Use an interface for storage in token_handler_test.go
Signed-off-by: Aram Price <pricear@vmware.com>
This commit is contained in:
Ryan Richard
Aram Price
parent
2f1a67ef0d
commit
67bf54a9f9
@ -25,7 +25,9 @@ import (
|
|||||||
|
|
||||||
coreosoidc "github.com/coreos/go-oidc"
|
coreosoidc "github.com/coreos/go-oidc"
|
||||||
"github.com/ory/fosite"
|
"github.com/ory/fosite"
|
||||||
|
"github.com/ory/fosite/handler/oauth2"
|
||||||
"github.com/ory/fosite/handler/openid"
|
"github.com/ory/fosite/handler/openid"
|
||||||
|
"github.com/ory/fosite/handler/pkce"
|
||||||
"github.com/ory/fosite/storage"
|
"github.com/ory/fosite/storage"
|
||||||
"github.com/ory/fosite/token/jwt"
|
"github.com/ory/fosite/token/jwt"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
@ -53,6 +55,14 @@ const (
|
|||||||
timeComparisonFudgeSeconds = 15
|
timeComparisonFudgeSeconds = 15
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type CombinedStorage interface {
|
||||||
|
oauth2.TokenRevocationStorage
|
||||||
|
oauth2.CoreStorage
|
||||||
|
openid.OpenIDConnectRequestStorage
|
||||||
|
pkce.PKCERequestStorage
|
||||||
|
fosite.ClientManager
|
||||||
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
goodAuthTime = time.Date(1, 2, 3, 4, 5, 6, 7, time.Local)
|
goodAuthTime = time.Date(1, 2, 3, 4, 5, 6, 7, time.Local)
|
||||||
goodRequestedAtTime = time.Date(7, 6, 5, 4, 3, 2, 1, time.Local)
|
goodRequestedAtTime = time.Date(7, 6, 5, 4, 3, 2, 1, time.Local)
|
||||||
@ -196,7 +206,7 @@ func TestTokenEndpoint(t *testing.T) {
|
|||||||
name string
|
name string
|
||||||
|
|
||||||
authRequest func(authRequest *http.Request)
|
authRequest func(authRequest *http.Request)
|
||||||
storage func(t *testing.T, s *storage.MemoryStore, authCode string)
|
storage func(t *testing.T, s CombinedStorage, authCode string)
|
||||||
request func(r *http.Request, authCode string)
|
request func(r *http.Request, authCode string)
|
||||||
|
|
||||||
wantStatus int
|
wantStatus int
|
||||||
@ -313,7 +323,7 @@ func TestTokenEndpoint(t *testing.T) {
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "auth code is invalidated",
|
name: "auth code is invalidated",
|
||||||
storage: func(t *testing.T, s *storage.MemoryStore, authCode string) {
|
storage: func(t *testing.T, s CombinedStorage, authCode string) {
|
||||||
err := s.InvalidateAuthorizeCodeSession(context.Background(), getFositeDataSignature(t, authCode))
|
err := s.InvalidateAuthorizeCodeSession(context.Background(), getFositeDataSignature(t, authCode))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
},
|
},
|
||||||
@ -364,6 +374,8 @@ func TestTokenEndpoint(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
oauthStore := storage.NewMemoryStore()
|
oauthStore := storage.NewMemoryStore()
|
||||||
|
// Add the Pinniped CLI client.
|
||||||
|
oauthStore.Clients[goodClient] = oidc.PinnipedCLIOIDCClient()
|
||||||
oauthHelper, authCode, jwtSigningKey := makeHappyOauthHelper(t, authRequest, oauthStore)
|
oauthHelper, authCode, jwtSigningKey := makeHappyOauthHelper(t, authRequest, oauthStore)
|
||||||
if test.storage != nil {
|
if test.storage != nil {
|
||||||
test.storage(t, oauthStore, authCode)
|
test.storage(t, oauthStore, authCode)
|
||||||
@ -407,6 +419,8 @@ func TestTokenEndpoint(t *testing.T) {
|
|||||||
t.Run("auth code is used twice", func(t *testing.T) {
|
t.Run("auth code is used twice", func(t *testing.T) {
|
||||||
authRequest := deepCopyRequestForm(happyAuthRequest)
|
authRequest := deepCopyRequestForm(happyAuthRequest)
|
||||||
oauthStore := storage.NewMemoryStore()
|
oauthStore := storage.NewMemoryStore()
|
||||||
|
// Add the Pinniped CLI client.
|
||||||
|
oauthStore.Clients[goodClient] = oidc.PinnipedCLIOIDCClient()
|
||||||
oauthHelper, authCode, jwtSigningKey := makeHappyOauthHelper(t, authRequest, oauthStore)
|
oauthHelper, authCode, jwtSigningKey := makeHappyOauthHelper(t, authRequest, oauthStore)
|
||||||
subject := NewHandler(oauthHelper)
|
subject := NewHandler(oauthHelper)
|
||||||
|
|
||||||
@ -511,15 +525,12 @@ func getFositeDataSignature(t *testing.T, data string) string {
|
|||||||
func makeHappyOauthHelper(
|
func makeHappyOauthHelper(
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
authRequest *http.Request,
|
authRequest *http.Request,
|
||||||
store *storage.MemoryStore,
|
store CombinedStorage,
|
||||||
) (fosite.OAuth2Provider, string, *ecdsa.PrivateKey) {
|
) (fosite.OAuth2Provider, string, *ecdsa.PrivateKey) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
jwtSigningKey := generateJWTSigningKey(t)
|
jwtSigningKey := generateJWTSigningKey(t)
|
||||||
oauthHelper := oidc.FositeOauth2Helper(goodIssuer, store, []byte(hmacSecret), jwtSigningKey)
|
oauthHelper := oidc.FositeOauth2Helper(store, goodIssuer, []byte(hmacSecret), jwtSigningKey)
|
||||||
|
|
||||||
// Add the Pinniped CLI client.
|
|
||||||
store.Clients[goodClient] = oidc.PinnipedCLIOIDCClient()
|
|
||||||
|
|
||||||
// Simulate the auth endpoint running so Fosite code will fill the store with realistic values.
|
// Simulate the auth endpoint running so Fosite code will fill the store with realistic values.
|
||||||
//
|
//
|
||||||
@ -570,7 +581,7 @@ func doSHA256(s string) string {
|
|||||||
func requireInvalidAuthCodeStorage(
|
func requireInvalidAuthCodeStorage(
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
code string,
|
code string,
|
||||||
storage *storage.MemoryStore,
|
storage CombinedStorage,
|
||||||
) {
|
) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
@ -582,7 +593,7 @@ func requireInvalidAuthCodeStorage(
|
|||||||
func requireValidAccessTokenStorage(
|
func requireValidAccessTokenStorage(
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
body map[string]interface{},
|
body map[string]interface{},
|
||||||
storage *storage.MemoryStore,
|
storage CombinedStorage,
|
||||||
wantGrantedOpenidScope bool,
|
wantGrantedOpenidScope bool,
|
||||||
) {
|
) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
@ -631,7 +642,7 @@ func requireValidAccessTokenStorage(
|
|||||||
func requireInvalidAccessTokenStorage(
|
func requireInvalidAccessTokenStorage(
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
body map[string]interface{},
|
body map[string]interface{},
|
||||||
storage *storage.MemoryStore,
|
storage CombinedStorage,
|
||||||
) {
|
) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
@ -647,7 +658,7 @@ func requireInvalidAccessTokenStorage(
|
|||||||
func requireInvalidPKCEStorage(
|
func requireInvalidPKCEStorage(
|
||||||
t *testing.T,
|
t *testing.T,
|
||||||
code string,
|
code string,
|
||||||
storage *storage.MemoryStore,
|
storage CombinedStorage,
|
||||||
) {
|
) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
@ -661,7 +672,7 @@ func requireValidOIDCStorage(
|
|||||||
t *testing.T,
|
t *testing.T,
|
||||||
body map[string]interface{},
|
body map[string]interface{},
|
||||||
code string,
|
code string,
|
||||||
storage *storage.MemoryStore,
|
storage CombinedStorage,
|
||||||
wantGrantedOpenidScope bool,
|
wantGrantedOpenidScope bool,
|
||||||
) {
|
) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user