пример #6
0
func TestAuthCode(t *testing.T) {
	var code string
	var validConsent bool
	router.GET("/consent", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		tok, err := jwt.Parse(r.URL.Query().Get("challenge"), func(tt *jwt.Token) (interface{}, error) {
			if _, ok := tt.Method.(*jwt.SigningMethodRSA); !ok {
				return nil, errors.Errorf("Unexpected signing method: %v", tt.Header["alg"])
			}

			pk, err := keyManager.GetKey(ConsentChallengeKey, "public")
			pkg.RequireError(t, false, err)
			return jwk.MustRSAPublic(jwk.First(pk.Keys)), nil
		})
		pkg.RequireError(t, false, err)
		require.True(t, tok.Valid)

		consent, err := signConsentToken(map[string]interface{}{
			"jti": uuid.New(),
			"exp": time.Now().Add(time.Hour).Unix(),
			"iat": time.Now().Unix(),
			"aud": "app-client",
		})
		pkg.RequireError(t, false, err)

		http.Redirect(w, r, ejwt.ToString(tok.Claims["redir"])+"&consent="+consent, http.StatusFound)
		validConsent = true
	})

	router.GET("/callback", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		code = r.URL.Query().Get("code")
		w.Write([]byte(r.URL.Query().Get("code")))
	})

	resp, err := http.Get(oauthConfig.AuthCodeURL("some-foo-state"))
	pkg.RequireError(t, false, err)
	defer resp.Body.Close()

	_, err = ioutil.ReadAll(resp.Body)
	pkg.RequireError(t, false, err)

	require.True(t, validConsent)
	require.NotEmpty(t, code)

	_, err = oauthConfig.Exchange(oauth2.NoContext, code)
	pkg.RequireError(t, false, err)
}
Пример #7
0
func TestClientCredentials(t *testing.T) {
	tok, err := oauthClientConfig.Token(oauth2.NoContext)
	pkg.RequireError(t, false, err)
	assert.NotEmpty(t, tok.AccessToken)
}