fix tests

.travis.yml

@@ -3,6 +3,7 @@ language: go
 go:
   - 1.5
   - 1.6
+  - 1.7
 
 env:
   - GO15VENDOREXPERIMENT=1

generate-mocks.sh

@@ -21,7 +21,7 @@ mockgen -package internal -destination internal/id_token_strategy.go github.com/
 mockgen -package internal -destination internal/authorize_handler.go github.com/ory-am/fosite AuthorizeEndpointHandler
 mockgen -package internal -destination internal/revoke_handler.go github.com/ory-am/fosite RevocationHandler
 mockgen -package internal -destination internal/token_handler.go github.com/ory-am/fosite TokenEndpointHandler
-mockgen -package internal -destination internal/validator.go github.com/ory-am/fosite TokenValidator
+mockgen -package internal -destination internal/introspector.go github.com/ory-am/fosite TokenIntrospector
 mockgen -package internal -destination internal/client.go github.com/ory-am/fosite Client
 mockgen -package internal -destination internal/request.go github.com/ory-am/fosite Requester
 mockgen -package internal -destination internal/access_request.go github.com/ory-am/fosite AccessRequester

handler/oauth2/validator.go → handler/oauth2/introspector.go

@@ -15,35 +15,35 @@ type CoreValidator struct {
 func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (err error) {
 	switch tokenType {
 	case fosite.RefreshToken:
-		if err = c.validateRefreshToken(ctx, token, accessRequest); err == nil {
+		if err = c.introspectRefreshToken(ctx, token, accessRequest); err == nil {
 			return err
-		} else if err = c.validateAuthorizeCode(ctx, token, accessRequest); err == nil {
+		} else if err = c.introspectAuthorizeCode(ctx, token, accessRequest); err == nil {
 			return err
-		} else if err = c.validateAccessToken(ctx, token, accessRequest, scopes); err == nil {
+		} else if err = c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil {
 			return err
 		}
 		return err
 	case fosite.AuthorizeCode:
-		if err = c.validateAuthorizeCode(ctx, token, accessRequest); err == nil {
+		if err = c.introspectAuthorizeCode(ctx, token, accessRequest); err == nil {
 			return err
-		} else if err := c.validateAccessToken(ctx, token, accessRequest, scopes); err == nil {
+		} else if err := c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil {
 			return err
-		} else if err := c.validateRefreshToken(ctx, token, accessRequest); err == nil {
+		} else if err := c.introspectRefreshToken(ctx, token, accessRequest); err == nil {
 			return err
 		}
 		return err
 	}
-	if err = c.validateAccessToken(ctx, token, accessRequest, scopes); err == nil {
+	if err = c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil {
 		return err
-	} else if err := c.validateRefreshToken(ctx, token, accessRequest); err == nil {
+	} else if err := c.introspectRefreshToken(ctx, token, accessRequest); err == nil {
 		return err
-	} else if err := c.validateAuthorizeCode(ctx, token, accessRequest); err == nil {
+	} else if err := c.introspectAuthorizeCode(ctx, token, accessRequest); err == nil {
 		return err
 	}
 	return err
 }
 
-func (c *CoreValidator) validateAccessToken(ctx context.Context, token string, accessRequest fosite.AccessRequester, scopes []string) error {
+func (c *CoreValidator) introspectAccessToken(ctx context.Context, token string, accessRequest fosite.AccessRequester, scopes []string) error {
 	sig := c.CoreStrategy.AccessTokenSignature(token)
 	or, err := c.CoreStorage.GetAccessTokenSession(ctx, sig, accessRequest.GetSession())
 	if err != nil {
@@ -66,7 +66,7 @@ func (c *CoreValidator) validateAccessToken(ctx context.Context, token string, a
 	return nil
 }
 
-func (c *CoreValidator) validateRefreshToken(ctx context.Context, token string, accessRequest fosite.AccessRequester) error {
+func (c *CoreValidator) introspectRefreshToken(ctx context.Context, token string, accessRequest fosite.AccessRequester) error {
 	sig := c.CoreStrategy.RefreshTokenSignature(token)
 	if or, err := c.CoreStorage.GetRefreshTokenSession(ctx, sig, accessRequest.GetSession()); err != nil {
 		return errors.Wrap(fosite.ErrRequestUnauthorized, err.Error())
@@ -79,7 +79,7 @@ func (c *CoreValidator) validateRefreshToken(ctx context.Context, token string,
 	return nil
 }
 
-func (c *CoreValidator) validateAuthorizeCode(ctx context.Context, token string, accessRequest fosite.AccessRequester) error {
+func (c *CoreValidator) introspectAuthorizeCode(ctx context.Context, token string, accessRequest fosite.AccessRequester) error {
 	sig := c.CoreStrategy.AuthorizeCodeSignature(token)
 	if or, err := c.CoreStorage.GetAuthorizeCodeSession(ctx, sig, accessRequest.GetSession()); err != nil {
 		return errors.Wrap(err, fosite.ErrRequestUnauthorized.Error())

handler/oauth2/flow_revoke.go → handler/oauth2/revocation.go

@@ -2,7 +2,6 @@ package oauth2
 
 import (
 	"github.com/ory-am/fosite"
-	"github.com/pkg/errors"
 	"golang.org/x/net/context"
 )
 
@@ -39,7 +38,7 @@ func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string,
 		ar, err = discoveryFuncs[1]()
 	}
 	if err != nil {
-		return errors.Wrap(fosite.ErrNotFound, "Nothing to revoke")
+		return nil
 	}
 
 	requestID := ar.GetID()

handler/oauth2/flow_revoke_storage.go → handler/oauth2/revocation_storage.go

@@ -17,12 +17,12 @@ type TokenRevocationStorage interface {
 	// revocation of access tokens, then the authorization server SHOULD
 	// also invalidate all access tokens based on the same authorization
 	// grant (see Implementation Note).
-	RevokeRefreshToken(ctx context.Context, requestID string)
+	RevokeRefreshToken(ctx context.Context, requestID string) error
 
 	// RevokeAccessToken revokes an access token as specified in:
 	// https://tools.ietf.org/html/rfc7009#section-2.1
 	// If the token passed to the request
 	// is an access token, the server MAY revoke the respective refresh
 	// token as well.
-	RevokeAccessToken(ctx context.Context, requestID string)
+	RevokeAccessToken(ctx context.Context, requestID string) error
 }

handler/oauth2/flow_revoke_test.go → handler/oauth2/revocation_test.go

@@ -92,7 +92,7 @@ func TestRevokeToken(t *testing.T) {
 		},
 		{
 			description: "should pass - refresh token discovery first; both tokens not found",
-			expectErr:   fosite.ErrNotFound,
+			expectErr:   nil,
 			mock: func() {
 				token = "foo"
 				tokenType = fosite.RefreshToken
@@ -105,7 +105,7 @@ func TestRevokeToken(t *testing.T) {
 		},
 		{
 			description: "should pass - access token discovery first; both tokens not found",
-			expectErr:   fosite.ErrNotFound,
+			expectErr:   nil,
 			mock: func() {
 				token = "foo"
 				tokenType = fosite.AccessToken

integration/helper_endpoints_test.go

@@ -23,6 +23,10 @@ func tokenRevocationHandler(t *testing.T, oauth2 fosite.OAuth2Provider, session
 	return func(rw http.ResponseWriter, req *http.Request) {
 		ctx := fosite.NewContext()
 		err := oauth2.NewRevocationRequest(ctx, req)
+		if err != nil {
+			t.Logf("Revoke request failed because %s.", err.Error())
+			t.Logf("Stack: %v", err.(stackTracer).StackTrace())
+		}
 		oauth2.WriteRevocationResponse(rw, err)
 	}
 }

integration/revoke_token_test.go

@@ -0,0 +1,46 @@
+package integration_test
+
+import (
+	"testing"
+
+	"github.com/ory-am/fosite/compose"
+	"github.com/ory-am/fosite/handler/oauth2"
+	"github.com/parnurzeal/gorequest"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	goauth "golang.org/x/oauth2"
+	"net/http"
+)
+
+func TestRevokeToken(t *testing.T) {
+	for _, strategy := range []oauth2.AccessTokenStrategy{
+		hmacStrategy,
+	} {
+		runRevokeTokenTest(t, strategy)
+	}
+}
+
+func runRevokeTokenTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
+	f := compose.Compose(new(compose.Config), fositeStore, strategy, compose.OAuth2ClientCredentialsGrantFactory, compose.OAuth2TokenRevocationFactory)
+	ts := mockServer(t, f, &mySessionData{
+		HMACSession: new(oauth2.HMACSession),
+	})
+	defer ts.Close()
+
+	oauthClient := newOAuth2AppClient(ts)
+	token, err := oauthClient.Token(goauth.NoContext)
+	assert.Nil(t, err)
+
+	resp, _, errs := gorequest.New().Post(ts.URL+"/revoke").
+		SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret).
+		Type("form").
+		SendStruct(map[string]string{"token": token.AccessToken}).End()
+	assert.Len(t, errs, 0)
+	assert.Equal(t, 200, resp.StatusCode)
+
+	hres, _, errs := gorequest.New().Get(ts.URL+"/info").
+		Set("Authorization", "bearer "+token.AccessToken).
+		End()
+	require.Len(t, errs, 0)
+	assert.Equal(t, http.StatusUnauthorized, hres.StatusCode)
+}

internal/oauth2_revoke_storage.go

@@ -92,16 +92,20 @@ func (_mr *_MockTokenRevocationStorageRecorder) GetRefreshTokenSession(arg0, arg
 	return _mr.mock.ctrl.RecordCall(_mr.mock, "GetRefreshTokenSession", arg0, arg1, arg2)
 }
 
-func (_m *MockTokenRevocationStorage) RevokeAccessToken(_param0 context.Context, _param1 string) {
-	_m.ctrl.Call(_m, "RevokeAccessToken", _param0, _param1)
+func (_m *MockTokenRevocationStorage) RevokeAccessToken(_param0 context.Context, _param1 string) error {
+	ret := _m.ctrl.Call(_m, "RevokeAccessToken", _param0, _param1)
+	ret0, _ := ret[0].(error)
+	return ret0
 }
 
 func (_mr *_MockTokenRevocationStorageRecorder) RevokeAccessToken(arg0, arg1 interface{}) *gomock.Call {
 	return _mr.mock.ctrl.RecordCall(_mr.mock, "RevokeAccessToken", arg0, arg1)
 }
 
-func (_m *MockTokenRevocationStorage) RevokeRefreshToken(_param0 context.Context, _param1 string) {
-	_m.ctrl.Call(_m, "RevokeRefreshToken", _param0, _param1)
+func (_m *MockTokenRevocationStorage) RevokeRefreshToken(_param0 context.Context, _param1 string) error {
+	ret := _m.ctrl.Call(_m, "RevokeRefreshToken", _param0, _param1)
+	ret0, _ := ret[0].(error)
+	return ret0
 }
 
 func (_mr *_MockTokenRevocationStorageRecorder) RevokeRefreshToken(arg0, arg1 interface{}) *gomock.Call {

introspect_test.go

@@ -17,7 +17,7 @@ import (
 
 func TestIntrospect(t *testing.T) {
 	ctrl := gomock.NewController(t)
-	validator := internal.NewMockTokenValidator(ctrl)
+	validator := internal.NewMockTokenIntrospector(ctrl)
 	defer ctrl.Finish()
 
 	f := compose.ComposeAllEnabled(new(compose.Config), storage.NewMemoryStore(), []byte{}, nil).(*Fosite)

introspection_request_handler.go

@@ -88,8 +88,10 @@ import (
 //
 //	token=mF_9.B5f-4.1JqM&token_type_hint=access_token
 func (f *Fosite) NewIntrospectionRequest(ctx context.Context, r *http.Request, session interface{}) (IntrospectionResponder, error) {
-	if err := r.ParseForm(); err != nil {
-		return nil, errors.Wrap(ErrInvalidRequest, "Could not parse form values")
+	if r.Method != "POST" {
+		return nil, errors.Wrap(ErrInvalidRequest, "HTTP method is not POST")
+	} else if err := r.ParseForm(); err != nil {
+		return nil, errors.Wrap(ErrInvalidRequest, err.Error())
 	}
 
 	token := r.PostForm.Get("token")

introspection_request_handler_test.go

@@ -30,11 +30,12 @@ func TestIntrospectionResponse(t *testing.T) {
 
 func TestNewIntrospectionRequest(t *testing.T) {
 	ctrl := gomock.NewController(t)
-	validator := internal.NewMockTokenValidator(ctrl)
+	validator := internal.NewMockTokenIntrospector(ctrl)
 	defer ctrl.Finish()
 
 	f := compose.ComposeAllEnabled(new(compose.Config), storage.NewMemoryStore(), []byte{}, nil).(*Fosite)
 	httpreq := &http.Request{
+		Method: "POST",
 		Header: http.Header{},
 		Form:   url.Values{},
 	}
@@ -49,13 +50,14 @@ func TestNewIntrospectionRequest(t *testing.T) {
 			description: "should fail",
 			setup: func() {
 			},
-			expectErr: ErrRequestUnauthorized,
+			expectErr: ErrInvalidRequest,
 		},
 		{
 			description: "should pass",
 			setup: func() {
 				f.TokenIntrospectionHandlers = TokenIntrospectionHandlers{validator}
 				httpreq = &http.Request{
+					Method: "POST",
 					Header: http.Header{
 						"Authorization": []string{"bearer some-token"},
 					},
@@ -73,6 +75,7 @@ func TestNewIntrospectionRequest(t *testing.T) {
 			setup: func() {
 				f.TokenIntrospectionHandlers = TokenIntrospectionHandlers{validator}
 				httpreq = &http.Request{
+					Method: "POST",
 					Header: http.Header{
 						"Authorization": []string{"bearer some-token"},
 					},

revoke_handler.go

@@ -48,7 +48,6 @@ func (f *Fosite) NewRevocationRequest(ctx context.Context, r *http.Request) erro
 		return errors.Wrap(ErrInvalidClient, err.Error())
 	}
 
-	r.ParseForm()
 	token := r.PostForm.Get("token")
 	tokenTypeHint := TokenType(r.PostForm.Get("token_type_hint"))
 
@@ -82,7 +81,7 @@ func (f *Fosite) NewRevocationRequest(ctx context.Context, r *http.Request) erro
 // purpose of the revocation request, invalidating the particular token,
 // is already achieved.
 func (f *Fosite) WriteRevocationResponse(rw http.ResponseWriter, err error) {
-	switch err {
+	switch errors.Cause(err) {
 	case ErrInvalidRequest:
 		fallthrough
 	case ErrInvalidClient:

storage/memory.go

@@ -190,16 +190,16 @@ func (s *MemoryStore) PersistRefreshTokenGrantSession(ctx context.Context, origi
 
 	return nil
 }
-func (s *MemoryStore) RevokeRefreshToken(ctx context.Context, requestID string) {
+func (s *MemoryStore) RevokeRefreshToken(ctx context.Context, requestID string) error {
 	if signature, exists := s.RefreshTokenRequestIDs[requestID]; exists {
 		s.DeleteRefreshTokenSession(ctx, signature)
 	}
-	return
+	return nil
 }
 
-func (s *MemoryStore) RevokeAccessToken(ctx context.Context, requestID string) {
+func (s *MemoryStore) RevokeAccessToken(ctx context.Context, requestID string) error {
 	if signature, exists := s.AccessTokenRequestIDs[requestID]; exists {
 		s.DeleteAccessTokenSession(ctx, signature)
 	}
-	return
+	return nil
 }