-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
introspector_test.go
143 lines (132 loc) · 3.89 KB
/
introspector_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package oauth2_test
import (
"net/http/httptest"
"net/url"
"testing"
"time"
"context"
"fmt"
"github.com/Sirupsen/logrus"
"github.com/julienschmidt/httprouter"
"github.com/ory/fosite"
"github.com/ory/fosite/compose"
"github.com/ory/fosite/storage"
"github.com/ory/herodot"
"github.com/ory/hydra/oauth2"
"github.com/ory/hydra/pkg"
"github.com/stretchr/testify/assert"
goauth2 "golang.org/x/oauth2"
)
var (
introspectors = make(map[string]oauth2.Introspector)
now = time.Now().Round(time.Second)
tokens = pkg.Tokens(3)
fositeStore = storage.NewExampleStore()
)
func init() {
introspectors = make(map[string]oauth2.Introspector)
now = time.Now().Round(time.Second)
tokens = pkg.Tokens(3)
fositeStore = storage.NewExampleStore()
r := httprouter.New()
serv := &oauth2.Handler{
OAuth2: compose.Compose(
fc,
fositeStore,
&compose.CommonStrategy{
CoreStrategy: compose.NewOAuth2HMACStrategy(fc, []byte("1234567890123456789012345678901234567890")),
OpenIDConnectTokenStrategy: compose.NewOpenIDConnectStrategy(pkg.MustRSAKey()),
},
nil,
compose.OAuth2AuthorizeExplicitFactory,
compose.OAuth2TokenIntrospectionFactory,
),
H: herodot.NewJSONWriter(nil),
Issuer: "foobariss",
}
serv.SetRoutes(r)
ts = httptest.NewServer(r)
ar := fosite.NewAccessRequest(oauth2.NewSession("alice"))
ar.GrantedScopes = fosite.Arguments{"core"}
ar.RequestedAt = now
ar.Client = &fosite.DefaultClient{ID: "siri"}
ar.Session.SetExpiresAt(fosite.AccessToken, now.Add(time.Hour))
ar.Session.(*oauth2.Session).Extra = map[string]interface{}{"foo": "bar"}
fositeStore.CreateAccessTokenSession(nil, tokens[0][0], ar)
ar2 := fosite.NewAccessRequest(oauth2.NewSession("siri"))
ar2.GrantedScopes = fosite.Arguments{"core"}
ar2.RequestedAt = now
ar2.Session.(*oauth2.Session).Extra = map[string]interface{}{"foo": "bar"}
ar2.Session.SetExpiresAt(fosite.AccessToken, now.Add(time.Hour))
ar2.Client = &fosite.DefaultClient{ID: "siri"}
fositeStore.CreateAccessTokenSession(nil, tokens[1][0], ar2)
ar3 := fosite.NewAccessRequest(oauth2.NewSession("siri"))
ar3.GrantedScopes = fosite.Arguments{"core"}
ar3.RequestedAt = now
ar3.Session.(*oauth2.Session).Extra = map[string]interface{}{"foo": "bar"}
ar3.Client = &fosite.DefaultClient{ID: "doesnt-exist"}
ar3.Session.SetExpiresAt(fosite.AccessToken, now.Add(-time.Hour))
fositeStore.CreateAccessTokenSession(nil, tokens[2][0], ar3)
conf := &goauth2.Config{
Scopes: []string{},
Endpoint: goauth2.Endpoint{},
}
ep, err := url.Parse(ts.URL)
if err != nil {
logrus.Fatalf("%s", err)
}
introspectors["http"] = &oauth2.HTTPIntrospector{
Endpoint: ep,
Client: conf.Client(goauth2.NoContext, &goauth2.Token{
AccessToken: tokens[1][1],
Expiry: now.Add(time.Hour),
TokenType: "bearer",
}),
}
}
func TestIntrospect(t *testing.T) {
for k, w := range introspectors {
for _, c := range []struct {
token string
expectErr bool
assert func(*oauth2.Introspection)
}{
{
token: "invalid",
expectErr: true,
},
{
token: tokens[2][1],
expectErr: true,
},
{
token: tokens[1][1],
expectErr: true,
},
{
token: tokens[0][1],
expectErr: false,
},
{
token: tokens[0][1],
expectErr: false,
assert: func(c *oauth2.Introspection) {
assert.Equal(t, "alice", c.Subject)
//assert.Equal(t, "tests", c.Issuer)
assert.Equal(t, now.Add(time.Hour).Unix(), c.ExpiresAt, "expires at")
assert.Equal(t, now.Unix(), c.IssuedAt, "issued at")
assert.Equal(t, "foobariss", c.Issuer, "issuer")
assert.Equal(t, map[string]interface{}{"foo": "bar"}, c.Extra)
},
},
} {
t.Run(fmt.Sprintf("case=%s", k), func(t *testing.T) {
ctx, err := w.IntrospectToken(context.Background(), c.token)
pkg.AssertError(t, c.expectErr, err)
if err == nil && c.assert != nil {
c.assert(ctx)
}
})
}
}
}