forked from mystiq/dex
parent
ed89be44ef
commit
d3d2db8e05
1 changed files with 131 additions and 0 deletions
|
@ -332,6 +332,137 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestHandleTokenFunc(t *testing.T) {
|
||||
|
||||
fx, err := makeTestFixtures()
|
||||
if err != nil {
|
||||
t.Fatalf("could not run test fixtures: %v", err)
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
query url.Values
|
||||
user string
|
||||
passwd string
|
||||
wantCode int
|
||||
}{
|
||||
// bad grant_type
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"invalid!"},
|
||||
"code": []string{"someCode"},
|
||||
},
|
||||
user: "XXX",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||
wantCode: http.StatusBadRequest,
|
||||
},
|
||||
|
||||
// authorization_code needs code param
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"authorization_code"},
|
||||
},
|
||||
user: "XXX",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||
wantCode: http.StatusBadRequest,
|
||||
},
|
||||
|
||||
// empty code
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"authorization_code"},
|
||||
"code": []string{""},
|
||||
},
|
||||
user: "XXX",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||
wantCode: http.StatusBadRequest,
|
||||
},
|
||||
|
||||
// valid code but bad creds
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"authorization_code"},
|
||||
"code": []string{"code-2"},
|
||||
},
|
||||
user: "XASD",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("failSecrete")),
|
||||
wantCode: http.StatusUnauthorized,
|
||||
},
|
||||
|
||||
// bad code
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"authorization_code"},
|
||||
"code": []string{"asdasd"},
|
||||
},
|
||||
user: "XXX",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||
wantCode: http.StatusBadRequest,
|
||||
},
|
||||
|
||||
// OK testcase
|
||||
{
|
||||
query: url.Values{
|
||||
"grant_type": []string{"authorization_code"},
|
||||
"code": []string{"code-2"},
|
||||
},
|
||||
user: "XXX",
|
||||
passwd: base64.URLEncoding.EncodeToString([]byte("secrete")),
|
||||
wantCode: http.StatusOK,
|
||||
},
|
||||
}
|
||||
|
||||
for i, tt := range tests {
|
||||
hdlr := handleTokenFunc(fx.srv)
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
req, err := http.NewRequest("POST", "http://example.com/token", strings.NewReader(tt.query.Encode()))
|
||||
if err != nil {
|
||||
t.Errorf("unable to create HTTP request, error=%v", err)
|
||||
continue
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.SetBasicAuth(tt.user, tt.passwd)
|
||||
|
||||
// need to create session in order to exchange the code (generated by the NewSessionKey func) for token
|
||||
setSession := func() error {
|
||||
sid, err := fx.sessionManager.NewSession("local", "XXX", "", testRedirectURL, "", true, []string{"openid"})
|
||||
if err != nil {
|
||||
return fmt.Errorf("case %d: cannot create session, error=%v", i, err)
|
||||
}
|
||||
|
||||
_, err = fx.sessionManager.AttachRemoteIdentity(sid, oidc.Identity{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("case %d: cannot attach remoteID, error=%v", i, err)
|
||||
}
|
||||
|
||||
_, err = fx.sessionManager.AttachUser(sid, "ID-Verified")
|
||||
if err != nil {
|
||||
return fmt.Errorf("case %d: cannot attach user, error=%v", i, err)
|
||||
}
|
||||
|
||||
_, err = fx.sessionManager.NewSessionKey(sid)
|
||||
if err != nil {
|
||||
return fmt.Errorf("case %d: cannot create session code, error=%v", i, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
}
|
||||
|
||||
if err := setSession(); err != nil {
|
||||
t.Errorf("case %d: %v", i, err)
|
||||
continue
|
||||
}
|
||||
|
||||
hdlr.ServeHTTP(w, req)
|
||||
if tt.wantCode != w.Code {
|
||||
t.Errorf("case %d: expected HTTP %d, got %v", i, tt.wantCode, w.Code)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func TestHandleTokenFuncMethodNotAllowed(t *testing.T) {
|
||||
for _, m := range []string{"GET", "PUT", "DELETE"} {
|
||||
hdlr := handleTokenFunc(nil)
|
||||
|
|
Loading…
Reference in a new issue