241 lines
6.4 KiB
Go
241 lines
6.4 KiB
Go
|
package hydra_test
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
"net/http"
|
||
|
"net/http/httptest"
|
||
|
"reflect"
|
||
|
"strconv"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/i-core/werther/internal/hydra"
|
||
|
"github.com/pkg/errors"
|
||
|
)
|
||
|
|
||
|
func TestInitiateConsentRequest(t *testing.T) {
|
||
|
testCases := []struct {
|
||
|
name string
|
||
|
challenge string
|
||
|
rememberFor int
|
||
|
reqInfo *hydra.ReqInfo
|
||
|
status int
|
||
|
wantErr error
|
||
|
}{
|
||
|
{
|
||
|
name: "challenge is missed",
|
||
|
wantErr: hydra.ErrChallengeMissed,
|
||
|
},
|
||
|
{
|
||
|
name: "challenge is not found",
|
||
|
challenge: "foo",
|
||
|
status: 404,
|
||
|
wantErr: hydra.ErrChallengeNotFound,
|
||
|
},
|
||
|
{
|
||
|
name: "challenge is expired",
|
||
|
challenge: "foo",
|
||
|
status: 409,
|
||
|
wantErr: hydra.ErrChallengeExpired,
|
||
|
},
|
||
|
{
|
||
|
name: "happy path",
|
||
|
challenge: "foo",
|
||
|
status: 200,
|
||
|
reqInfo: &hydra.ReqInfo{
|
||
|
Challenge: "foo",
|
||
|
RequestedScopes: []string{"profile", "email"},
|
||
|
Skip: true,
|
||
|
Subject: "testSubject",
|
||
|
},
|
||
|
},
|
||
|
}
|
||
|
for _, tc := range testCases {
|
||
|
t.Run(tc.name, func(t *testing.T) {
|
||
|
h := &testInitiateConsentHandler{reqInfo: tc.reqInfo, status: tc.status}
|
||
|
srv := httptest.NewServer(h)
|
||
|
defer srv.Close()
|
||
|
ldr := hydra.NewConsentReqDoer(srv.URL, tc.rememberFor)
|
||
|
|
||
|
reqInfo, err := ldr.InitiateRequest(tc.challenge)
|
||
|
|
||
|
if tc.wantErr != nil {
|
||
|
if err == nil {
|
||
|
t.Fatalf("\ngot no errors\nwant error:\n\t%s", tc.wantErr)
|
||
|
}
|
||
|
err = errors.Cause(err)
|
||
|
if err != tc.wantErr {
|
||
|
t.Fatalf("\ngot error:\n\t%s\nwant error:\n\t%s", err, tc.wantErr)
|
||
|
}
|
||
|
return
|
||
|
}
|
||
|
|
||
|
if err != nil {
|
||
|
t.Fatalf("\ngot error:\n\t%s\nwant no errors", err)
|
||
|
}
|
||
|
|
||
|
if h.challenge != tc.challenge {
|
||
|
t.Errorf("\ngot challenge:\n\t%#v\nwant challenge:\n\t%#v", h.challenge, tc.challenge)
|
||
|
}
|
||
|
if !reflect.DeepEqual(tc.reqInfo, reqInfo) {
|
||
|
t.Errorf("\ngot request info:\n\t%#v\nwant request info:\n\t%#v", reqInfo, tc.reqInfo)
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
|
||
|
type testInitiateConsentHandler struct {
|
||
|
reqInfo *hydra.ReqInfo
|
||
|
status int
|
||
|
challenge string
|
||
|
}
|
||
|
|
||
|
func (h *testInitiateConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||
|
if r.Method != http.MethodGet || r.URL.Path != "/oauth2/auth/requests/consent" {
|
||
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
||
|
if err := json.NewEncoder(w).Encode(map[string]interface{}{"error": http.StatusText(http.StatusMethodNotAllowed)}); err != nil {
|
||
|
panic(fmt.Sprintf("initial request: failed to write response: %s", err))
|
||
|
}
|
||
|
return
|
||
|
}
|
||
|
h.challenge = r.URL.Query().Get("consent_challenge")
|
||
|
w.WriteHeader(h.status)
|
||
|
if h.status == http.StatusOK {
|
||
|
if err := json.NewEncoder(w).Encode(h.reqInfo); err != nil {
|
||
|
panic(fmt.Sprintf("initial request: failed to write response: %s", err))
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestAcceptConsentRequest(t *testing.T) {
|
||
|
testCases := []struct {
|
||
|
name string
|
||
|
challenge string
|
||
|
rememberFor int
|
||
|
remember bool
|
||
|
grantScope []interface{}
|
||
|
idToken string
|
||
|
status int
|
||
|
redirect string
|
||
|
wantErr error
|
||
|
}{
|
||
|
{
|
||
|
name: "challenge is missed",
|
||
|
wantErr: hydra.ErrChallengeMissed,
|
||
|
},
|
||
|
{
|
||
|
name: "challenge is not found",
|
||
|
challenge: "foo",
|
||
|
rememberFor: 10,
|
||
|
remember: true,
|
||
|
grantScope: []interface{}{"scope1", "scope2"},
|
||
|
idToken: "testToken",
|
||
|
status: http.StatusNotFound,
|
||
|
wantErr: hydra.ErrChallengeNotFound,
|
||
|
},
|
||
|
{
|
||
|
name: "happy path",
|
||
|
challenge: "foo",
|
||
|
rememberFor: 10,
|
||
|
remember: true,
|
||
|
grantScope: []interface{}{"scope1", "scope2"},
|
||
|
idToken: "testToken",
|
||
|
status: http.StatusOK,
|
||
|
redirect: "/test-redirect",
|
||
|
},
|
||
|
}
|
||
|
for _, tc := range testCases {
|
||
|
t.Run(tc.name, func(t *testing.T) {
|
||
|
h := &testAcceptConsentHandler{challenge: tc.challenge, status: tc.status, redirect: tc.redirect}
|
||
|
srv := httptest.NewServer(h)
|
||
|
defer srv.Close()
|
||
|
ldr := hydra.NewConsentReqDoer(srv.URL, tc.rememberFor)
|
||
|
|
||
|
var grantScope []string
|
||
|
for _, v := range tc.grantScope {
|
||
|
grantScope = append(grantScope, v.(string))
|
||
|
}
|
||
|
redirect, err := ldr.AcceptConsentRequest(tc.challenge, tc.remember, grantScope, tc.idToken)
|
||
|
|
||
|
if tc.wantErr != nil {
|
||
|
if err == nil {
|
||
|
t.Fatalf("\ngot no errors\nwant error:\n\t%s", tc.wantErr)
|
||
|
}
|
||
|
err = errors.Cause(err)
|
||
|
if err.Error() != tc.wantErr.Error() {
|
||
|
t.Fatalf("\ngot error:\n\t%s\nwant error:\n\t%s", err, tc.wantErr)
|
||
|
}
|
||
|
return
|
||
|
}
|
||
|
|
||
|
if err != nil {
|
||
|
t.Fatalf("\ngot error:\n\t%s\nwant no errors", err)
|
||
|
}
|
||
|
|
||
|
if h.challenge != tc.challenge {
|
||
|
t.Errorf("\ngot challenge:\n\t%#v\nwant challenge:\n\t%#v", h.challenge, tc.challenge)
|
||
|
}
|
||
|
wantData := map[string]interface{}{
|
||
|
"grant_scope": tc.grantScope,
|
||
|
"remember": tc.remember,
|
||
|
"remember_for": tc.rememberFor,
|
||
|
"session": map[string]interface{}{"id_token": tc.idToken},
|
||
|
}
|
||
|
if !reflect.DeepEqual(h.data, wantData) {
|
||
|
t.Errorf("\ngot request data:\n\t%#v\nwant request data:\n\t%#v", h.data, wantData)
|
||
|
}
|
||
|
if redirect != tc.redirect {
|
||
|
t.Errorf("\ngot redirect URL:\n\t%#v\nwant redirect URL:\n\t%#v", redirect, tc.redirect)
|
||
|
}
|
||
|
})
|
||
|
}
|
||
|
}
|
||
|
|
||
|
type testAcceptConsentHandler struct {
|
||
|
challenge string
|
||
|
data map[string]interface{}
|
||
|
status int
|
||
|
redirect string
|
||
|
}
|
||
|
|
||
|
func (h *testAcceptConsentHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||
|
if r.Method != http.MethodPut || r.URL.Path != "/oauth2/auth/requests/consent/accept" {
|
||
|
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||
|
return
|
||
|
}
|
||
|
|
||
|
h.challenge = r.URL.Query().Get("consent_challenge")
|
||
|
w.WriteHeader(h.status)
|
||
|
if r.Body != http.NoBody {
|
||
|
// Note: Go JSON Decoder decodes numbers as float64, but we need int.
|
||
|
// So we convert numbers to int manually.
|
||
|
var raw map[string]json.RawMessage
|
||
|
if err := json.NewDecoder(r.Body).Decode(&raw); err != nil {
|
||
|
panic(fmt.Sprintf("accept request: failed to read request body: %s", err))
|
||
|
}
|
||
|
h.data = make(map[string]interface{}, len(raw))
|
||
|
for key, val := range raw {
|
||
|
s := string(val)
|
||
|
if i, err := strconv.Atoi(s); err == nil {
|
||
|
h.data[key] = i
|
||
|
continue
|
||
|
}
|
||
|
if f, err := strconv.ParseFloat(s, 64); err == nil {
|
||
|
h.data[key] = f
|
||
|
continue
|
||
|
}
|
||
|
var v interface{}
|
||
|
if err := json.Unmarshal(val, &v); err == nil {
|
||
|
h.data[key] = v
|
||
|
continue
|
||
|
}
|
||
|
h.data[key] = val
|
||
|
}
|
||
|
}
|
||
|
if h.status == http.StatusOK {
|
||
|
if err := json.NewEncoder(w).Encode(map[string]interface{}{"redirect_to": h.redirect}); err != nil {
|
||
|
panic(fmt.Sprintf("accept request: failed to write response: %s", err))
|
||
|
}
|
||
|
}
|
||
|
}
|