forked from mystiq/dex
parent
ed89be44ef
commit
d3d2db8e05
1 changed files with 131 additions and 0 deletions
|
@ -332,6 +332,137 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestHandleTokenFunc(t *testing.T) {
|
||||||
|
|
||||||
|
fx, err := makeTestFixtures()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("could not run test fixtures: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
tests := []struct {
|
||||||
|
query url.Values
|
||||||
|
user string
|
||||||
|
passwd string
|
||||||
|
wantCode int
|
||||||
|
}{
|
||||||
|
// bad grant_type
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"invalid!"},
|
||||||
|
"code": []string{"someCode"},
|
||||||
|
},
|
||||||
|
user: "XXX",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||||
|
wantCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
|
||||||
|
// authorization_code needs code param
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
},
|
||||||
|
user: "XXX",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||||
|
wantCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
|
||||||
|
// empty code
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"code": []string{""},
|
||||||
|
},
|
||||||
|
user: "XXX",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||||
|
wantCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
|
||||||
|
// valid code but bad creds
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"code": []string{"code-2"},
|
||||||
|
},
|
||||||
|
user: "XASD",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("failSecrete")),
|
||||||
|
wantCode: http.StatusUnauthorized,
|
||||||
|
},
|
||||||
|
|
||||||
|
// bad code
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"code": []string{"asdasd"},
|
||||||
|
},
|
||||||
|
user: "XXX",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||||
|
wantCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
|
||||||
|
// OK testcase
|
||||||
|
{
|
||||||
|
query: url.Values{
|
||||||
|
"grant_type": []string{"authorization_code"},
|
||||||
|
"code": []string{"code-2"},
|
||||||
|
},
|
||||||
|
user: "XXX",
|
||||||
|
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||||
|
wantCode: http.StatusOK,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, tt := range tests {
|
||||||
|
hdlr := handleTokenFunc(fx.srv)
|
||||||
|
w := httptest.NewRecorder()
|
||||||
|
|
||||||
|
req, err := http.NewRequest("POST", "http://example.com/token", strings.NewReader(tt.query.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("unable to create HTTP request, error=%v", err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
req.SetBasicAuth(tt.user, tt.passwd)
|
||||||
|
|
||||||
|
// need to create session in order to exchange the code (generated by the NewSessionKey func) for token
|
||||||
|
setSession := func() error {
|
||||||
|
sid, err := fx.sessionManager.NewSession("local", "XXX", "", testRedirectURL, "", true, []string{"openid"})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("case %d: cannot create session, error=%v", i, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = fx.sessionManager.AttachRemoteIdentity(sid, oidc.Identity{})
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("case %d: cannot attach remoteID, error=%v", i, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = fx.sessionManager.AttachUser(sid, "ID-Verified")
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("case %d: cannot attach user, error=%v", i, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = fx.sessionManager.NewSessionKey(sid)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("case %d: cannot create session code, error=%v", i, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := setSession(); err != nil {
|
||||||
|
t.Errorf("case %d: %v", i, err)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
hdlr.ServeHTTP(w, req)
|
||||||
|
if tt.wantCode != w.Code {
|
||||||
|
t.Errorf("case %d: expected HTTP %d, got %v", i, tt.wantCode, w.Code)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
func TestHandleTokenFuncMethodNotAllowed(t *testing.T) {
|
func TestHandleTokenFuncMethodNotAllowed(t *testing.T) {
|
||||||
for _, m := range []string{"GET", "PUT", "DELETE"} {
|
for _, m := range []string{"GET", "PUT", "DELETE"} {
|
||||||
hdlr := handleTokenFunc(nil)
|
hdlr := handleTokenFunc(nil)
|
||||||
|
|
Loading…
Reference in a new issue