...

Source file src/github.com/ory/fosite/handler/openid/flow_explicit_auth_test.go

Documentation: github.com/ory/fosite/handler/openid 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package openid
    23  
    24  import (
    25  	"fmt"
    26  	"testing"
    27  
    28  	"github.com/golang/mock/gomock"
    29  	"github.com/pkg/errors"
    30  	"github.com/stretchr/testify/require"
    31  
    32  	"github.com/ory/fosite"
    33  	"github.com/ory/fosite/internal"
    34  	"github.com/ory/fosite/token/jwt"
    35  )
    36  
    37  // expose key to verify id_token
    38  var key = internal.MustRSAKey()
    39  
    40  func makeOpenIDConnectExplicitHandler(ctrl *gomock.Controller, minParameterEntropy int) (OpenIDConnectExplicitHandler, *internal.MockOpenIDConnectRequestStorage) {
    41  	store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
    42  
    43  	var j = &DefaultStrategy{
    44  		JWTStrategy: &jwt.RS256JWTStrategy{
    45  			PrivateKey: key,
    46  		},
    47  		MinParameterEntropy: minParameterEntropy,
    48  	}
    49  
    50  	return OpenIDConnectExplicitHandler{
    51  		OpenIDConnectRequestStorage: store,
    52  		IDTokenHandleHelper: &IDTokenHandleHelper{
    53  			IDTokenStrategy: j,
    54  		},
    55  		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.JWTStrategy),
    56  	}, store
    57  }
    58  
    59  func TestExplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
    60  	ctrl := gomock.NewController(t)
    61  	aresp := internal.NewMockAuthorizeResponder(ctrl)
    62  	defer ctrl.Finish()
    63  
    64  	areq := fosite.NewAuthorizeRequest()
    65  
    66  	session := NewDefaultSession()
    67  	session.Claims.Subject = "foo"
    68  	areq.Session = session
    69  
    70  	for k, c := range []struct {
    71  		description string
    72  		setup       func() OpenIDConnectExplicitHandler
    73  		expectErr   error
    74  	}{
    75  		{
    76  			description: "should pass because not responsible for handling an empty response type",
    77  			setup: func() OpenIDConnectExplicitHandler {
    78  				h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
    79  				areq.ResponseTypes = fosite.Arguments{""}
    80  				return h
    81  			},
    82  		},
    83  		{
    84  			description: "should pass because scope openid is not set",
    85  			setup: func() OpenIDConnectExplicitHandler {
    86  				h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
    87  				areq.ResponseTypes = fosite.Arguments{"code"}
    88  				areq.Client = &fosite.DefaultClient{
    89  					ResponseTypes: fosite.Arguments{"code"},
    90  				}
    91  				areq.RequestedScope = fosite.Arguments{""}
    92  				return h
    93  			},
    94  		},
    95  		{
    96  			description: "should fail because no code set",
    97  			setup: func() OpenIDConnectExplicitHandler {
    98  				h, _ := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
    99  				areq.GrantedScope = fosite.Arguments{"openid"}
   100  				areq.Form.Set("nonce", "11111111111111111111111111111")
   101  				aresp.EXPECT().GetCode().Return("")
   102  				return h
   103  			},
   104  			expectErr: fosite.ErrMisconfiguration,
   105  		},
   106  		{
   107  			description: "should fail because lookup fails",
   108  			setup: func() OpenIDConnectExplicitHandler {
   109  				h, store := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
   110  				aresp.EXPECT().GetCode().AnyTimes().Return("codeexample")
   111  				store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).Return(errors.New(""))
   112  				return h
   113  			},
   114  			expectErr: fosite.ErrServerError,
   115  		},
   116  		{
   117  			description: "should pass",
   118  			setup: func() OpenIDConnectExplicitHandler {
   119  				h, store := makeOpenIDConnectExplicitHandler(ctrl, fosite.MinParameterEntropy)
   120  				store.EXPECT().CreateOpenIDConnectSession(nil, "codeexample", gomock.Eq(areq.Sanitize(oidcParameters))).AnyTimes().Return(nil)
   121  				return h
   122  			},
   123  		},
   124  	} {
   125  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   126  			h := c.setup()
   127  			err := h.HandleAuthorizeEndpointRequest(nil, areq, aresp)
   128  
   129  			if c.expectErr != nil {
   130  				require.EqualError(t, err, c.expectErr.Error())
   131  			} else {
   132  				require.NoError(t, err)
   133  			}
   134  		})
   135  	}
   136  }
   137  

View as plain text