...

Source file src/github.com/ory/fosite/handler/openid/helper_test.go

Documentation: github.com/ory/fosite/handler/openid 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package openid
    23  
    24  import (
    25  	"net/url"
    26  	"testing"
    27  
    28  	"github.com/golang/mock/gomock"
    29  	"github.com/pkg/errors"
    30  	"github.com/stretchr/testify/assert"
    31  
    32  	"github.com/ory/fosite"
    33  	"github.com/ory/fosite/internal"
    34  	"github.com/ory/fosite/token/jwt"
    35  )
    36  
    37  var strat = &DefaultStrategy{
    38  	JWTStrategy: &jwt.RS256JWTStrategy{
    39  		PrivateKey: internal.MustRSAKey(),
    40  	},
    41  	MinParameterEntropy: fosite.MinParameterEntropy,
    42  }
    43  
    44  var fooErr = errors.New("foo")
    45  
    46  func TestGenerateIDToken(t *testing.T) {
    47  	ctrl := gomock.NewController(t)
    48  	chgen := internal.NewMockOpenIDConnectTokenStrategy(ctrl)
    49  	defer ctrl.Finish()
    50  
    51  	ar := fosite.NewAccessRequest(nil)
    52  	sess := &DefaultSession{
    53  		Claims: &jwt.IDTokenClaims{
    54  			Subject: "peter",
    55  		},
    56  		Headers: &jwt.Headers{},
    57  	}
    58  	h := &IDTokenHandleHelper{IDTokenStrategy: chgen}
    59  
    60  	for k, c := range []struct {
    61  		description string
    62  		setup       func()
    63  		expectErr   error
    64  	}{
    65  		{
    66  			description: "should fail because generator failed",
    67  			setup: func() {
    68  				ar.Form.Set("nonce", "11111111111111111111111111111111111")
    69  				ar.SetSession(sess)
    70  				chgen.EXPECT().GenerateIDToken(nil, ar).Return("", fooErr)
    71  			},
    72  			expectErr: fooErr,
    73  		},
    74  		{
    75  			description: "should pass",
    76  			setup: func() {
    77  				chgen.EXPECT().GenerateIDToken(nil, ar).AnyTimes().Return("asdf", nil)
    78  			},
    79  		},
    80  	} {
    81  		c.setup()
    82  		token, err := h.generateIDToken(nil, ar)
    83  		assert.True(t, err == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
    84  		if err == nil {
    85  			assert.NotEmpty(t, token, "(%d) %s", k, c.description)
    86  		}
    87  		t.Logf("Passed test case %d", k)
    88  	}
    89  
    90  }
    91  
    92  func TestIssueExplicitToken(t *testing.T) {
    93  	ctrl := gomock.NewController(t)
    94  	resp := internal.NewMockAccessResponder(ctrl)
    95  	defer ctrl.Finish()
    96  
    97  	ar := fosite.NewAuthorizeRequest()
    98  	ar.Form = url.Values{"nonce": {"111111111111"}}
    99  	ar.SetSession(&DefaultSession{Claims: &jwt.IDTokenClaims{
   100  		Subject: "peter",
   101  	}, Headers: &jwt.Headers{}})
   102  
   103  	resp.EXPECT().SetExtra("id_token", gomock.Any())
   104  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   105  	err := h.IssueExplicitIDToken(nil, ar, resp)
   106  	assert.NoError(t, err)
   107  }
   108  
   109  func TestIssueImplicitToken(t *testing.T) {
   110  	ctrl := gomock.NewController(t)
   111  	resp := internal.NewMockAuthorizeResponder(ctrl)
   112  	defer ctrl.Finish()
   113  
   114  	ar := fosite.NewAuthorizeRequest()
   115  	ar.Form = url.Values{"nonce": {"111111111111"}}
   116  	ar.SetSession(&DefaultSession{Claims: &jwt.IDTokenClaims{
   117  		Subject: "peter",
   118  	}, Headers: &jwt.Headers{}})
   119  
   120  	resp.EXPECT().AddParameter("id_token", gomock.Any())
   121  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   122  	err := h.IssueImplicitIDToken(nil, ar, resp)
   123  	assert.NoError(t, err)
   124  }
   125  
   126  func TestGetAccessTokenHash(t *testing.T) {
   127  	ctrl := gomock.NewController(t)
   128  	req := internal.NewMockAccessRequester(ctrl)
   129  	resp := internal.NewMockAccessResponder(ctrl)
   130  
   131  	defer ctrl.Finish()
   132  
   133  	req.EXPECT().GetSession().Return(nil)
   134  	resp.EXPECT().GetAccessToken().Return("7a35f818-9164-48cb-8c8f-e1217f44228431c41102-d410-4ed5-9276-07ba53dfdcd8")
   135  
   136  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   137  
   138  	hash := h.GetAccessTokenHash(nil, req, resp)
   139  	assert.Equal(t, "Zfn_XBitThuDJiETU3OALQ", hash)
   140  }
   141  
   142  func TestGetAccessTokenHashWithDifferentKeyLength(t *testing.T) {
   143  	ctrl := gomock.NewController(t)
   144  	req := internal.NewMockAccessRequester(ctrl)
   145  	resp := internal.NewMockAccessResponder(ctrl)
   146  
   147  	defer ctrl.Finish()
   148  
   149  	headers := &jwt.Headers{
   150  		Extra: map[string]interface{}{
   151  			"alg": "RS384",
   152  		},
   153  	}
   154  	req.EXPECT().GetSession().Return(&DefaultSession{Headers: headers})
   155  	resp.EXPECT().GetAccessToken().Return("7a35f818-9164-48cb-8c8f-e1217f44228431c41102-d410-4ed5-9276-07ba53dfdcd8")
   156  
   157  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   158  
   159  	hash := h.GetAccessTokenHash(nil, req, resp)
   160  	assert.Equal(t, "VNX38yiOyeqBPheW5jDsWQKa6IjJzK66", hash)
   161  }
   162  
   163  func TestGetAccessTokenHashWithBadAlg(t *testing.T) {
   164  	ctrl := gomock.NewController(t)
   165  	req := internal.NewMockAccessRequester(ctrl)
   166  	resp := internal.NewMockAccessResponder(ctrl)
   167  
   168  	defer ctrl.Finish()
   169  
   170  	headers := &jwt.Headers{
   171  		Extra: map[string]interface{}{
   172  			"alg": "R",
   173  		},
   174  	}
   175  	req.EXPECT().GetSession().Return(&DefaultSession{Headers: headers})
   176  	resp.EXPECT().GetAccessToken().Return("7a35f818-9164-48cb-8c8f-e1217f44228431c41102-d410-4ed5-9276-07ba53dfdcd8")
   177  
   178  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   179  
   180  	hash := h.GetAccessTokenHash(nil, req, resp)
   181  	assert.Equal(t, "Zfn_XBitThuDJiETU3OALQ", hash)
   182  }
   183  
   184  func TestGetAccessTokenHashWithMissingKeyLength(t *testing.T) {
   185  	ctrl := gomock.NewController(t)
   186  	req := internal.NewMockAccessRequester(ctrl)
   187  	resp := internal.NewMockAccessResponder(ctrl)
   188  
   189  	defer ctrl.Finish()
   190  
   191  	headers := &jwt.Headers{
   192  		Extra: map[string]interface{}{
   193  			"alg": "RS",
   194  		},
   195  	}
   196  	req.EXPECT().GetSession().Return(&DefaultSession{Headers: headers})
   197  	resp.EXPECT().GetAccessToken().Return("7a35f818-9164-48cb-8c8f-e1217f44228431c41102-d410-4ed5-9276-07ba53dfdcd8")
   198  
   199  	h := &IDTokenHandleHelper{IDTokenStrategy: strat}
   200  
   201  	hash := h.GetAccessTokenHash(nil, req, resp)
   202  	assert.Equal(t, "Zfn_XBitThuDJiETU3OALQ", hash)
   203  }
   204  

View as plain text