...

Source file src/github.com/ory/fosite/introspection_response_writer_test.go

Documentation: github.com/ory/fosite 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package fosite_test
    23  
    24  import (
    25  	"encoding/json"
    26  	"net/http"
    27  	"net/http/httptest"
    28  	"testing"
    29  	"time"
    30  
    31  	"github.com/ory/x/errorsx"
    32  
    33  	"github.com/golang/mock/gomock"
    34  	"github.com/pkg/errors"
    35  	"github.com/stretchr/testify/assert"
    36  	"github.com/stretchr/testify/require"
    37  
    38  	. "github.com/ory/fosite"
    39  	"github.com/ory/fosite/internal"
    40  )
    41  
    42  func TestWriteIntrospectionError(t *testing.T) {
    43  	f := new(Fosite)
    44  	c := gomock.NewController(t)
    45  	defer c.Finish()
    46  
    47  	rw := internal.NewMockResponseWriter(c)
    48  	rw.EXPECT().WriteHeader(http.StatusUnauthorized)
    49  	rw.EXPECT().Header().AnyTimes().Return(http.Header{})
    50  	rw.EXPECT().Write(gomock.Any())
    51  	f.WriteIntrospectionError(rw, errorsx.WithStack(ErrRequestUnauthorized))
    52  
    53  	rw.EXPECT().WriteHeader(http.StatusBadRequest)
    54  	rw.EXPECT().Write(gomock.Any())
    55  	f.WriteIntrospectionError(rw, errorsx.WithStack(ErrInvalidRequest))
    56  
    57  	rw.EXPECT().Write([]byte("{\"active\":false}\n"))
    58  	f.WriteIntrospectionError(rw, errors.New(""))
    59  
    60  	rw.EXPECT().Write([]byte("{\"active\":false}\n"))
    61  	f.WriteIntrospectionError(rw, errorsx.WithStack(ErrInactiveToken.WithWrap(ErrRequestUnauthorized)))
    62  
    63  	f.WriteIntrospectionError(rw, nil)
    64  }
    65  
    66  func TestWriteIntrospectionResponse(t *testing.T) {
    67  	f := new(Fosite)
    68  	c := gomock.NewController(t)
    69  	defer c.Finish()
    70  
    71  	rw := internal.NewMockResponseWriter(c)
    72  	rw.EXPECT().Write(gomock.Any()).AnyTimes()
    73  	f.WriteIntrospectionResponse(rw, &IntrospectionResponse{
    74  		AccessRequester: NewAccessRequest(nil),
    75  	})
    76  }
    77  
    78  func TestWriteIntrospectionResponseBody(t *testing.T) {
    79  	f := new(Fosite)
    80  	ires := &IntrospectionResponse{}
    81  	rw := httptest.NewRecorder()
    82  
    83  	for _, c := range []struct {
    84  		description string
    85  		setup       func()
    86  		active      bool
    87  		hasExp      bool
    88  		hasExtra    bool
    89  	}{
    90  		{
    91  			description: "should success for not expired access token",
    92  			setup: func() {
    93  				ires.Active = true
    94  				ires.TokenUse = AccessToken
    95  				sess := &DefaultSession{}
    96  				sess.SetExpiresAt(ires.TokenUse, time.Now().Add(time.Hour*2))
    97  				ires.AccessRequester = NewAccessRequest(sess)
    98  			},
    99  			active:   true,
   100  			hasExp:   true,
   101  			hasExtra: false,
   102  		},
   103  		{
   104  			description: "should success for expired access token",
   105  			setup: func() {
   106  				ires.Active = false
   107  				ires.TokenUse = AccessToken
   108  				sess := &DefaultSession{}
   109  				sess.SetExpiresAt(ires.TokenUse, time.Now().Add(-time.Hour*2))
   110  				ires.AccessRequester = NewAccessRequest(sess)
   111  			},
   112  			active:   false,
   113  			hasExp:   false,
   114  			hasExtra: false,
   115  		},
   116  		{
   117  			description: "should success for ExpiresAt not set access token",
   118  			setup: func() {
   119  				ires.Active = true
   120  				ires.TokenUse = AccessToken
   121  				sess := &DefaultSession{}
   122  				sess.SetExpiresAt(ires.TokenUse, time.Time{})
   123  				ires.AccessRequester = NewAccessRequest(sess)
   124  			},
   125  			active:   true,
   126  			hasExp:   false,
   127  			hasExtra: false,
   128  		},
   129  		{
   130  			description: "should output extra claims",
   131  			setup: func() {
   132  				ires.Active = true
   133  				ires.TokenUse = AccessToken
   134  				sess := &DefaultSession{}
   135  				sess.GetExtraClaims()["extra"] = "foobar"
   136  				// We try to set these, but they should be ignored.
   137  				for _, field := range []string{"exp", "client_id", "scope", "iat", "sub", "aud", "username"} {
   138  					sess.GetExtraClaims()[field] = "invalid"
   139  				}
   140  				sess.SetExpiresAt(ires.TokenUse, time.Time{})
   141  				ires.AccessRequester = NewAccessRequest(sess)
   142  			},
   143  			active:   true,
   144  			hasExp:   false,
   145  			hasExtra: true,
   146  		},
   147  	} {
   148  		t.Run(c.description, func(t *testing.T) {
   149  			c.setup()
   150  			f.WriteIntrospectionResponse(rw, ires)
   151  			var params struct {
   152  				Active   bool   `json:"active"`
   153  				Exp      *int64 `json:"exp"`
   154  				Iat      *int64 `json:"iat"`
   155  				Extra    string `json:"extra"`
   156  				ClientId string `json:"client_id"`
   157  				Scope    string `json:"scope"`
   158  				Subject  string `json:"sub"`
   159  				Audience string `json:"aud"`
   160  				Username string `json:"username"`
   161  			}
   162  			assert.Equal(t, 200, rw.Code)
   163  			err := json.NewDecoder(rw.Body).Decode(&params)
   164  			require.NoError(t, err)
   165  			assert.Equal(t, c.active, params.Active)
   166  			if c.active {
   167  				assert.NotNil(t, params.Iat)
   168  				if c.hasExp {
   169  					assert.NotNil(t, params.Exp)
   170  				} else {
   171  					assert.Nil(t, params.Exp)
   172  				}
   173  				if c.hasExtra {
   174  					assert.Equal(t, params.Extra, "foobar")
   175  				} else {
   176  					assert.Empty(t, params.Extra)
   177  				}
   178  				assert.NotEqual(t, "invalid", params.Exp)
   179  				assert.NotEqual(t, "invalid", params.ClientId)
   180  				assert.NotEqual(t, "invalid", params.Scope)
   181  				assert.NotEqual(t, "invalid", params.Iat)
   182  				assert.NotEqual(t, "invalid", params.Subject)
   183  				assert.NotEqual(t, "invalid", params.Audience)
   184  				assert.NotEqual(t, "invalid", params.Username)
   185  			}
   186  		})
   187  	}
   188  }
   189  

View as plain text