Source file src/github.com/ory/fosite/handler/oauth2/introspector_jwt_test.go

Documentation: github.com/ory/fosite/handler/oauth2

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package oauth2
    23  
    24  import (
    25  	"encoding/base64"
    26  	"fmt"
    27  	"strings"
    28  	"testing"
    29  
    30  	"github.com/stretchr/testify/assert"
    31  	"github.com/stretchr/testify/require"
    32  
    33  	"github.com/ory/fosite"
    34  	"github.com/ory/fosite/internal"
    35  	"github.com/ory/fosite/token/jwt"
    36  )
    37  
    38  func TestIntrospectJWT(t *testing.T) {
    39  	strat := &DefaultJWTStrategy{
    40  		JWTStrategy: &jwt.RS256JWTStrategy{
    41  			PrivateKey: internal.MustRSAKey(),
    42  		},
    43  	}
    44  
    45  	v := &StatelessJWTValidator{
    46  		JWTStrategy:   strat,
    47  		ScopeStrategy: fosite.HierarchicScopeStrategy,
    48  	}
    49  
    50  	for k, c := range []struct {
    51  		description string
    52  		token       func() string
    53  		expectErr   error
    54  		scopes      []string
    55  	}{
    56  		{
    57  			description: "should fail because jwt is expired",
    58  			token: func() string {
    59  				jwt := jwtExpiredCase(fosite.AccessToken)
    60  				token, _, err := strat.GenerateAccessToken(nil, jwt)
    61  				assert.NoError(t, err)
    62  				return token
    63  			},
    64  			expectErr: fosite.ErrTokenExpired,
    65  		},
    66  		{
    67  			description: "should pass because scope was granted",
    68  			token: func() string {
    69  				jwt := jwtValidCase(fosite.AccessToken)
    70  				jwt.GrantedScope = []string{"foo", "bar"}
    71  				token, _, err := strat.GenerateAccessToken(nil, jwt)
    72  				assert.NoError(t, err)
    73  				return token
    74  			},
    75  			scopes: []string{"foo"},
    76  		},
    77  		{
    78  			description: "should fail because scope was not granted",
    79  			token: func() string {
    80  				jwt := jwtValidCase(fosite.AccessToken)
    81  				token, _, err := strat.GenerateAccessToken(nil, jwt)
    82  				assert.NoError(t, err)
    83  				return token
    84  			},
    85  			scopes:    []string{"foo"},
    86  			expectErr: fosite.ErrInvalidScope,
    87  		},
    88  		{
    89  			description: "should fail because signature is invalid",
    90  			token: func() string {
    91  				jwt := jwtValidCase(fosite.AccessToken)
    92  				token, _, err := strat.GenerateAccessToken(nil, jwt)
    93  				assert.NoError(t, err)
    94  				parts := strings.Split(token, ".")
    95  				require.Len(t, parts, 3, "%s - %v", token, parts)
    96  				dec, err := base64.RawURLEncoding.DecodeString(parts[1])
    97  				assert.NoError(t, err)
    98  				s := strings.Replace(string(dec), "peter", "piper", -1)
    99  				parts[1] = base64.RawURLEncoding.EncodeToString([]byte(s))
   100  				return strings.Join(parts, ".")
   101  			},
   102  			expectErr: fosite.ErrTokenSignatureMismatch,
   103  		},
   104  		{
   105  			description: "should pass",
   106  			token: func() string {
   107  				jwt := jwtValidCase(fosite.AccessToken)
   108  				token, _, err := strat.GenerateAccessToken(nil, jwt)
   109  				assert.NoError(t, err)
   110  				return token
   111  			},
   112  		},
   113  	} {
   114  		t.Run(fmt.Sprintf("case=%d:%v", k, c.description), func(t *testing.T) {
   115  			if c.scopes == nil {
   116  				c.scopes = []string{}
   117  			}
   118  
   119  			areq := fosite.NewAccessRequest(nil)
   120  			_, err := v.IntrospectToken(nil, c.token(), fosite.AccessToken, areq, c.scopes)
   121  
   122  			if c.expectErr != nil {
   123  				require.EqualError(t, err, c.expectErr.Error())
   124  			} else {
   125  				require.NoError(t, err)
   126  				assert.Equal(t, "peter", areq.Session.GetSubject())
   127  			}
   128  		})
   129  	}
   130  }
   131  
   132  func BenchmarkIntrospectJWT(b *testing.B) {
   133  	strat := &DefaultJWTStrategy{
   134  		JWTStrategy: &jwt.RS256JWTStrategy{
   135  			PrivateKey: internal.MustRSAKey(),
   136  		},
   137  	}
   138  
   139  	v := &StatelessJWTValidator{
   140  		JWTStrategy: strat,
   141  	}
   142  
   143  	jwt := jwtValidCase(fosite.AccessToken)
   144  	token, _, err := strat.GenerateAccessToken(nil, jwt)
   145  	assert.NoError(b, err)
   146  	areq := fosite.NewAccessRequest(nil)
   147  
   148  	for n := 0; n < b.N; n++ {
   149  		_, err = v.IntrospectToken(nil, token, fosite.AccessToken, areq, []string{})
   150  	}
   151  
   152  	assert.NoError(b, err)
   153  }
   154  

View as plain text