flow_explicit_token_test.go

Documentation: github.com/ory/fosite/handler/openid

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package openid
    23  
    24  import (
    25  	"fmt"
    26  	"testing"
    27  
    28  	"github.com/golang/mock/gomock"
    29  	"github.com/pkg/errors"
    30  	"github.com/stretchr/testify/assert"
    31  	"github.com/stretchr/testify/require"
    32  
    33  	"github.com/ory/fosite"
    34  	"github.com/ory/fosite/internal"
    35  	"github.com/ory/fosite/token/jwt"
    36  )
    37  
    38  func TestHandleTokenEndpointRequest(t *testing.T) {
    39  	h := &OpenIDConnectExplicitHandler{}
    40  	areq := fosite.NewAccessRequest(nil)
    41  	areq.Client = &fosite.DefaultClient{
    42  		//ResponseTypes: fosite.Arguments{"id_token"},
    43  	}
    44  	assert.EqualError(t, h.HandleTokenEndpointRequest(nil, areq), fosite.ErrUnknownRequest.Error())
    45  }
    46  
    47  func TestExplicit_PopulateTokenEndpointResponse(t *testing.T) {
    48  	ctrl := gomock.NewController(t)
    49  	store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
    50  	defer ctrl.Finish()
    51  
    52  	session := &DefaultSession{
    53  		Claims: &jwt.IDTokenClaims{
    54  			Subject: "peter",
    55  		},
    56  		Headers: &jwt.Headers{},
    57  	}
    58  	aresp := fosite.NewAccessResponse()
    59  	areq := fosite.NewAccessRequest(session)
    60  
    61  	var j = &DefaultStrategy{
    62  		JWTStrategy: &jwt.RS256JWTStrategy{
    63  			PrivateKey: key,
    64  		},
    65  		MinParameterEntropy: fosite.MinParameterEntropy,
    66  	}
    67  
    68  	h := &OpenIDConnectExplicitHandler{
    69  		OpenIDConnectRequestStorage: store,
    70  		IDTokenHandleHelper: &IDTokenHandleHelper{
    71  			IDTokenStrategy: j,
    72  		},
    73  	}
    74  	for k, c := range []struct {
    75  		description string
    76  		setup       func()
    77  		expectErr   error
    78  		check       func(t *testing.T, aresp *fosite.AccessResponse)
    79  	}{
    80  		{
    81  			description: "should fail because invalid response type",
    82  			setup:       func() {},
    83  			expectErr:   fosite.ErrUnknownRequest,
    84  		},
    85  		{
    86  			description: "should fail because lookup returns not found",
    87  			setup: func() {
    88  				areq.GrantTypes = fosite.Arguments{"authorization_code"}
    89  				areq.Client = &fosite.DefaultClient{
    90  					GrantTypes: fosite.Arguments{"authorization_code"},
    91  					//ResponseTypes: fosite.Arguments{"id_token"},
    92  				}
    93  				areq.Form.Set("code", "foobar")
    94  				store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(nil, ErrNoSessionFound)
    95  			},
    96  			expectErr: fosite.ErrUnknownRequest,
    97  		},
    98  		{
    99  			description: "should fail because lookup fails",
   100  			setup: func() {
   101  				areq.GrantTypes = fosite.Arguments{"authorization_code"}
   102  				store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(nil, errors.New(""))
   103  			},
   104  			expectErr: fosite.ErrServerError,
   105  		},
   106  		{
   107  			description: "should fail because missing scope in original request",
   108  			setup: func() {
   109  				areq.GrantTypes = fosite.Arguments{"authorization_code"}
   110  				store.EXPECT().GetOpenIDConnectSession(nil, "foobar", areq).Return(fosite.NewAuthorizeRequest(), nil)
   111  			},
   112  			expectErr: fosite.ErrMisconfiguration,
   113  		},
   114  		{
   115  			description: "should pass",
   116  			setup: func() {
   117  				r := fosite.NewAuthorizeRequest()
   118  				r.Session = areq.Session
   119  				r.GrantedScope = fosite.Arguments{"openid"}
   120  				r.Form.Set("nonce", "1111111111111111")
   121  				store.EXPECT().GetOpenIDConnectSession(nil, gomock.Any(), areq).AnyTimes().Return(r, nil)
   122  			},
   123  			check: func(t *testing.T, aresp *fosite.AccessResponse) {
   124  				assert.NotEmpty(t, aresp.GetExtra("id_token"))
   125  				idToken, _ := aresp.GetExtra("id_token").(string)
   126  				decodedIdToken, err := jwt.Parse(idToken, func(token *jwt.Token) (interface{}, error) {
   127  					return key.PublicKey, nil
   128  				})
   129  				require.NoError(t, err)
   130  				claims := decodedIdToken.Claims
   131  				assert.NotEmpty(t, claims["at_hash"])
   132  			},
   133  		},
   134  		{
   135  			description: "should fail because missing subject claim",
   136  			setup: func() {
   137  				session.Claims.Subject = ""
   138  			},
   139  			expectErr: fosite.ErrServerError,
   140  		},
   141  		{
   142  			description: "should fail because missing session",
   143  			setup: func() {
   144  				areq.Session = nil
   145  			},
   146  			expectErr: fosite.ErrServerError,
   147  		},
   148  	} {
   149  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   150  			c.setup()
   151  			err := h.PopulateTokenEndpointResponse(nil, areq, aresp)
   152  
   153  			if c.expectErr != nil {
   154  				require.EqualError(t, err, c.expectErr.Error())
   155  			} else {
   156  				require.NoError(t, err)
   157  			}
   158  			if c.check != nil {
   159  				c.check(t, aresp)
   160  			}
   161  		})
   162  	}
   163  }
   164
View as plain text