Source file src/github.com/ory/fosite/introspect_test.go

Documentation: github.com/ory/fosite

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package fosite_test
    23  
    24  import (
    25  	"context"
    26  	"fmt"
    27  	"net/http"
    28  	"testing"
    29  
    30  	"github.com/golang/mock/gomock"
    31  	"github.com/stretchr/testify/assert"
    32  	"github.com/stretchr/testify/require"
    33  
    34  	. "github.com/ory/fosite"
    35  	"github.com/ory/fosite/compose"
    36  	"github.com/ory/fosite/internal"
    37  	"github.com/ory/fosite/storage"
    38  )
    39  
    40  func TestAccessTokenFromRequestNoToken(t *testing.T) {
    41  	req, _ := http.NewRequest("GET", "http://example.com/test", nil)
    42  
    43  	assert.Equal(t, AccessTokenFromRequest(req), "", "No token should produce an empty string")
    44  }
    45  
    46  func TestAccessTokenFromRequestHeader(t *testing.T) {
    47  	token := "TokenFromHeader"
    48  
    49  	req, _ := http.NewRequest("GET", "http://example.com/test", nil)
    50  	req.Header.Add("Authorization", "Bearer "+token)
    51  
    52  	assert.Equal(t, AccessTokenFromRequest(req), token, "Token should be obtainable from header")
    53  }
    54  
    55  func TestAccessTokenFromRequestQuery(t *testing.T) {
    56  	token := "TokenFromQueryParam"
    57  
    58  	req, _ := http.NewRequest("GET", "http://example.com/test?access_token="+token, nil)
    59  
    60  	assert.Equal(t, AccessTokenFromRequest(req), token, "Token should be obtainable from access_token query parameter")
    61  }
    62  
    63  func TestIntrospect(t *testing.T) {
    64  	ctrl := gomock.NewController(t)
    65  	validator := internal.NewMockTokenIntrospector(ctrl)
    66  	defer ctrl.Finish()
    67  
    68  	f := compose.ComposeAllEnabled(new(compose.Config), storage.NewMemoryStore(), []byte{}, nil).(*Fosite)
    69  
    70  	req, _ := http.NewRequest("GET", "http://example.com/test", nil)
    71  	req.Header.Add("Authorization", "bearer some-token")
    72  
    73  	for k, c := range []struct {
    74  		description string
    75  		scopes      []string
    76  		setup       func()
    77  		expectErr   error
    78  	}{
    79  		{
    80  			description: "should fail",
    81  			scopes:      []string{},
    82  			setup: func() {
    83  			},
    84  			expectErr: ErrRequestUnauthorized,
    85  		},
    86  		{
    87  			description: "should fail",
    88  			scopes:      []string{"foo"},
    89  			setup: func() {
    90  				f.TokenIntrospectionHandlers = TokenIntrospectionHandlers{validator}
    91  				validator.EXPECT().IntrospectToken(nil, "some-token", gomock.Any(), gomock.Any(), gomock.Any()).Return(TokenUse(""), ErrUnknownRequest)
    92  			},
    93  			expectErr: ErrRequestUnauthorized,
    94  		},
    95  		{
    96  			description: "should fail",
    97  			scopes:      []string{"foo"},
    98  			setup: func() {
    99  				validator.EXPECT().IntrospectToken(nil, "some-token", gomock.Any(), gomock.Any(), gomock.Any()).Return(TokenUse(""), ErrInvalidClient)
   100  			},
   101  			expectErr: ErrInvalidClient,
   102  		},
   103  		{
   104  			description: "should pass",
   105  			setup: func() {
   106  				validator.EXPECT().IntrospectToken(nil, "some-token", gomock.Any(), gomock.Any(), gomock.Any()).Do(func(ctx context.Context, _ string, _ TokenUse, accessRequest AccessRequester, _ []string) {
   107  					accessRequest.(*AccessRequest).GrantedScope = []string{"bar"}
   108  				}).Return(TokenUse(""), nil)
   109  			},
   110  		},
   111  		{
   112  			description: "should pass",
   113  			scopes:      []string{"bar"},
   114  			setup: func() {
   115  				validator.EXPECT().IntrospectToken(nil, "some-token", gomock.Any(), gomock.Any(), gomock.Any()).Do(func(ctx context.Context, _ string, _ TokenType, accessRequest AccessRequester, _ []string) {
   116  					accessRequest.(*AccessRequest).GrantedScope = []string{"bar"}
   117  				}).Return(TokenUse(""), nil)
   118  			},
   119  		},
   120  	} {
   121  		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
   122  			c.setup()
   123  			_, _, err := f.IntrospectToken(nil, AccessTokenFromRequest(req), AccessToken, nil, c.scopes...)
   124  			if c.expectErr != nil {
   125  				assert.EqualError(t, err, c.expectErr.Error())
   126  			} else {
   127  				require.NoError(t, err)
   128  			}
   129  		})
   130  	}
   131  }
   132  

View as plain text