func TestAssets(t *testing.T) {
Convey("Parse", t, func() {
var (
result xdr.AssetType
err error
)
result, err = Parse("native")
So(result, ShouldEqual, xdr.AssetTypeAssetTypeNative)
So(err, ShouldBeNil)
result, err = Parse("credit_alphanum4")
So(result, ShouldEqual, xdr.AssetTypeAssetTypeCreditAlphanum4)
So(err, ShouldBeNil)
result, err = Parse("credit_alphanum12")
So(result, ShouldEqual, xdr.AssetTypeAssetTypeCreditAlphanum12)
So(err, ShouldBeNil)
result, err = Parse("not_real")
So(errors.Is(err, ErrInvalidString), ShouldBeTrue)
result, err = Parse("")
So(errors.Is(err, ErrInvalidString), ShouldBeTrue)
})
Convey("String", t, func() {
var (
result string
err error
)
result, err = String(xdr.AssetTypeAssetTypeNative)
So(result, ShouldEqual, "native")
So(err, ShouldBeNil)
result, err = String(xdr.AssetTypeAssetTypeCreditAlphanum4)
So(result, ShouldEqual, "credit_alphanum4")
So(err, ShouldBeNil)
result, err = String(xdr.AssetTypeAssetTypeCreditAlphanum12)
So(result, ShouldEqual, "credit_alphanum12")
So(err, ShouldBeNil)
result, err = String(xdr.AssetType(15))
So(errors.Is(err, ErrInvalidValue), ShouldBeTrue)
})
}
func loadReleaseID() (string, error) {
releaseID := os.Getenv("WERCKER_DISTELLI_RELEASE")
if releaseID == "" {
if stat, err := os.Stat(releaseFilename); err == nil {
if stat.Size() <= 0 {
return "", errors.New(BadReleaseFile)
}
releaseFile, err := os.Open(releaseFilename)
if err != nil {
return "", errors.WrapPrefix(err, fmt.Sprintf("Error opening file %s", releaseFilename), 0)
}
defer releaseFile.Close()
reader := bufio.NewReader(releaseFile)
releaseID, err = reader.ReadString('\n')
if err != nil && !errors.Is(err, io.EOF) {
return "", errors.WrapPrefix(err, fmt.Sprintf("Error reading file %s", releaseFilename), 0)
}
}
}
return strings.TrimSpace(releaseID), nil
}
func shouldRetry(err error) bool {
if errors.Is(err, io.ErrUnexpectedEOF) {
return true
} else if opError, ok := err.(*net.OpError); ok {
if opError.Timeout() || opError.Temporary() || opError.Err.Error() == syscall.ECONNRESET.Error() {
return true
}
} else if urlError, ok := err.(*url.Error); ok {
if urlError.Timeout() || urlError.Temporary() || errors.Is(urlError.Err, io.EOF) {
return true
}
} else {
return false
}
return false
}
func TestAuthorizeImplicitEndpointHandler(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockImplicitGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeImplicitGrantTypeHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{mock: func() { areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{}) }},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "foo", nil)
store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any()).Return(nil)
aresp.EXPECT().AddFragment("access_token", "foo.bar")
aresp.EXPECT().AddFragment("expires_in", strconv.Itoa(int(h.AccessTokenLifespan/time.Second)))
aresp.EXPECT().AddFragment("token_type", "bearer")
aresp.EXPECT().AddFragment("state", "state")
aresp.EXPECT().AddFragment("scope", "scope")
areq.EXPECT().SetResponseTypeHandled("token")
areq.EXPECT().GetState().Return("state")
areq.EXPECT().GetGrantedScopes().Return(fosite.Arguments{"scope"})
},
expectErr: nil,
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockClientCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := ClientCredentialsGrantHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("client_credentials")
areq.EXPECT().SetGrantTypeHandled("client_credentials")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
chgen := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := ResourceOwnerPasswordCredentialsGrantHandler{
Store: store,
AccessTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "foo", nil)
store.EXPECT().CreateAccessTokenSession("foo", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
chgen.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "", nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().SetAccessToken("foo.bar")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
areq.EXPECT().GetGrantedScopes()
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func ShouldBeErr(a interface{}, options ...interface{}) string {
actual := a.(error)
expected := options[0].(error)
ok := errors.Is(actual, expected)
if !ok {
return fmt.Sprintf("Errors don't match:\n%v+\n%v+", actual, expected)
}
return ""
}
func (w *LocalWarden) HTTPActionAllowed(ctx context.Context, r *http.Request, a *ladon.Request, scopes ...string) (*Context, error) {
var session = new(oauth2.Session)
var oauthRequest = fosite.NewAccessRequest(session)
if err := w.TokenValidator.ValidateRequest(ctx, r, oauthRequest); errors.Is(err, fosite.ErrUnknownRequest) {
return nil, pkg.ErrUnauthorized
} else if err != nil {
return nil, err
}
return w.actionAllowed(ctx, a, scopes, oauthRequest, session)
}
func (h *Handler) createRS256KeysIfNotExist(c *config.Config, set, lookup string) {
ctx := c.Context()
generator := jwk.RS256Generator{}
if _, err := ctx.KeyManager.GetKey(set, lookup); errors.Is(err, pkg.ErrNotFound) {
logrus.Warnf("Key pair for signing %s is missing. Creating new one.", set)
keys, err := generator.Generate("")
pkg.Must(err, "Could not generate %s key: %s", set, err)
err = ctx.KeyManager.AddKeySet(set, keys)
pkg.Must(err, "Could not persist %s key: %s", set, err)
}
}
func getOrCreateTLSCertificate(cmd *cobra.Command) tls.Certificate {
if cert := loadCertificateFromFile(cmd); cert != nil {
return *cert
} else if cert := loadCertificateFromEnv(cmd); cert != nil {
return *cert
}
ctx := c.Context()
keys, err := ctx.KeyManager.GetKey(TLSKeyName, "private")
if errors.Is(err, pkg.ErrNotFound) {
logrus.Warn("Key for TLS not found. Creating new one.")
keys, err = new(jwk.ECDSA256Generator).Generate("")
pkg.Must(err, "Could not generate key: %s", err)
cert, err := createSelfSignedCertificate(jwk.First(keys.Key("private")).Key)
pkg.Must(err, "Could not create X509 PEM Key Pair: %s", err)
private := jwk.First(keys.Key("private"))
private.Certificates = []*x509.Certificate{cert}
keys = &jose.JsonWebKeySet{
Keys: []jose.JsonWebKey{
*private,
*jwk.First(keys.Key("public")),
},
}
err = ctx.KeyManager.AddKeySet(TLSKeyName, keys)
pkg.Must(err, "Could not persist key: %s", err)
} else {
pkg.Must(err, "Could not retrieve key: %s", err)
}
private := jwk.First(keys.Key("private"))
block, err := jwk.PEMBlockForKey(private.Key)
if err != nil {
pkg.Must(err, "Could not encode key to PEM: %s", err)
}
if len(private.Certificates) == 0 {
logrus.Fatal("TLS certificate chain can not be empty")
}
pemCert := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: private.Certificates[0].Raw})
pemKey := pem.EncodeToMemory(block)
cert, err := tls.X509KeyPair(pemCert, pemKey)
pkg.Must(err, "Could not decode certificate: %s", err)
return cert
}
func (w *LocalWarden) HTTPAuthorized(ctx context.Context, r *http.Request, scopes ...string) (*Context, error) {
var session = new(oauth2.Session)
var oauthRequest = fosite.NewAccessRequest(session)
if err := w.TokenValidator.ValidateRequest(ctx, r, oauthRequest); errors.Is(err, fosite.ErrUnknownRequest) {
return nil, fosite.ErrRequestUnauthorized
} else if err != nil {
return nil, err
}
session = oauthRequest.GetSession().(*oauth2.Session)
if !matchScopes(oauthRequest.GetGrantedScopes(), scopes, session, oauthRequest.Client) {
return nil, errors.New(herodot.ErrForbidden)
}
return &Context{
Subject: session.Subject,
GrantedScopes: oauthRequest.GetGrantedScopes(),
Issuer: w.Issuer,
Audience: oauthRequest.GetClient().GetID(),
IssuedAt: oauthRequest.GetRequestedAt(),
}, nil
}
func runPatchingScenario(t *testing.T, scenario patchScenario) {
log := func(format string, args ...interface{}) {
t.Logf("[%s] %s", scenario.name, fmt.Sprintf(format, args...))
}
log("Scenario start")
mainDir, err := ioutil.TempDir("", "patch-cycle")
assert.NoError(t, err)
assert.NoError(t, os.MkdirAll(mainDir, 0755))
defer os.RemoveAll(mainDir)
v1 := filepath.Join(mainDir, "v1")
makeTestDir(t, v1, scenario.v1)
v2 := filepath.Join(mainDir, "v2")
makeTestDir(t, v2, scenario.v2)
compression := &CompressionSettings{}
compression.Algorithm = CompressionAlgorithm_NONE
sourceContainer, err := tlc.WalkAny(v2, nil)
assert.NoError(t, err)
consumer := &state.Consumer{}
patchBuffer := new(bytes.Buffer)
signatureBuffer := new(bytes.Buffer)
func() {
targetContainer, dErr := tlc.WalkAny(v1, nil)
assert.NoError(t, dErr)
targetPool := fspool.New(targetContainer, v1)
targetSignature, dErr := ComputeSignature(targetContainer, targetPool, consumer)
assert.NoError(t, dErr)
pool := fspool.New(sourceContainer, v2)
dctx := &DiffContext{
Compression: compression,
Consumer: consumer,
SourceContainer: sourceContainer,
Pool: pool,
TargetContainer: targetContainer,
TargetSignature: targetSignature,
}
assert.NoError(t, dctx.WritePatch(patchBuffer, signatureBuffer))
}()
v1Before := filepath.Join(mainDir, "v1Before")
cpDir(t, v1, v1Before)
v1After := filepath.Join(mainDir, "v1After")
woundsPath := filepath.Join(mainDir, "wounds.pww")
if scenario.extraTests {
log("Making sure before-path folder doesn't validate")
signature, sErr := ReadSignature(bytes.NewReader(signatureBuffer.Bytes()))
assert.NoError(t, sErr)
assert.Error(t, AssertValid(v1Before, signature))
runExtraTest := func(setup SetupFunc) error {
assert.NoError(t, os.RemoveAll(woundsPath))
assert.NoError(t, os.RemoveAll(v1Before))
cpDir(t, v1, v1Before)
actx := &ApplyContext{
TargetPath: v1Before,
OutputPath: v1Before,
InPlace: true,
Consumer: consumer,
}
if setup != nil {
setup(actx)
}
patchReader := bytes.NewReader(patchBuffer.Bytes())
aErr := actx.ApplyPatch(patchReader)
if aErr != nil {
return aErr
}
if actx.Signature == nil {
vErr := AssertValid(v1Before, signature)
if vErr != nil {
return vErr
}
}
return nil
}
func() {
log("In-place with failing vet")
var NotVettingError = errors.New("not vetting this")
pErr := runExtraTest(func(actx *ApplyContext) {
actx.VetApply = func(actx *ApplyContext) error {
return NotVettingError
}
})
assert.Error(t, pErr)
assert.True(t, errors.Is(pErr, NotVettingError))
}()
func() {
log("In-place with signature (failfast, passing)")
assert.NoError(t, runExtraTest(func(actx *ApplyContext) {
actx.Signature = signature
}))
}()
func() {
log("In-place with signature (failfast, failing)")
assert.Error(t, runExtraTest(func(actx *ApplyContext) {
actx.Signature = signature
makeTestDir(t, v1Before, *scenario.corruptions)
}))
}()
func() {
log("In-place with signature (wounds, passing)")
assert.NoError(t, runExtraTest(func(actx *ApplyContext) {
actx.Signature = signature
actx.WoundsPath = woundsPath
}))
_, sErr := os.Lstat(woundsPath)
assert.Error(t, sErr)
assert.True(t, os.IsNotExist(sErr))
}()
func() {
log("In-place with signature (wounds, failing)")
assert.NoError(t, runExtraTest(func(actx *ApplyContext) {
actx.Signature = signature
actx.WoundsPath = woundsPath
makeTestDir(t, v1Before, *scenario.corruptions)
}))
_, sErr := os.Lstat(woundsPath)
assert.NoError(t, sErr)
}()
}
log("Applying to other directory, with separate check")
assert.NoError(t, os.RemoveAll(v1Before))
cpDir(t, v1, v1Before)
func() {
actx := &ApplyContext{
TargetPath: v1Before,
OutputPath: v1After,
Consumer: consumer,
}
patchReader := bytes.NewReader(patchBuffer.Bytes())
aErr := actx.ApplyPatch(patchReader)
assert.NoError(t, aErr)
assert.Equal(t, 0, actx.Stats.DeletedFiles, "deleted files (other dir)")
assert.Equal(t, 0, actx.Stats.DeletedDirs, "deleted dirs (other dir)")
assert.Equal(t, 0, actx.Stats.DeletedSymlinks, "deleted symlinks (other dir)")
assert.Equal(t, 0, actx.Stats.MovedFiles, "moved files (other dir)")
assert.Equal(t, len(sourceContainer.Files), actx.Stats.TouchedFiles, "touched files (other dir)")
assert.Equal(t, 0, actx.Stats.NoopFiles, "noop files (other dir)")
signature, sErr := ReadSignature(bytes.NewReader(signatureBuffer.Bytes()))
assert.NoError(t, sErr)
assert.NoError(t, AssertValid(v1After, signature))
}()
log("Applying in-place")
testAll := func(setup SetupFunc) {
assert.NoError(t, os.RemoveAll(v1After))
assert.NoError(t, os.RemoveAll(v1Before))
cpDir(t, v1, v1Before)
func() {
actx := &ApplyContext{
TargetPath: v1Before,
OutputPath: v1Before,
InPlace: true,
Consumer: consumer,
}
if setup != nil {
setup(actx)
}
patchReader := bytes.NewReader(patchBuffer.Bytes())
aErr := actx.ApplyPatch(patchReader)
assert.NoError(t, aErr)
assert.Equal(t, scenario.deletedFiles, actx.Stats.DeletedFiles, "deleted files (in-place)")
assert.Equal(t, scenario.deletedSymlinks, actx.Stats.DeletedSymlinks, "deleted symlinks (in-place)")
assert.Equal(t, scenario.deletedDirs+scenario.leftDirs, actx.Stats.DeletedDirs, "deleted dirs (in-place)")
assert.Equal(t, scenario.touchedFiles, actx.Stats.TouchedFiles, "touched files (in-place)")
assert.Equal(t, scenario.movedFiles, actx.Stats.MovedFiles, "moved files (in-place)")
assert.Equal(t, len(sourceContainer.Files)-scenario.touchedFiles-scenario.movedFiles, actx.Stats.NoopFiles, "noop files (in-place)")
signature, sErr := ReadSignature(bytes.NewReader(signatureBuffer.Bytes()))
assert.NoError(t, sErr)
assert.NoError(t, AssertValid(v1Before, signature))
}()
if scenario.intermediate != nil {
log("Applying in-place with %d intermediate files", len(scenario.intermediate.entries))
assert.NoError(t, os.RemoveAll(v1After))
assert.NoError(t, os.RemoveAll(v1Before))
cpDir(t, v1, v1Before)
makeTestDir(t, v1Before, *scenario.intermediate)
func() {
actx := &ApplyContext{
TargetPath: v1Before,
OutputPath: v1Before,
InPlace: true,
Consumer: consumer,
}
if setup != nil {
setup(actx)
}
patchReader := bytes.NewReader(patchBuffer.Bytes())
aErr := actx.ApplyPatch(patchReader)
assert.NoError(t, aErr)
assert.Equal(t, scenario.deletedFiles, actx.Stats.DeletedFiles, "deleted files (in-place w/intermediate)")
assert.Equal(t, scenario.deletedDirs, actx.Stats.DeletedDirs, "deleted dirs (in-place w/intermediate)")
assert.Equal(t, scenario.deletedSymlinks, actx.Stats.DeletedSymlinks, "deleted symlinks (in-place w/intermediate)")
assert.Equal(t, scenario.touchedFiles, actx.Stats.TouchedFiles, "touched files (in-place w/intermediate)")
assert.Equal(t, scenario.noopFiles, actx.Stats.NoopFiles, "noop files (in-place w/intermediate)")
assert.Equal(t, scenario.leftDirs, actx.Stats.LeftDirs, "left dirs (in-place w/intermediate)")
signature, sErr := ReadSignature(bytes.NewReader(signatureBuffer.Bytes()))
assert.NoError(t, sErr)
assert.NoError(t, AssertValid(v1Before, signature))
}()
}
}
testAll(nil)
if scenario.testBrokenRename {
testAll(func(actx *ApplyContext) {
actx.debugBrokenRename = true
})
}
}
func TestNewAccessRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockStorage(ctrl)
client := internal.NewMockClient(ctrl)
handler := internal.NewMockTokenEndpointHandler(ctrl)
hasher := internal.NewMockHasher(ctrl)
defer ctrl.Finish()
fosite := &Fosite{Store: store, Hasher: hasher}
for k, c := range []struct {
header http.Header
form url.Values
mock func()
method string
expectErr error
expect *AccessRequest
handlers TokenEndpointHandlers
}{
{
header: http.Header{},
expectErr: ErrInvalidRequest,
method: "POST",
mock: func() {},
},
{
header: http.Header{},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
mock: func() {},
expectErr: ErrInvalidRequest,
},
{
header: http.Header{},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
"client_id": {"foo"},
},
expectErr: ErrInvalidRequest,
mock: func() {},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrInvalidClient,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New(""))
},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "GET",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrInvalidRequest,
mock: func() {},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrInvalidClient,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(nil, errors.New(""))
},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrInvalidClient,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(errors.New(""))
},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrServerError,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil)
handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(ErrServerError)
},
handlers: TokenEndpointHandlers{"a": handler},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrUnsupportedGrantType,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil)
handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
expectErr: ErrUnsupportedGrantType,
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil)
handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) {
a.SetGrantTypeHandled("bar")
}).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil)
handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) {
a.SetGrantTypeHandled("foo")
a.SetScopes([]string{"asdfasdf"})
}).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
expectErr: ErrInvalidScope,
},
{
header: http.Header{
"Authorization": {basicAuth("foo", "bar")},
},
method: "POST",
form: url.Values{
"grant_type": {"foo"},
},
mock: func() {
store.EXPECT().GetClient(gomock.Eq("foo")).Return(client, nil)
client.EXPECT().GetHashedSecret().Return([]byte("foo"))
hasher.EXPECT().Compare(gomock.Eq([]byte("foo")), gomock.Eq([]byte("bar"))).Return(nil)
handler.EXPECT().ValidateTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, a AccessRequester, _ interface{}) {
a.SetGrantTypeHandled("foo")
a.SetScopes([]string{DefaultRequiredScopeName})
}).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
expect: &AccessRequest{
GrantType: "foo",
HandledGrantType: []string{"foo"},
Client: client,
},
},
} {
r := &http.Request{
Header: c.header,
PostForm: c.form,
Form: c.form,
Method: c.method,
}
c.mock()
ctx := NewContext()
fosite.TokenEndpointHandlers = c.handlers
ar, err := fosite.NewAccessRequest(ctx, r, &struct{}{})
is := errors.Is(c.expectErr, err)
assert.True(t, is, "%d\nwant: %s \ngot: %s", k, c.expectErr, err)
if !is {
t.Logf("Error occured: %s", err.(*errors.Error).ErrorStack())
}
if err == nil {
pkg.AssertObjectKeysEqual(t, c.expect, ar, "GrantType", "Client")
assert.NotNil(t, ar.GetRequestedAt())
}
t.Logf("Passed test case %d", k)
}
}
// ReadSignature reads the hashes from all files of a given container, from a
// wharf signature file.
func ReadSignature(signatureReader io.Reader) (*SignatureInfo, error) {
rawSigWire := wire.NewReadContext(signatureReader)
err := rawSigWire.ExpectMagic(SignatureMagic)
if err != nil {
return nil, errors.Wrap(err, 1)
}
header := &SignatureHeader{}
err = rawSigWire.ReadMessage(header)
if err != nil {
return nil, errors.Wrap(err, 1)
}
sigWire, err := DecompressWire(rawSigWire, header.Compression)
if err != nil {
return nil, errors.Wrap(err, 1)
}
container := &tlc.Container{}
err = sigWire.ReadMessage(container)
if err != nil {
if errors.Is(err, io.EOF) {
// ok
} else {
return nil, errors.Wrap(err, 1)
}
}
var hashes []wsync.BlockHash
hash := &BlockHash{}
for fileIndex, f := range container.Files {
numBlocks := ComputeNumBlocks(f.Size)
if numBlocks == 0 {
hash.Reset()
err = sigWire.ReadMessage(hash)
if err != nil {
if errors.Is(err, io.EOF) {
break
}
return nil, errors.Wrap(err, 1)
}
// empty files have a 0-length shortblock for historical reasons.
blockHash := wsync.BlockHash{
FileIndex: int64(fileIndex),
BlockIndex: 0,
WeakHash: hash.WeakHash,
StrongHash: hash.StrongHash,
ShortSize: 0,
}
hashes = append(hashes, blockHash)
}
for blockIndex := int64(0); blockIndex < numBlocks; blockIndex++ {
hash.Reset()
err = sigWire.ReadMessage(hash)
if err != nil {
if errors.Is(err, io.EOF) {
break
}
return nil, errors.Wrap(err, 1)
}
// full blocks have a shortSize of 0, for more compact storage
shortSize := int32(0)
if (blockIndex+1)*BlockSize > f.Size {
shortSize = int32(f.Size % BlockSize)
}
blockHash := wsync.BlockHash{
FileIndex: int64(fileIndex),
BlockIndex: blockIndex,
WeakHash: hash.WeakHash,
StrongHash: hash.StrongHash,
ShortSize: shortSize,
}
hashes = append(hashes, blockHash)
}
}
signature := &SignatureInfo{
Container: container,
Hashes: hashes,
}
return signature, nil
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
ach := internal.NewMockAccessTokenStrategy(ctrl)
rch := internal.NewMockRefreshTokenStrategy(ctrl)
auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: auch,
AccessTokenStrategy: ach,
RefreshTokenStrategy: rch,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetGrantedScopes()
ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.at", "at", nil)
rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.rt", "rt", nil)
auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
aresp.EXPECT().SetAccessToken("access.at")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("refresh_token", "refresh.rt")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("state", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil)
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
authreq := internal.NewMockAuthorizeRequester(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
AuthorizeCodeStrategy: ach,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678") // grant_type REQUIRED. Value MUST be set to "authorization_code".
},
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", errors.New("foo"))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return("asdf")
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), "asdf").Return(nil, pkg.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New("foo"))
},
expectErr: fosite.ErrServerError,
},
{
// clients mismatch
req: &http.Request{
PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("bar", nil)
store.EXPECT().GetAuthorizeCodeSession("bar", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "bar"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetAuthorizeCodeSession("signature", gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
authreq.EXPECT().GetScopes().Return([]string{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
"redirect_uri": {"request-redir"},
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{
PostForm: url.Values{
"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
},
},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
areq.EXPECT().GetSession().Return(nil)
ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)
authreq.EXPECT().GetScopes().Return([]string{})
authreq.EXPECT().GetRequestForm().Return(url.Values{})
areq.EXPECT().SetScopes(gomock.Any())
authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(time.Hour))
authreq.EXPECT().GetSession().Return("sess")
areq.EXPECT().SetSession("sess")
areq.EXPECT().SetGrantTypeHandled("authorization_code")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("13245678")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, errors.New("foo"))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("authorization_code")
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetClient().Return(&client.SecureClient{})
areq.EXPECT().GetClient().Return(&client.SecureClient{})
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
aresp.EXPECT().SetAccessToken(gomock.Eq("."))
aresp.EXPECT().SetTokenType(gomock.Eq("bearer"))
aresp.EXPECT().SetExtra(gomock.Eq("refresh_token"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("expires_in"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("state"), gomock.Any())
aresp.EXPECT().SetExtra(gomock.Eq("scope"), gomock.Any())
store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func ExtractZip(readerAt io.ReaderAt, size int64, dir string, settings ExtractSettings) (*ExtractResult, error) {
dirCount := 0
regCount := 0
symlinkCount := 0
reader, err := zip.NewReader(readerAt, size)
if err != nil {
return nil, errors.Wrap(err, 1)
}
var totalSize int64
for _, file := range reader.File {
totalSize += int64(file.UncompressedSize64)
}
var doneSize uint64
var lastDoneIndex int = -1
func() {
if settings.ResumeFrom == "" {
return
}
resBytes, resErr := ioutil.ReadFile(settings.ResumeFrom)
if resErr != nil {
if !errors.Is(resErr, os.ErrNotExist) {
settings.Consumer.Warnf("Couldn't read resume file: %s", resErr.Error())
}
return
}
lastDone64, resErr := strconv.ParseInt(string(resBytes), 10, 64)
if resErr != nil {
settings.Consumer.Warnf("Couldn't parse resume file: %s", resErr.Error())
return
}
lastDoneIndex = int(lastDone64)
settings.Consumer.Infof("Resuming from file %d", lastDoneIndex)
}()
warnedAboutWrite := false
writeProgress := func(fileIndex int) {
if settings.ResumeFrom == "" {
return
}
payload := fmt.Sprintf("%d", fileIndex)
wErr := ioutil.WriteFile(settings.ResumeFrom, []byte(payload), 0644)
if wErr != nil {
if !warnedAboutWrite {
warnedAboutWrite = true
settings.Consumer.Warnf("Couldn't save resume file: %s", wErr.Error())
}
return
}
}
defer func() {
if settings.ResumeFrom == "" {
return
}
rErr := os.Remove(settings.ResumeFrom)
if rErr != nil {
settings.Consumer.Warnf("Couldn't remove resume file: %s", rErr.Error())
}
}()
if settings.OnUncompressedSizeKnown != nil {
settings.OnUncompressedSizeKnown(totalSize)
}
windows := runtime.GOOS == "windows"
for fileIndex, file := range reader.File {
if fileIndex <= lastDoneIndex {
settings.Consumer.Debugf("Skipping file %d")
doneSize += file.UncompressedSize64
settings.Consumer.Progress(float64(doneSize) / float64(totalSize))
continue
}
err = func() error {
rel := file.Name
filename := path.Join(dir, filepath.FromSlash(rel))
info := file.FileInfo()
mode := info.Mode()
if info.IsDir() {
err = Mkdir(filename)
if err != nil {
return errors.Wrap(err, 1)
}
dirCount++
} else if mode&os.ModeSymlink > 0 && !windows {
fileReader, fErr := file.Open()
if fErr != nil {
return errors.Wrap(fErr, 1)
}
defer fileReader.Close()
linkname, lErr := ioutil.ReadAll(fileReader)
lErr = Symlink(string(linkname), filename, settings.Consumer)
if lErr != nil {
return errors.Wrap(lErr, 1)
}
symlinkCount++
} else {
regCount++
fileReader, fErr := file.Open()
if fErr != nil {
return errors.Wrap(fErr, 1)
}
defer fileReader.Close()
settings.Consumer.Debugf("extract %s", filename)
countingReader := counter.NewReaderCallback(func(offset int64) {
currentSize := int64(doneSize) + offset
settings.Consumer.Progress(float64(currentSize) / float64(totalSize))
}, fileReader)
err = CopyFile(filename, os.FileMode(mode&LuckyMode|ModeMask), countingReader)
if err != nil {
return errors.Wrap(err, 1)
}
}
return nil
}()
if err != nil {
return nil, errors.Wrap(err, 1)
}
doneSize += file.UncompressedSize64
settings.Consumer.Progress(float64(doneSize) / float64(totalSize))
writeProgress(fileIndex)
}
return &ExtractResult{
Dirs: dirCount,
Files: regCount,
Symlinks: symlinkCount,
}, nil
}
// Does not preserve users, nor permission, except the executable bit
func ExtractTar(archive string, dir string, settings ExtractSettings) (*ExtractResult, error) {
settings.Consumer.Infof("Extracting %s to %s", archive, dir)
dirCount := 0
regCount := 0
symlinkCount := 0
file, err := eos.Open(archive)
if err != nil {
return nil, errors.Wrap(err, 1)
}
defer file.Close()
err = Mkdir(dir)
if err != nil {
return nil, errors.Wrap(err, 1)
}
tarReader := tar.NewReader(file)
for {
header, err := tarReader.Next()
if err != nil {
if errors.Is(err, io.EOF) {
break
}
return nil, errors.Wrap(err, 1)
}
rel := header.Name
filename := path.Join(dir, filepath.FromSlash(rel))
switch header.Typeflag {
case tar.TypeDir:
err = Mkdir(filename)
if err != nil {
return nil, errors.Wrap(err, 1)
}
dirCount++
case tar.TypeReg:
settings.Consumer.Debugf("extract %s", filename)
err = CopyFile(filename, os.FileMode(header.Mode&LuckyMode|ModeMask), tarReader)
if err != nil {
return nil, errors.Wrap(err, 1)
}
regCount++
case tar.TypeSymlink:
err = Symlink(header.Linkname, filename, settings.Consumer)
if err != nil {
return nil, errors.Wrap(err, 1)
}
symlinkCount++
default:
return nil, fmt.Errorf("Unable to untar entry of type %d", header.Typeflag)
}
}
return &ExtractResult{
Dirs: dirCount,
Files: regCount,
Symlinks: symlinkCount,
}, nil
}
func ErrorToRFC6749Error(err error) *RFC6749Error {
ge, ok := err.(*errors.Error)
if !ok {
return &RFC6749Error{
Name: errInvalidError,
Description: "The error is unrecognizable.",
Hint: err.Error(),
}
}
if errors.Is(ge, ErrInvalidRequest) {
return &RFC6749Error{
Name: errInvalidRequestName,
Description: ge.Error(),
Hint: "Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.",
}
} else if errors.Is(ge, ErrUnauthorizedClient) {
return &RFC6749Error{
Name: errUnauthorizedClientName,
Description: ge.Error(),
Hint: "Make sure that client id and secret are correctly specified and that the client exists.",
}
} else if errors.Is(ge, ErrAccessDenied) {
return &RFC6749Error{
Name: errAccessDeniedName,
Description: ge.Error(),
Hint: "Make sure that the request you are making is valid. Maybe the credential or request parameters you are using are limited in scope or otherwise restricted.",
}
} else if errors.Is(ge, ErrUnsupportedResponseType) {
return &RFC6749Error{
Name: errUnsupportedResponseTypeName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrInvalidScope) {
return &RFC6749Error{
Name: errInvalidScopeName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrServerError) {
return &RFC6749Error{
Name: errServerErrorName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrTemporarilyUnavailable) {
return &RFC6749Error{
Name: errTemporarilyUnavailableName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrUnsupportedGrantType) {
return &RFC6749Error{
Name: errUnsupportedGrantTypeName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrInvalidGrant) {
return &RFC6749Error{
Name: errInvalidGrantName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrInvalidClient) {
return &RFC6749Error{
Name: errInvalidClientName,
Description: ge.Error(),
}
} else if errors.Is(ge, ErrInvalidState) {
return &RFC6749Error{
Name: errInvalidState,
Description: ge.Error(),
}
}
return &RFC6749Error{
Name: errInvalidError,
Description: "The error is unrecognizable.",
Hint: ge.Error(),
}
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockRefreshTokenGrantStorage(ctrl)
chgen := internal.NewMockRefreshTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := RefreshTokenGrantHandler{
Store: store,
RefreshTokenStrategy: chgen,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
chgen.EXPECT().ValidateRefreshToken("", gomock.Any(), gomock.Any(), gomock.Any()).Return("", errors.New(""))
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
chgen.EXPECT().ValidateRefreshToken("", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetRefreshTokenSession("signature", gomock.Any()).Return(nil, pkg.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
chgen.EXPECT().ValidateRefreshToken("", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
chgen.EXPECT().ValidateRefreshToken("", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(&fosite.Request{Client: &client.SecureClient{ID: ""}}, nil)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
chgen.EXPECT().ValidateRefreshToken("", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(&fosite.Request{Client: &client.SecureClient{ID: "foo"}}, nil)
areq.EXPECT().SetGrantTypeHandled("refresh_token")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func file(path string) {
reader, err := eos.Open(path)
must(err)
defer reader.Close()
stats, err := reader.Stat()
if os.IsNotExist(err) {
comm.Dief("%s: no such file or directory", path)
}
must(err)
if stats.IsDir() {
comm.Logf("%s: directory", path)
return
}
if stats.Size() == 0 {
comm.Logf("%s: empty file. peaceful.", path)
return
}
prettySize := humanize.IBytes(uint64(stats.Size()))
var magic int32
must(binary.Read(reader, wire.Endianness, &magic))
switch magic {
case pwr.PatchMagic:
{
ph := &pwr.PatchHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(ph))
rctx, err = pwr.DecompressWire(rctx, ph.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container)) // target container
container.Reset()
must(rctx.ReadMessage(container)) // source container
comm.Logf("%s: %s wharf patch file (%s) with %s", path, prettySize, ph.GetCompression().ToString(), container.Stats())
comm.Result(ContainerResult{
Type: "wharf/patch",
NumFiles: len(container.Files),
NumDirs: len(container.Dirs),
NumSymlinks: len(container.Symlinks),
UncompressedSize: container.Size,
})
}
case pwr.SignatureMagic:
{
sh := &pwr.SignatureHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(sh))
rctx, err = pwr.DecompressWire(rctx, sh.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container))
comm.Logf("%s: %s wharf signature file (%s) with %s", path, prettySize, sh.GetCompression().ToString(), container.Stats())
comm.Result(ContainerResult{
Type: "wharf/signature",
NumFiles: len(container.Files),
NumDirs: len(container.Dirs),
NumSymlinks: len(container.Symlinks),
UncompressedSize: container.Size,
})
}
case pwr.ManifestMagic:
{
mh := &pwr.ManifestHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(mh))
rctx, err = pwr.DecompressWire(rctx, mh.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container))
comm.Logf("%s: %s wharf manifest file (%s) with %s", path, prettySize, mh.GetCompression().ToString(), container.Stats())
comm.Result(ContainerResult{
Type: "wharf/manifest",
NumFiles: len(container.Files),
NumDirs: len(container.Dirs),
NumSymlinks: len(container.Symlinks),
UncompressedSize: container.Size,
})
}
case pwr.WoundsMagic:
{
wh := &pwr.WoundsHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(wh))
container := &tlc.Container{}
must(rctx.ReadMessage(container))
files := make(map[int64]bool)
totalWounds := int64(0)
for {
wound := &pwr.Wound{}
err = rctx.ReadMessage(wound)
if err != nil {
if errors.Is(err, io.EOF) {
break
} else {
must(err)
}
}
if wound.Kind == pwr.WoundKind_FILE {
totalWounds += (wound.End - wound.Start)
files[wound.Index] = true
}
}
comm.Logf("%s: %s wharf wounds file with %s, %s wounds in %d files", path, prettySize, container.Stats(),
humanize.IBytes(uint64(totalWounds)), len(files))
comm.Result(ContainerResult{
Type: "wharf/wounds",
})
}
default:
_, err := reader.Seek(0, os.SEEK_SET)
must(err)
wasZip := func() bool {
zr, err := zip.NewReader(reader, stats.Size())
if err != nil {
if err != zip.ErrFormat {
must(err)
}
return false
}
container, err := tlc.WalkZip(zr, func(fi os.FileInfo) bool { return true })
must(err)
comm.Logf("%s: %s zip file with %s", path, prettySize, container.Stats())
comm.Result(ContainerResult{
Type: "zip",
NumFiles: len(container.Files),
NumDirs: len(container.Dirs),
NumSymlinks: len(container.Symlinks),
UncompressedSize: container.Size,
})
return true
}()
if !wasZip {
comm.Logf("%s: not sure - try the file(1) command if your system has it!", path)
}
}
}
func TestHandleTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockRefreshTokenGrantStorage(ctrl)
rcts := internal.NewMockRefreshTokenStrategy(ctrl)
acts := internal.NewMockAccessTokenStrategy(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
aresp := internal.NewMockAccessResponder(ctrl)
//mockcl := internal.NewMockClient(ctrl)
defer ctrl.Finish()
areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{})
h := RefreshTokenGrantHandler{
Store: store,
RefreshTokenStrategy: rcts,
AccessTokenStrategy: acts,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "refresh", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "refresh", nil)
rcts.EXPECT().ValidateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(nil)
store.EXPECT().DeleteRefreshTokenSession(gomock.Any()).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{}},
mock: func() {
areq.EXPECT().GetGrantType().Return("refresh_token")
acts.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.token", "access", nil)
rcts.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.token", "refresh", nil)
rcts.EXPECT().ValidateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
store.EXPECT().CreateAccessTokenSession("access", gomock.Any()).Return(nil)
store.EXPECT().CreateRefreshTokenSession("refresh", gomock.Any()).Return(nil)
store.EXPECT().DeleteRefreshTokenSession(gomock.Any()).Return(nil)
aresp.EXPECT().SetAccessToken("access.token")
aresp.EXPECT().SetTokenType("bearer")
aresp.EXPECT().SetExtra("expires_in", gomock.Any())
aresp.EXPECT().SetExtra("scope", gomock.Any())
aresp.EXPECT().SetExtra("refresh_token", "refresh.token")
areq.EXPECT().GetGrantedScopes()
},
},
} {
c.mock()
err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
chgen := internal.NewMockEnigma(ctrl)
areq := internal.NewMockAuthorizeRequester(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
h := AuthorizeExplicitGrantTypeHandler{
Store: store,
Enigma: chgen,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
},
},
{
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(nil, fosite.ErrServerError)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
mock: func() {
areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{Key: "foo", Signature: "bar"}, nil)
store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
aresp.EXPECT().AddQuery(gomock.Eq("code"), gomock.Eq("foo.bar"))
aresp.EXPECT().AddQuery(gomock.Eq("scope"), gomock.Any())
aresp.EXPECT().AddQuery(gomock.Eq("state"), gomock.Any())
areq.EXPECT().SetResponseTypeHandled(gomock.Eq("code"))
areq.EXPECT().GetGrantedScopes()
areq.EXPECT().GetState()
},
},
} {
c.mock()
err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
func doDiff(target string, source string, patch string, compression pwr.CompressionSettings) error {
var err error
startTime := time.Now()
targetSignature := &pwr.SignatureInfo{}
targetSignature.Container, err = tlc.WalkAny(target, filterPaths)
if err != nil {
// Signature file perhaps?
var signatureReader io.ReadCloser
signatureReader, err = eos.Open(target)
if err != nil {
return errors.Wrap(err, 1)
}
targetSignature, err = pwr.ReadSignature(signatureReader)
if err != nil {
if errors.Is(err, wire.ErrFormat) {
return fmt.Errorf("unrecognized target %s (not a container, not a signature file)", target)
}
return errors.Wrap(err, 1)
}
comm.Opf("Read signature from %s", target)
err = signatureReader.Close()
if err != nil {
return errors.Wrap(err, 1)
}
} else {
// Container (dir, archive, etc.)
comm.Opf("Hashing %s", target)
comm.StartProgress()
var targetPool wsync.Pool
targetPool, err = pools.New(targetSignature.Container, target)
if err != nil {
return errors.Wrap(err, 1)
}
targetSignature.Hashes, err = pwr.ComputeSignature(targetSignature.Container, targetPool, comm.NewStateConsumer())
comm.EndProgress()
if err != nil {
return errors.Wrap(err, 1)
}
{
prettySize := humanize.IBytes(uint64(targetSignature.Container.Size))
perSecond := humanize.IBytes(uint64(float64(targetSignature.Container.Size) / time.Since(startTime).Seconds()))
comm.Statf("%s (%s) @ %s/s\n", prettySize, targetSignature.Container.Stats(), perSecond)
}
}
startTime = time.Now()
var sourceContainer *tlc.Container
sourceContainer, err = tlc.WalkAny(source, filterPaths)
if err != nil {
return errors.Wrap(err, 1)
}
var sourcePool wsync.Pool
sourcePool, err = pools.New(sourceContainer, source)
if err != nil {
return errors.Wrap(err, 1)
}
patchWriter, err := os.Create(patch)
if err != nil {
return errors.Wrap(err, 1)
}
defer patchWriter.Close()
signaturePath := patch + ".sig"
signatureWriter, err := os.Create(signaturePath)
if err != nil {
return errors.Wrap(err, 1)
}
defer signatureWriter.Close()
patchCounter := counter.NewWriter(patchWriter)
signatureCounter := counter.NewWriter(signatureWriter)
dctx := &pwr.DiffContext{
SourceContainer: sourceContainer,
Pool: sourcePool,
TargetContainer: targetSignature.Container,
TargetSignature: targetSignature.Hashes,
Consumer: comm.NewStateConsumer(),
Compression: &compression,
}
comm.Opf("Diffing %s", source)
comm.StartProgress()
err = dctx.WritePatch(patchCounter, signatureCounter)
if err != nil {
return errors.Wrap(err, 1)
}
comm.EndProgress()
totalDuration := time.Since(startTime)
{
prettySize := humanize.IBytes(uint64(sourceContainer.Size))
perSecond := humanize.IBytes(uint64(float64(sourceContainer.Size) / totalDuration.Seconds()))
comm.Statf("%s (%s) @ %s/s\n", prettySize, sourceContainer.Stats(), perSecond)
}
if *diffArgs.verify {
tmpDir, err := ioutil.TempDir("", "pwr")
if err != nil {
return errors.Wrap(err, 1)
}
defer os.RemoveAll(tmpDir)
apply(patch, target, tmpDir, false, signaturePath, "")
}
{
prettyPatchSize := humanize.IBytes(uint64(patchCounter.Count()))
percReused := 100.0 * float64(dctx.ReusedBytes) / float64(dctx.FreshBytes+dctx.ReusedBytes)
relToNew := 100.0 * float64(patchCounter.Count()) / float64(sourceContainer.Size)
prettyFreshSize := humanize.IBytes(uint64(dctx.FreshBytes))
comm.Statf("Re-used %.2f%% of old, added %s fresh data", percReused, prettyFreshSize)
comm.Statf("%s patch (%.2f%% of the full size) in %s", prettyPatchSize, relToNew, totalDuration)
}
return nil
}
func Is(e error, original error) bool {
return errors.Is(e, original)
}
func TestValidateTokenEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
areq := internal.NewMockAccessRequester(ctrl)
defer ctrl.Finish()
h := ResourceOwnerPasswordCredentialsGrantHandler{
Store: store,
AccessTokenLifespan: time.Hour,
}
for k, c := range []struct {
mock func()
req *http.Request
expectErr error
}{
{
mock: func() {
areq.EXPECT().GetGrantType().Return("")
},
},
{
req: &http.Request{PostForm: url.Values{"username": {"peter"}}},
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{"password": {"pan"}}},
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(pkg.ErrNotFound)
},
expectErr: fosite.ErrInvalidRequest,
},
{
req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
mock: func() {
areq.EXPECT().GetGrantType().Return("password")
store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(nil)
areq.EXPECT().GetRequestForm().Return(url.Values{})
areq.EXPECT().SetGrantTypeHandled("password")
},
},
} {
c.mock()
err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
t.Logf("Passed test case %d", k)
}
}
// ComputeDiff creates the operation list to mutate the target signature into the source.
// Any data operation from the OperationWriter must have the data copied out
// within the span of the function; the data buffer underlying the operation
// data is reused.
func (ctx *Context) ComputeDiff(source io.Reader, library *BlockLibrary, ops OperationWriter, preferredFileIndex int64) (err error) {
minBufferSize := (ctx.blockSize * 2) + MaxDataOp
if len(ctx.buffer) < minBufferSize {
ctx.buffer = make([]byte, minBufferSize)
}
buffer := ctx.buffer
type section struct {
tail int
head int
}
var data, sum section
var n, validTo int
var αPop, αPush, β, β1, β2 uint32
var rolling, lastRun bool
var shortSize int32
// Store the previous non-data operation for combining.
var prevOp *Operation
// Send the last operation if there is one waiting.
defer func() {
if prevOp == nil {
return
}
err = ops(*prevOp)
prevOp = nil
}()
// Combine OpBlockRanges together. To achieve this, we store the previous
// non-data operation and determine if it can be extended.
enqueue := func(op Operation) error {
switch op.Type {
case OpBlockRange:
if prevOp != nil {
if prevOp.Type == OpBlockRange && prevOp.FileIndex == op.FileIndex && prevOp.BlockIndex+prevOp.BlockSpan == op.BlockIndex {
// combine [prevOp][op] into [ prevOp ]
prevOp.BlockSpan += op.BlockSpan
return nil
}
opErr := ops(*prevOp)
if opErr != nil {
return errors.Wrap(opErr, 1)
}
// prevOp has been completely sent off, can no longer be combined with anything
prevOp = nil
}
prevOp = &op
case OpData:
// Never save a data operation, as it would corrupt the buffer.
if prevOp != nil {
opErr := ops(*prevOp)
if opErr != nil {
return errors.Wrap(opErr, 1)
}
}
opErr := ops(op)
if opErr != nil {
return errors.Wrap(opErr, 1)
}
prevOp = nil
}
return nil
}
for !lastRun {
// Determine if the buffer should be extended.
if sum.tail+ctx.blockSize > validTo {
// Determine if the buffer should be wrapped.
if validTo+ctx.blockSize > len(buffer) {
// Before wrapping the buffer, send any trailing data off.
if data.tail < data.head {
err = enqueue(Operation{Type: OpData, Data: buffer[data.tail:data.head]})
if err != nil {
return errors.Wrap(err, 1)
}
}
// Wrap the buffer.
l := validTo - sum.tail
copy(buffer[:l], buffer[sum.tail:validTo])
// Reset indexes.
validTo = l
sum.tail = 0
data.head = 0
data.tail = 0
}
n, err = io.ReadAtLeast(source, buffer[validTo:validTo+ctx.blockSize], ctx.blockSize)
validTo += n
if err != nil {
if !errors.Is(err, io.EOF) && !errors.Is(err, io.ErrUnexpectedEOF) {
return errors.Wrap(err, 1)
}
lastRun = true
shortSize = int32(n)
}
}
// Set the hash sum window head. Must either be a block size
// or be at the end of the buffer.
sum.head = min(sum.tail+ctx.blockSize, validTo)
// Compute the rolling hash.
if !rolling {
β, β1, β2 = βhash(buffer[sum.tail:sum.head])
rolling = true
} else {
αPush = uint32(buffer[sum.head-1])
β1 = (β1 - αPop + αPush) % _M
β2 = (β2 - uint32(sum.head-sum.tail)*αPop + β1) % _M
β = β1 + _M*β2
}
var blockHash *BlockHash
// Determine if there is a hash match.
if hh, ok := library.hashLookup[β]; ok {
blockHash = findUniqueHash(hh, ctx.uniqueHash(buffer[sum.tail:sum.head]), shortSize, preferredFileIndex)
}
// Send data off if there is data available and a hash is found (so the buffer before it
// must be flushed first), or the data chunk size has reached it's maximum size (for buffer
// allocation purposes) or to flush the end of the data.
if data.tail < data.head && (blockHash != nil || data.head-data.tail >= MaxDataOp) {
err = enqueue(Operation{Type: OpData, Data: buffer[data.tail:data.head]})
if err != nil {
return errors.Wrap(err, 1)
}
data.tail = data.head
}
if blockHash != nil {
err = enqueue(Operation{Type: OpBlockRange, FileIndex: blockHash.FileIndex, BlockIndex: blockHash.BlockIndex, BlockSpan: 1})
if err != nil {
return errors.Wrap(err, 1)
}
rolling = false
sum.tail += ctx.blockSize
// There is prior knowledge that any available data
// buffered will have already been sent. Thus we can
// assume data.head and data.tail are the same.
// May trigger "data wrap".
data.head = sum.tail
data.tail = sum.tail
} else {
if lastRun {
err = enqueue(Operation{Type: OpData, Data: buffer[data.tail:validTo]})
if err != nil {
return errors.Wrap(err, 1)
}
} else {
// The following is for the next loop iteration, so don't try to calculate if last.
if rolling {
αPop = uint32(buffer[sum.tail])
}
sum.tail++
// May trigger "data wrap".
data.head = sum.tail
}
}
}
return nil
}
func TestNewAccessResponse(t *testing.T) {
ctrl := gomock.NewController(t)
handler := internal.NewMockTokenEndpointHandler(ctrl)
defer ctrl.Finish()
f := &Fosite{}
for k, c := range []struct {
handlers TokenEndpointHandlers
mock func()
expectErr error
expect AccessResponder
}{
{
mock: func() {},
handlers: TokenEndpointHandlers{},
expectErr: ErrUnsupportedGrantType,
},
{
mock: func() {
handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(ErrServerError)
},
handlers: TokenEndpointHandlers{"a": handler},
expectErr: ErrServerError,
},
{
mock: func() {
handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
expectErr: ErrUnsupportedGrantType,
},
{
mock: func() {
handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, _ AccessRequester, resp AccessResponder) {
resp.SetAccessToken("foo")
}).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
expectErr: ErrUnsupportedGrantType,
},
{
mock: func() {
handler.EXPECT().HandleTokenEndpointRequest(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Do(func(_ context.Context, _ *http.Request, _ AccessRequester, resp AccessResponder) {
resp.SetAccessToken("foo")
resp.SetTokenType("bar")
}).Return(nil)
},
handlers: TokenEndpointHandlers{"a": handler},
expect: &AccessResponse{
Extra: map[string]interface{}{},
AccessToken: "foo",
TokenType: "bar",
},
},
} {
f.TokenEndpointHandlers = c.handlers
c.mock()
ar, err := f.NewAccessResponse(nil, nil, nil)
assert.True(t, errors.Is(c.expectErr, err), "%d", k)
assert.Equal(t, ar, c.expect)
t.Logf("Passed test case %d", k)
}
}
func ls(path string) {
reader, err := eos.Open(path)
must(err)
defer reader.Close()
stats, err := reader.Stat()
if os.IsNotExist(err) {
comm.Dief("%s: no such file or directory", path)
}
must(err)
if stats.IsDir() {
comm.Logf("%s: directory", path)
return
}
if stats.Size() == 0 {
comm.Logf("%s: empty file. peaceful.", path)
return
}
log := func(line string) {
comm.Logf(line)
}
var magic int32
must(binary.Read(reader, wire.Endianness, &magic))
switch magic {
case pwr.PatchMagic:
{
h := &pwr.PatchHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(h))
rctx, err = pwr.DecompressWire(rctx, h.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container))
log("pre-patch container:")
container.Print(log)
container.Reset()
must(rctx.ReadMessage(container))
log("================================")
log("post-patch container:")
container.Print(log)
}
case pwr.SignatureMagic:
{
h := &pwr.SignatureHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(h))
rctx, err = pwr.DecompressWire(rctx, h.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container))
container.Print(log)
}
case pwr.ManifestMagic:
{
h := &pwr.ManifestHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(h))
rctx, err = pwr.DecompressWire(rctx, h.GetCompression())
must(err)
container := &tlc.Container{}
must(rctx.ReadMessage(container))
container.Print(log)
}
case pwr.WoundsMagic:
{
wh := &pwr.WoundsHeader{}
rctx := wire.NewReadContext(reader)
must(rctx.ReadMessage(wh))
container := &tlc.Container{}
must(rctx.ReadMessage(container))
container.Print(log)
for {
wound := &pwr.Wound{}
err = rctx.ReadMessage(wound)
if err != nil {
if errors.Is(err, io.EOF) {
break
} else {
must(err)
}
}
comm.Logf(wound.PrettyString(container))
}
}
default:
_, err := reader.Seek(0, os.SEEK_SET)
must(err)
wasZip := func() bool {
zr, err := zip.NewReader(reader, stats.Size())
if err != nil {
if err != zip.ErrFormat {
must(err)
}
return false
}
container, err := tlc.WalkZip(zr, func(fi os.FileInfo) bool { return true })
must(err)
container.Print(log)
return true
}()
if !wasZip {
comm.Logf("%s: not sure - try the file(1) command if your system has it!", path)
}
}
}