...

Source file src/github.com/ory/fosite/handler/oauth2/strategy_hmacsha_test.go

Documentation: github.com/ory/fosite/handler/oauth2 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package oauth2
    23  
    24  import (
    25  	"fmt"
    26  	"strings"
    27  	"testing"
    28  	"time"
    29  
    30  	"github.com/stretchr/testify/assert"
    31  
    32  	"github.com/ory/fosite"
    33  	"github.com/ory/fosite/token/hmac"
    34  )
    35  
    36  var hmacshaStrategy = HMACSHAStrategy{
    37  	Enigma:                &hmac.HMACStrategy{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")},
    38  	AccessTokenLifespan:   time.Hour * 24,
    39  	AuthorizeCodeLifespan: time.Hour * 24,
    40  }
    41  
    42  var hmacExpiredCase = fosite.Request{
    43  	Client: &fosite.DefaultClient{
    44  		Secret: []byte("foobarfoobarfoobarfoobar"),
    45  	},
    46  	Session: &fosite.DefaultSession{
    47  		ExpiresAt: map[fosite.TokenType]time.Time{
    48  			fosite.AccessToken:   time.Now().UTC().Add(-time.Hour),
    49  			fosite.AuthorizeCode: time.Now().UTC().Add(-time.Hour),
    50  			fosite.RefreshToken:  time.Now().UTC().Add(-time.Hour),
    51  		},
    52  	},
    53  }
    54  
    55  var hmacValidCase = fosite.Request{
    56  	Client: &fosite.DefaultClient{
    57  		Secret: []byte("foobarfoobarfoobarfoobar"),
    58  	},
    59  	Session: &fosite.DefaultSession{
    60  		ExpiresAt: map[fosite.TokenType]time.Time{
    61  			fosite.AccessToken:   time.Now().UTC().Add(time.Hour),
    62  			fosite.AuthorizeCode: time.Now().UTC().Add(time.Hour),
    63  			fosite.RefreshToken:  time.Now().UTC().Add(time.Hour),
    64  		},
    65  	},
    66  }
    67  
    68  var hmacValidZeroTimeRefreshCase = fosite.Request{
    69  	Client: &fosite.DefaultClient{
    70  		Secret: []byte("foobarfoobarfoobarfoobar"),
    71  	},
    72  	Session: &fosite.DefaultSession{
    73  		ExpiresAt: map[fosite.TokenType]time.Time{
    74  			fosite.AccessToken:   time.Now().UTC().Add(time.Hour),
    75  			fosite.AuthorizeCode: time.Now().UTC().Add(time.Hour),
    76  			fosite.RefreshToken:  {},
    77  		},
    78  	},
    79  }
    80  
    81  func TestHMACAccessToken(t *testing.T) {
    82  	for k, c := range []struct {
    83  		r    fosite.Request
    84  		pass bool
    85  	}{
    86  		{
    87  			r:    hmacValidCase,
    88  			pass: true,
    89  		},
    90  		{
    91  			r:    hmacExpiredCase,
    92  			pass: false,
    93  		},
    94  	} {
    95  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
    96  			token, signature, err := hmacshaStrategy.GenerateAccessToken(nil, &c.r)
    97  			assert.NoError(t, err)
    98  			assert.Equal(t, strings.Split(token, ".")[1], signature)
    99  
   100  			err = hmacshaStrategy.ValidateAccessToken(nil, &c.r, token)
   101  			if c.pass {
   102  				assert.NoError(t, err)
   103  				validate := hmacshaStrategy.Enigma.Signature(token)
   104  				assert.Equal(t, signature, validate)
   105  			} else {
   106  				assert.Error(t, err)
   107  			}
   108  		})
   109  	}
   110  }
   111  
   112  func TestHMACRefreshToken(t *testing.T) {
   113  	for k, c := range []struct {
   114  		r    fosite.Request
   115  		pass bool
   116  	}{
   117  		{
   118  			r:    hmacValidCase,
   119  			pass: true,
   120  		},
   121  		{
   122  			r:    hmacExpiredCase,
   123  			pass: false,
   124  		},
   125  	} {
   126  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   127  			token, signature, err := hmacshaStrategy.GenerateRefreshToken(nil, &c.r)
   128  			assert.NoError(t, err)
   129  			assert.Equal(t, strings.Split(token, ".")[1], signature)
   130  
   131  			err = hmacshaStrategy.ValidateRefreshToken(nil, &c.r, token)
   132  			if c.pass {
   133  				assert.NoError(t, err)
   134  				validate := hmacshaStrategy.Enigma.Signature(token)
   135  				assert.Equal(t, signature, validate)
   136  			} else {
   137  				assert.Error(t, err)
   138  			}
   139  		})
   140  	}
   141  }
   142  
   143  func TestHMACAuthorizeCode(t *testing.T) {
   144  	for k, c := range []struct {
   145  		r    fosite.Request
   146  		pass bool
   147  	}{
   148  		{
   149  			r:    hmacValidCase,
   150  			pass: true,
   151  		},
   152  		{
   153  			r:    hmacExpiredCase,
   154  			pass: false,
   155  		},
   156  	} {
   157  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   158  			token, signature, err := hmacshaStrategy.GenerateAuthorizeCode(nil, &c.r)
   159  			assert.NoError(t, err)
   160  			assert.Equal(t, strings.Split(token, ".")[1], signature)
   161  
   162  			err = hmacshaStrategy.ValidateAuthorizeCode(nil, &c.r, token)
   163  			if c.pass {
   164  				assert.NoError(t, err)
   165  				validate := hmacshaStrategy.Enigma.Signature(token)
   166  				assert.Equal(t, signature, validate)
   167  			} else {
   168  				assert.Error(t, err)
   169  			}
   170  		})
   171  	}
   172  }
   173  

View as plain text