forked from ory/fosite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flow_explicit_auth_test.go
118 lines (108 loc) · 3.24 KB
/
flow_explicit_auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
/*
* Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @author Aeneas Rekkas <aeneas+oss@aeneas.io>
* @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
* @license Apache-2.0
*
*/
package openid
import (
"testing"
"fmt"
"github.com/golang/mock/gomock"
"github.com/ory/fosite"
"github.com/ory/fosite/internal"
"github.com/ory/fosite/token/jwt"
"github.com/pkg/errors"
"github.com/stretchr/testify/require"
)
var j = &DefaultStrategy{
JWTStrategy: &jwt.RS256JWTStrategy{
PrivateKey: internal.MustRSAKey(),
},
}
func TestExplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
aresp := internal.NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
areq := fosite.NewAuthorizeRequest()
session := NewDefaultSession()
session.Claims.Subject = "foo"
areq.Session = session
h := &OpenIDConnectExplicitHandler{
OpenIDConnectRequestStorage: store,
IDTokenHandleHelper: &IDTokenHandleHelper{
IDTokenStrategy: j,
},
OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.JWTStrategy),
}
for k, c := range []struct {
description string
setup func()
expectErr error
}{
{
description: "should pass because not responsible for handling an empty response type",
setup: func() {
areq.ResponseTypes = fosite.Arguments{""}
},
},
{
description: "should pass because scope openid is not set",
setup: func() {
areq.ResponseTypes = fosite.Arguments{"code"}
areq.Client = &fosite.DefaultClient{
ResponseTypes: fosite.Arguments{"code"},
}
areq.Scopes = fosite.Arguments{""}
},
},
{
description: "should fail because no code set",
setup: func() {
areq.GrantedScopes = fosite.Arguments{"openid"}
areq.Form.Set("nonce", "11111111111111111111111111111")
aresp.EXPECT().GetCode().Return("")
},
expectErr: fosite.ErrMisconfiguration,
},
{
description: "should fail because lookup fails",
setup: func() {
aresp.EXPECT().GetCode().AnyTimes().Return("codeexample")
store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).Return(errors.New(""))
},
expectErr: fosite.ErrServerError,
},
{
description: "should pass",
setup: func() {
store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).AnyTimes().Return(nil)
},
},
} {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
c.setup()
err := h.HandleAuthorizeEndpointRequest(nil, areq, aresp)
if c.expectErr != nil {
require.EqualError(t, err, c.expectErr.Error())
} else {
require.NoError(t, err)
}
})
}
}