示例#1
0
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	chgen := internal.NewMockAuthorizeCodeStrategy(ctrl)
	areq := internal.NewMockAuthorizeRequester(ctrl)
	aresp := internal.NewMockAuthorizeResponder(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store: store,
		AuthorizeCodeStrategy: chgen,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				chgen.EXPECT().GenerateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", fosite.ErrServerError)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				chgen.EXPECT().GenerateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				chgen.EXPECT().GenerateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any()).Return("foo.bar", "bar", nil)
				store.EXPECT().CreateAuthorizeCodeSession("bar", gomock.Any()).Return(nil)

				aresp.EXPECT().AddQuery("code", "foo.bar")
				aresp.EXPECT().AddQuery("scope", gomock.Any())
				aresp.EXPECT().AddQuery("state", gomock.Any())
				areq.EXPECT().SetResponseTypeHandled("code")
				areq.EXPECT().GetGrantedScopes()
				areq.EXPECT().GetState()
			},
		},
	} {
		c.mock()
		err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
示例#2
0
func TestHandleTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	ach := internal.NewMockAccessTokenStrategy(ctrl)
	rch := internal.NewMockRefreshTokenStrategy(ctrl)
	auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	aresp := internal.NewMockAccessResponder(ctrl)
	//mockcl := internal.NewMockClient(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store: store,
		AuthorizeCodeStrategy: auch,
		AccessTokenStrategy:   ach,
		RefreshTokenStrategy:  rch,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("13245678")
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", fosite.ErrServerError)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)

				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")

				ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)

				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")

				ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("", "", nil)
				auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetGrantedScopes()

				ach.EXPECT().GenerateAccessToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("access.at", "at", nil)
				rch.EXPECT().GenerateRefreshToken(gomock.Any(), gomock.Any(), gomock.Any()).Return("refresh.rt", "rt", nil)
				auch.EXPECT().ValidateAuthorizeCode(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
				aresp.EXPECT().SetAccessToken("access.at")
				aresp.EXPECT().SetTokenType("bearer")
				aresp.EXPECT().SetExtra("refresh_token", "refresh.rt")
				aresp.EXPECT().SetExtra("expires_in", gomock.Any())
				aresp.EXPECT().SetExtra("state", gomock.Any())
				aresp.EXPECT().SetExtra("scope", gomock.Any())

				store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil)
			},
		},
	} {
		c.mock()
		err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
示例#3
0
func TestValidateTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
	authreq := internal.NewMockAuthorizeRequester(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store: store,
		AuthorizeCodeStrategy: ach,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("13245678") // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", errors.New("foo"))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetSession().Return("asdf")
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), "asdf").Return(nil, pkg.ErrNotFound)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New("foo"))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			// clients mismatch
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("bar", nil)
				store.EXPECT().GetAuthorizeCodeSession("bar", gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "bar"})
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("signature", nil)
				store.EXPECT().GetAuthorizeCodeSession("signature", gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code":         {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
					"redirect_uri": {"request-redir"},
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code":         {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
					"redirect_uri": {"request-redir"},
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				authreq.EXPECT().GetRequestForm().Return(url.Values{"redirect_uri": {"request-redir"}})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetSession().Return(nil)
				ach.EXPECT().ValidateAuthorizeCode("foo.bar", gomock.Any(), gomock.Any(), gomock.Any()).Return("", nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				authreq.EXPECT().GetRequestForm().Return(url.Values{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(time.Hour))
				authreq.EXPECT().GetSession().Return("sess")
				areq.EXPECT().SetSession("sess")
				areq.EXPECT().SetGrantTypeHandled("authorization_code")
			},
		},
	} {
		c.mock()
		err := h.ValidateTokenEndpointRequest(nil, c.req, areq)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
func TestAuthorizeCode_PopulateTokenEndpointResponse(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	ach := internal.NewMockAccessTokenStrategy(ctrl)
	rch := internal.NewMockRefreshTokenStrategy(ctrl)
	auch := internal.NewMockAuthorizeCodeStrategy(ctrl)
	aresp := internal.NewMockAccessResponder(ctrl)
	//mockcl := internal.NewMockClient(ctrl)
	defer ctrl.Finish()

	areq := fosite.NewAccessRequest(new(fosite.DefaultSession))
	httpreq := &http.Request{PostForm: url.Values{}}
	authreq := fosite.NewAuthorizeRequest()
	areq.Session = new(fosite.DefaultSession)

	h := AuthorizeExplicitGrantHandler{
		AuthorizeCodeGrantStorage: store,
		AuthorizeCodeStrategy:     auch,
		AccessTokenStrategy:       ach,
		RefreshTokenStrategy:      rch,
		ScopeStrategy:             fosite.HierarchicScopeStrategy,
	}
	for k, c := range []struct {
		description string
		setup       func()
		expectErr   error
	}{
		{
			description: "should fail because not responsible",
			expectErr:   fosite.ErrUnknownRequest,
			setup: func() {
				areq.GrantTypes = fosite.Arguments{"123"}
			},
		},
		{
			description: "should fail because authcode not found",
			setup: func() {
				areq.GrantTypes = fosite.Arguments{"authorization_code"}
				areq.Client = &fosite.DefaultClient{
					GrantTypes: fosite.Arguments{"authorization_code"},
				}
				httpreq.PostForm.Add("code", "authcode")
				auch.EXPECT().AuthorizeCodeSignature("authcode").AnyTimes().Return("authsig")
				store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).Return(nil, fosite.ErrNotFound)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should fail because validation failed",
			setup: func() {
				store.EXPECT().GetAuthorizeCodeSession(nil, "authsig", gomock.Any()).AnyTimes().Return(authreq, nil)
				auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").Return(errors.New(""))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should fail because access token generation failed",
			setup: func() {
				authreq.GrantedScopes = []string{"offline"}
				auch.EXPECT().ValidateAuthorizeCode(nil, areq, "authcode").AnyTimes().Return(nil)
				ach.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New("error"))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should fail because refresh token generation failed",
			setup: func() {
				ach.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
				rch.EXPECT().GenerateRefreshToken(nil, areq).Return("", "", errors.New("error"))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should fail because persisting failed",
			setup: func() {
				rch.EXPECT().GenerateRefreshToken(nil, areq).AnyTimes().Return("refresh.rts", "rts", nil)
				store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should pass",
			setup: func() {
				areq.GrantedScopes = fosite.Arguments{"foo", "offline"}
				store.EXPECT().PersistAuthorizeCodeGrantSession(nil, "authsig", "ats", "rts", areq).Return(nil)

				aresp.EXPECT().SetAccessToken("access.ats")
				aresp.EXPECT().SetTokenType("bearer")
				aresp.EXPECT().SetExtra("refresh_token", "refresh.rts")
				aresp.EXPECT().SetExpiresIn(gomock.Any())
				aresp.EXPECT().SetScopes(areq.GrantedScopes)
			},
		},
	} {
		c.setup()
		err := h.PopulateTokenEndpointResponse(nil, httpreq, areq, aresp)
		assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
func TestAuthorizeCode_HandleTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	ach := internal.NewMockAuthorizeCodeStrategy(ctrl)
	defer ctrl.Finish()

	authreq := fosite.NewAuthorizeRequest()
	areq := fosite.NewAccessRequest(nil)
	httpreq := &http.Request{PostForm: url.Values{}}
	areq.Session = new(fosite.DefaultSession)
	authreq.Session = new(fosite.DefaultSession)

	h := AuthorizeExplicitGrantHandler{
		AuthorizeCodeGrantStorage: store,
		AuthorizeCodeStrategy:     ach,
		ScopeStrategy:             fosite.HierarchicScopeStrategy,
	}
	for k, c := range []struct {
		description string
		setup       func()
		expectErr   error
	}{
		{
			description: "should fail because not responsible",
			expectErr:   fosite.ErrUnknownRequest,
			setup: func() {
				areq.GrantTypes = fosite.Arguments{"12345678"} // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
		},
		{
			description: "should fail because authcode could not be retrieved (1)",
			setup: func() {
				areq.GrantTypes = fosite.Arguments{"authorization_code"} // grant_type REQUIRED. Value MUST be set to "authorization_code".
				httpreq.PostForm = url.Values{"code": {"foo.bar"}}
				ach.EXPECT().AuthorizeCodeSignature("foo.bar").AnyTimes().Return("bar")
				store.EXPECT().GetAuthorizeCodeSession(nil, "bar", gomock.Any()).Return(nil, fosite.ErrNotFound)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should fail because authcode validation failed",
			setup: func() {
				store.EXPECT().GetAuthorizeCodeSession(nil, "bar", gomock.Any()).AnyTimes().Return(authreq, nil)
				ach.EXPECT().ValidateAuthorizeCode(nil, areq, "foo.bar").Return(errors.New(""))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should fail because client mismatch",
			setup: func() {
				ach.EXPECT().ValidateAuthorizeCode(nil, areq, "foo.bar").AnyTimes().Return(nil)

				areq.Client = &fosite.DefaultClient{ID: "foo"}
				authreq.Scopes = fosite.Arguments{"a", "b"}
				authreq.Client = &fosite.DefaultClient{ID: "bar"}
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should fail because redirect uri not provided",
			setup: func() {
				authreq.Form.Add("redirect_uri", "request-redir")
				authreq.Client = &fosite.DefaultClient{ID: "foo"}
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should pass (2)",
			setup: func() {
				httpreq.PostForm = url.Values{"code": []string{"foo.bar"}}
				authreq.Form.Del("redirect_uri")
				authreq.RequestedAt = time.Now().Add(time.Hour)
			},
		},
	} {
		c.setup()
		err := h.HandleTokenEndpointRequest(nil, httpreq, areq)
		assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
func TestAuthorizeCode_HandleAuthorizeEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	chgen := internal.NewMockAuthorizeCodeStrategy(ctrl)
	aresp := internal.NewMockAuthorizeResponder(ctrl)
	defer ctrl.Finish()

	areq := fosite.NewAuthorizeRequest()
	httpreq := &http.Request{Form: url.Values{}}

	areq.Session = new(fosite.DefaultSession)
	h := AuthorizeExplicitGrantHandler{
		AuthorizeCodeGrantStorage: store,
		AuthorizeCodeStrategy:     chgen,
		ScopeStrategy:             fosite.HierarchicScopeStrategy,
	}
	for k, c := range []struct {
		description string
		setup       func()
		expectErr   error
	}{
		{
			description: "should pass because not responsible for handling an empty response type",
			setup: func() {
				areq.ResponseTypes = fosite.Arguments{""}
			},
		},
		{
			description: "should pass because not responsible for handling an invalid response type",
			setup: func() {
				areq.ResponseTypes = fosite.Arguments{"foo"}
			},
		},
		{
			description: "should fail because redirect uri is not https",
			setup: func() {
				areq.ResponseTypes = fosite.Arguments{"code"}
				areq.Client = &fosite.DefaultClient{ResponseTypes: fosite.Arguments{"code"}}
				areq.RedirectURI, _ = url.Parse("http://asdf.de/cb")
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			description: "should fail because authorize code generation failed",
			setup: func() {
				areq.RedirectURI, _ = url.Parse("https://foobar.com/cb")
				chgen.EXPECT().GenerateAuthorizeCode(nil, areq).Return("", "", errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should fail because could not presist authorize code session",
			setup: func() {
				chgen.EXPECT().GenerateAuthorizeCode(nil, areq).AnyTimes().Return("someauthcode.authsig", "authsig", nil)
				store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			description: "should pass",
			setup: func() {
				areq.GrantedScopes = fosite.Arguments{"a", "b"}
				areq.State = "superstate"
				store.EXPECT().CreateAuthorizeCodeSession(nil, "authsig", areq).Return(nil)
				aresp.EXPECT().AddQuery("code", "someauthcode.authsig")
				aresp.EXPECT().AddQuery("scope", strings.Join(areq.GrantedScopes, " "))
				aresp.EXPECT().AddQuery("state", areq.State)
			},
		},
	} {
		c.setup()
		err := h.HandleAuthorizeEndpointRequest(nil, httpreq, areq, aresp)
		assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}