forked from mystiq/dex
95757e8779
This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client.
94 lines
2.5 KiB
Go
94 lines
2.5 KiB
Go
package repo
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"net/url"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/coreos/go-oidc/oidc"
|
|
"github.com/go-gorp/gorp"
|
|
"github.com/kylelemons/godebug/pretty"
|
|
|
|
"github.com/coreos/dex/client"
|
|
"github.com/coreos/dex/db"
|
|
"github.com/coreos/dex/refresh"
|
|
"github.com/coreos/dex/user"
|
|
)
|
|
|
|
func newRefreshRepo(t *testing.T, users []user.UserWithRemoteIdentities, clients []client.Client) refresh.RefreshTokenRepo {
|
|
var dbMap *gorp.DbMap
|
|
if dsn := os.Getenv("DEX_TEST_DSN"); dsn == "" {
|
|
dbMap = db.NewMemDB()
|
|
} else {
|
|
dbMap = connect(t)
|
|
}
|
|
if _, err := db.NewUserRepoFromUsers(dbMap, users); err != nil {
|
|
t.Fatalf("Unable to add users: %v", err)
|
|
}
|
|
if _, err := db.NewClientIdentityRepoFromClients(dbMap, clients); err != nil {
|
|
t.Fatalf("Unable to add clients: %v", err)
|
|
}
|
|
return db.NewRefreshTokenRepo(dbMap)
|
|
}
|
|
|
|
func TestRefreshTokenRepo(t *testing.T) {
|
|
clientID := "client1"
|
|
userID := "user1"
|
|
clients := []client.Client{
|
|
{
|
|
Credentials: oidc.ClientCredentials{
|
|
ID: clientID,
|
|
Secret: base64.URLEncoding.EncodeToString([]byte("secret-2")),
|
|
},
|
|
Metadata: oidc.ClientMetadata{
|
|
RedirectURIs: []url.URL{
|
|
url.URL{Scheme: "https", Host: "client1.example.com", Path: "/callback"},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
users := []user.UserWithRemoteIdentities{
|
|
{
|
|
User: user.User{
|
|
ID: userID,
|
|
Email: "Email-1@example.com",
|
|
CreatedAt: time.Now().Truncate(time.Second),
|
|
},
|
|
RemoteIdentities: []user.RemoteIdentity{
|
|
{
|
|
ConnectorID: "IDPC-1",
|
|
ID: "RID-1",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
repo := newRefreshRepo(t, users, clients)
|
|
tok, err := repo.Create(userID, clientID)
|
|
if err != nil {
|
|
t.Fatalf("failed to create refresh token: %v", err)
|
|
}
|
|
if tokUserID, err := repo.Verify(clientID, tok); err != nil {
|
|
t.Errorf("Could not verify token: %v", err)
|
|
} else if tokUserID != userID {
|
|
t.Errorf("Verified token returned wrong user id, want=%s, got=%s", userID, tokUserID)
|
|
}
|
|
|
|
if userClients, err := repo.ClientsWithRefreshTokens(userID); err != nil {
|
|
t.Errorf("Failed to get the list of clients the user was logged into: %v", err)
|
|
} else {
|
|
if diff := pretty.Compare(userClients, clients); diff == "" {
|
|
t.Errorf("Clients user logged into: want did not equal got %s", diff)
|
|
}
|
|
}
|
|
|
|
if err := repo.RevokeTokensForClient(userID, clientID); err != nil {
|
|
t.Errorf("Failed to revoke refresh token: %v", err)
|
|
}
|
|
|
|
if _, err := repo.Verify(clientID, tok); err == nil {
|
|
t.Errorf("Token which should have been revoked was verified")
|
|
}
|
|
}
|