all: finalized auth endpoint, added tests, added integration tests

ory · Jan 9, 2016 · c6dcb90 · c6dcb90
1 parent 6df0eca
commit c6dcb90
Show file tree

Hide file tree

Showing 16 changed files with 410 additions and 125 deletions.
diff --git a/README.md b/README.md
@@ -193,14 +193,14 @@ func handleAuth(rw http.ResponseWriter, r *http.Request) {
     // If you use advanced ResponseTypeHandlers it is a good idea to read the README first and check if your
     // session object needs to implement any interface. Think of the session as a persistent context
     // for the handlers.
-    response, err := oauth2.HandleAuthorizeRequest(ctx, authorizeRequest, r, &mySessionData)
+    response, err := oauth2.NewAuthorizeResponse(ctx, req, authorizeRequest, &mySessionData)
     if err != nil {
        oauth2.WriteAuthorizeError(rw, req, err)
        return
     }
 
     // The next step is going to redirect the user by either using implicit or explicit grant or both (for OpenID connect)
-    oauth2.WriteAuthorizeResponse(rw, ar, response)
+    oauth2.WriteAuthorizeResponse(rw, authorizeRequest, response)
 
     // Done! The client should now have a valid authorize code!
 }

diff --git a/authorize.go b/authorize.go
@@ -102,7 +102,7 @@ func (c *Fosite) WriteAuthorizeError(rw http.ResponseWriter, ar AuthorizeRequest
 	rfcerr := ErrorToRFC6749Error(err)
 
 	if !ar.IsRedirectURIValid() {
-		pkg.WriteJSON(rw, rfcerr)
+		pkg.WriteIndentJSON(rw, rfcerr)
 		return
 	}
 
@@ -116,8 +116,8 @@ func (c *Fosite) WriteAuthorizeError(rw http.ResponseWriter, ar AuthorizeRequest
 	rw.WriteHeader(http.StatusFound)
 }
 
-func (o *Fosite) NewAuthorizeResponse(ctx context.Context, ar AuthorizeRequester, r *http.Request, session interface{}) (AuthorizeResponder, error) {
-	var resp = new(AuthorizeResponse)
+func (o *Fosite) NewAuthorizeResponse(ctx context.Context, r *http.Request, ar AuthorizeRequester, session interface{}) (AuthorizeResponder, error) {
+	var resp = NewAuthorizeResponse()
 	var err error
 	var found bool
 

diff --git a/authorize_integration_test.go b/authorize_integration_test.go
diff --git a/enigma/crypto.go → enigma/hmacsha.go b/enigma/crypto.go → enigma/hmacsha.go
@@ -9,8 +9,9 @@ import (
 	"github.com/ory-am/fosite/rand"
 )
 
-// CryptoEnigma is the default implementation for generating and validating challenges.
-type CryptoEnigma struct {
+// HMACSHAEnigma is the default implementation for generating and validating challenges. It uses HMAC-SHA256 to
+// generate and validate challenges.
+type HMACSHAEnigma struct {
 	AuthCodeEntropy int
 	GlobalSecret    []byte
 }
@@ -23,7 +24,7 @@ const minimumSecretLength = 32
 
 // GenerateAuthorizeCode generates a new authorize code or returns an error. set secret
 // This method implements rfc6819 Section 5.1.4.2.2: Use High Entropy for Secrets.
-func (c *CryptoEnigma) GenerateChallenge(secret []byte) (*Challenge, error) {
+func (c *HMACSHAEnigma) GenerateChallenge(secret []byte) (*Challenge, error) {
 	if len(secret) < minimumSecretLength/2 || len(c.GlobalSecret) < minimumSecretLength/2 {
 		return nil, errors.New("Secret or GlobalSecret are not strong enough")
 	}
@@ -72,7 +73,7 @@ func (c *CryptoEnigma) GenerateChallenge(secret []byte) (*Challenge, error) {
 
 // ValidateAuthorizeCodeSignature returns an AuthorizeCode, if the code argument is a valid authorize code
 // and the signature matches the key.
-func (c *CryptoEnigma) ValidateChallenge(secret []byte, t *Challenge) (err error) {
+func (c *HMACSHAEnigma) ValidateChallenge(secret []byte, t *Challenge) (err error) {
 	if t.Key == "" || t.Signature == "" {
 		return errors.New("Key and signature must both be not empty")
 	}

diff --git a/enigma/crypto_test.go → enigma/hmacsha_test.go b/enigma/crypto_test.go → enigma/hmacsha_test.go
@@ -7,7 +7,7 @@ import (
 )
 
 func TestGenerateFailsWithShortCredentials(t *testing.T) {
-	cg := CryptoEnigma{
+	cg := HMACSHAEnigma{
 		GlobalSecret: []byte("foo"),
 	}
 
@@ -27,7 +27,7 @@ func TestGenerateFailsWithShortCredentials(t *testing.T) {
 }
 
 func TestGenerate(t *testing.T) {
-	cg := CryptoEnigma{
+	cg := HMACSHAEnigma{
 		GlobalSecret: []byte("12345678901234567890"),
 	}
 
@@ -49,7 +49,7 @@ func TestGenerate(t *testing.T) {
 
 func TestValidateSignatureRejects(t *testing.T) {
 	var err error
-	cg := CryptoEnigma{
+	cg := HMACSHAEnigma{
 		GlobalSecret: []byte("12345678901234567890"),
 	}
 	token := new(Challenge)

diff --git a/handler_test.go b/handler_test.go
@@ -64,7 +64,7 @@ func TestNewAuthorizeResponse(t *testing.T) {
 		o := &Fosite{
 			ResponseTypeHandlers: c.handlers,
 		}
-		resp, err := o.NewAuthorizeResponse(context.Background(), req, &http.Request{}, nil)
+		resp, err := o.NewAuthorizeResponse(context.Background(), &http.Request{}, req, nil)
 		require.Equal(t, c.expectsError, err, "%d: %s", k, err)
 		if err != nil {
 			require.Equal(t, c.expects, resp)

diff --git a/internal/client.go b/internal/client.go
@@ -0,0 +1,69 @@
+// Automatically generated by MockGen. DO NOT EDIT!
+// Source: client.go
+
+package internal
+
+import (
+	gomock "github.com/golang/mock/gomock"
+)
+
+// Mock of Client interface
+type MockClient struct {
+	ctrl     *gomock.Controller
+	recorder *_MockClientRecorder
+}
+
+// Recorder for MockClient (not exported)
+type _MockClientRecorder struct {
+	mock *MockClient
+}
+
+func NewMockClient(ctrl *gomock.Controller) *MockClient {
+	mock := &MockClient{ctrl: ctrl}
+	mock.recorder = &_MockClientRecorder{mock}
+	return mock
+}
+
+func (_m *MockClient) EXPECT() *_MockClientRecorder {
+	return _m.recorder
+}
+
+func (_m *MockClient) GetID() string {
+	ret := _m.ctrl.Call(_m, "GetID")
+	ret0, _ := ret[0].(string)
+	return ret0
+}
+
+func (_mr *_MockClientRecorder) GetID() *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "GetID")
+}
+
+func (_m *MockClient) CompareSecretWith(secret []byte) bool {
+	ret := _m.ctrl.Call(_m, "CompareSecretWith", secret)
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+func (_mr *_MockClientRecorder) CompareSecretWith(arg0 interface{}) *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "CompareSecretWith", arg0)
+}
+
+func (_m *MockClient) GetHashedSecret() []byte {
+	ret := _m.ctrl.Call(_m, "GetHashedSecret")
+	ret0, _ := ret[0].([]byte)
+	return ret0
+}
+
+func (_mr *_MockClientRecorder) GetHashedSecret() *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "GetHashedSecret")
+}
+
+func (_m *MockClient) GetRedirectURIs() []string {
+	ret := _m.ctrl.Call(_m, "GetRedirectURIs")
+	ret0, _ := ret[0].([]string)
+	return ret0
+}
+
+func (_mr *_MockClientRecorder) GetRedirectURIs() *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "GetRedirectURIs")
+}
diff --git a/internal/code_storage.go b/internal/code_storage.go
@@ -29,12 +29,32 @@ func (_m *MockCodeResponseTypeStorage) EXPECT() *_MockCodeResponseTypeStorageRec
 	return _m.recorder
 }
 
-func (_m *MockCodeResponseTypeStorage) StoreAuthorizeCodeSession(code string, authorizeRequest fosite.AuthorizeRequester, extra interface{}) error {
-	ret := _m.ctrl.Call(_m, "StoreAuthorizeCodeSession", code, authorizeRequest, extra)
+func (_m *MockCodeResponseTypeStorage) CreateAuthorizeCodeSession(code string, authorizeRequest fosite.AuthorizeRequester, extra interface{}) error {
+	ret := _m.ctrl.Call(_m, "CreateAuthorizeCodeSession", code, authorizeRequest, extra)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
-func (_mr *_MockCodeResponseTypeStorageRecorder) StoreAuthorizeCodeSession(arg0, arg1, arg2 interface{}) *gomock.Call {
-	return _mr.mock.ctrl.RecordCall(_mr.mock, "StoreAuthorizeCodeSession", arg0, arg1, arg2)
+func (_mr *_MockCodeResponseTypeStorageRecorder) CreateAuthorizeCodeSession(arg0, arg1, arg2 interface{}) *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "CreateAuthorizeCodeSession", arg0, arg1, arg2)
+}
+
+func (_m *MockCodeResponseTypeStorage) GetAuthorizeCodeSession(code string, authorizeRequest fosite.AuthorizeRequester, extra interface{}) error {
+	ret := _m.ctrl.Call(_m, "GetAuthorizeCodeSession", code, authorizeRequest, extra)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+func (_mr *_MockCodeResponseTypeStorageRecorder) GetAuthorizeCodeSession(arg0, arg1, arg2 interface{}) *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "GetAuthorizeCodeSession", arg0, arg1, arg2)
+}
+
+func (_m *MockCodeResponseTypeStorage) DeleteAuthorizeCodeSession(code string) error {
+	ret := _m.ctrl.Call(_m, "DeleteAuthorizeCodeSession", code)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+func (_mr *_MockCodeResponseTypeStorageRecorder) DeleteAuthorizeCodeSession(arg0 interface{}) *gomock.Call {
+	return _mr.mock.ctrl.RecordCall(_mr.mock, "DeleteAuthorizeCodeSession", arg0)
 }
diff --git a/oauth2.go b/oauth2.go
@@ -24,7 +24,7 @@ type OAuth2Provider interface {
 	//
 	// Important: Every ResponseTypeHandler should return ErrInvalidResponseType if it is unable to handle
 	// the given request and an arbitrary error if an error occurred
-	NewAuthorizeResponse(ctx context.Context, req *http.Request, ar AuthorizeRequest, session interface{}) (AuthorizeResponder, error)
+	NewAuthorizeResponse(ctx context.Context, req *http.Request, ar AuthorizeRequester, session interface{}) (AuthorizeResponder, error)
 
 	// WriteAuthorizeError returns the error codes to the redirection endpoint or shows the error to the user, if no valid
 	// redirect uri was given. Implements rfc6749#section-4.1.2.1