Source file src/github.com/ory/fosite/handler/oauth2/flow_authorize_implicit_test.go

Documentation: github.com/ory/fosite/handler/oauth2

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package oauth2
    23  
    24  import (
    25  	"fmt"
    26  	"testing"
    27  	"time"
    28  
    29  	"github.com/stretchr/testify/assert"
    30  
    31  	"github.com/golang/mock/gomock"
    32  	"github.com/pkg/errors"
    33  	"github.com/stretchr/testify/require"
    34  
    35  	"github.com/ory/fosite"
    36  	"github.com/ory/fosite/internal"
    37  )
    38  
    39  func TestAuthorizeImplicit_EndpointHandler(t *testing.T) {
    40  	ctrl := gomock.NewController(t)
    41  	defer ctrl.Finish()
    42  
    43  	areq := fosite.NewAuthorizeRequest()
    44  	areq.Session = new(fosite.DefaultSession)
    45  	h, store, chgen, aresp := makeAuthorizeImplicitGrantTypeHandler(ctrl)
    46  
    47  	for k, c := range []struct {
    48  		description string
    49  		setup       func()
    50  		expectErr   error
    51  	}{
    52  		{
    53  			description: "should pass because not responsible for handling the response type",
    54  			setup: func() {
    55  				areq.ResponseTypes = fosite.Arguments{"a"}
    56  			},
    57  		},
    58  		{
    59  			description: "should fail because access token generation failed",
    60  			setup: func() {
    61  				areq.ResponseTypes = fosite.Arguments{"token"}
    62  				areq.Client = &fosite.DefaultClient{
    63  					GrantTypes:    fosite.Arguments{"implicit"},
    64  					ResponseTypes: fosite.Arguments{"token"},
    65  				}
    66  				chgen.EXPECT().GenerateAccessToken(nil, areq).Return("", "", errors.New(""))
    67  			},
    68  			expectErr: fosite.ErrServerError,
    69  		},
    70  		{
    71  			description: "should fail because scope invalid",
    72  			setup: func() {
    73  				areq.ResponseTypes = fosite.Arguments{"token"}
    74  				areq.RequestedScope = fosite.Arguments{"scope"}
    75  				areq.Client = &fosite.DefaultClient{
    76  					GrantTypes:    fosite.Arguments{"implicit"},
    77  					ResponseTypes: fosite.Arguments{"token"},
    78  				}
    79  			},
    80  			expectErr: fosite.ErrInvalidScope,
    81  		},
    82  		{
    83  			description: "should fail because audience invalid",
    84  			setup: func() {
    85  				areq.ResponseTypes = fosite.Arguments{"token"}
    86  				areq.RequestedScope = fosite.Arguments{"scope"}
    87  				areq.RequestedAudience = fosite.Arguments{"https://www.ory.sh/not-api"}
    88  				areq.Client = &fosite.DefaultClient{
    89  					GrantTypes:    fosite.Arguments{"implicit"},
    90  					ResponseTypes: fosite.Arguments{"token"},
    91  					Scopes:        []string{"scope"},
    92  					Audience:      []string{"https://www.ory.sh/api"},
    93  				}
    94  			},
    95  			expectErr: fosite.ErrInvalidRequest,
    96  		},
    97  		{
    98  			description: "should fail because persistence failed",
    99  			setup: func() {
   100  				areq.RequestedAudience = fosite.Arguments{"https://www.ory.sh/api"}
   101  				chgen.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
   102  				store.EXPECT().CreateAccessTokenSession(nil, "ats", gomock.Eq(areq.Sanitize([]string{}))).Return(errors.New(""))
   103  			},
   104  			expectErr: fosite.ErrServerError,
   105  		},
   106  		{
   107  			description: "should pass",
   108  			setup: func() {
   109  				areq.State = "state"
   110  				areq.GrantedScope = fosite.Arguments{"scope"}
   111  
   112  				store.EXPECT().CreateAccessTokenSession(nil, "ats", gomock.Eq(areq.Sanitize([]string{}))).AnyTimes().Return(nil)
   113  
   114  				aresp.EXPECT().AddParameter("access_token", "access.ats")
   115  				aresp.EXPECT().AddParameter("expires_in", gomock.Any())
   116  				aresp.EXPECT().AddParameter("token_type", "bearer")
   117  				aresp.EXPECT().AddParameter("state", "state")
   118  				aresp.EXPECT().AddParameter("scope", "scope")
   119  			},
   120  			expectErr: nil,
   121  		},
   122  	} {
   123  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   124  			c.setup()
   125  			err := h.HandleAuthorizeEndpointRequest(nil, areq, aresp)
   126  			if c.expectErr != nil {
   127  				require.EqualError(t, err, c.expectErr.Error())
   128  			} else {
   129  				require.NoError(t, err)
   130  			}
   131  		})
   132  	}
   133  }
   134  func makeAuthorizeImplicitGrantTypeHandler(ctrl *gomock.Controller) (AuthorizeImplicitGrantTypeHandler,
   135  	*internal.MockAccessTokenStorage, *internal.MockAccessTokenStrategy, *internal.MockAuthorizeResponder) {
   136  	store := internal.NewMockAccessTokenStorage(ctrl)
   137  	chgen := internal.NewMockAccessTokenStrategy(ctrl)
   138  	aresp := internal.NewMockAuthorizeResponder(ctrl)
   139  
   140  	h := AuthorizeImplicitGrantTypeHandler{
   141  		AccessTokenStorage:       store,
   142  		AccessTokenStrategy:      chgen,
   143  		AccessTokenLifespan:      time.Hour,
   144  		ScopeStrategy:            fosite.HierarchicScopeStrategy,
   145  		AudienceMatchingStrategy: fosite.DefaultAudienceMatchingStrategy,
   146  	}
   147  
   148  	return h, store, chgen, aresp
   149  }
   150  
   151  func TestDefaultResponseMode_AuthorizeImplicit_EndpointHandler(t *testing.T) {
   152  	ctrl := gomock.NewController(t)
   153  	defer ctrl.Finish()
   154  
   155  	areq := fosite.NewAuthorizeRequest()
   156  	areq.Session = new(fosite.DefaultSession)
   157  	h, store, chgen, aresp := makeAuthorizeImplicitGrantTypeHandler(ctrl)
   158  
   159  	areq.State = "state"
   160  	areq.GrantedScope = fosite.Arguments{"scope"}
   161  	areq.ResponseTypes = fosite.Arguments{"token"}
   162  	areq.Client = &fosite.DefaultClient{
   163  		GrantTypes:    fosite.Arguments{"implicit"},
   164  		ResponseTypes: fosite.Arguments{"token"},
   165  	}
   166  
   167  	store.EXPECT().CreateAccessTokenSession(nil, "ats", gomock.Eq(areq.Sanitize([]string{}))).AnyTimes().Return(nil)
   168  
   169  	aresp.EXPECT().AddParameter("access_token", "access.ats")
   170  	aresp.EXPECT().AddParameter("expires_in", gomock.Any())
   171  	aresp.EXPECT().AddParameter("token_type", "bearer")
   172  	aresp.EXPECT().AddParameter("state", "state")
   173  	aresp.EXPECT().AddParameter("scope", "scope")
   174  	chgen.EXPECT().GenerateAccessToken(nil, areq).AnyTimes().Return("access.ats", "ats", nil)
   175  
   176  	err := h.HandleAuthorizeEndpointRequest(nil, areq, aresp)
   177  	assert.NoError(t, err)
   178  	assert.Equal(t, fosite.ResponseModeFragment, areq.GetResponseMode())
   179  }
   180  

View as plain text