67b692b11f
Signed-off-by: Matt Moyer <moyerm@vmware.com>
41 lines
1017 B
Go
41 lines
1017 B
Go
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package nonce
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/coreos/go-oidc"
|
|
"github.com/stretchr/testify/require"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
func TestNonce(t *testing.T) {
|
|
n, err := Generate()
|
|
require.NoError(t, err)
|
|
require.Len(t, n, 32)
|
|
require.Len(t, n.String(), 32)
|
|
|
|
cfg := oauth2.Config{}
|
|
authCodeURL, err := url.Parse(cfg.AuthCodeURL("", n.Param()))
|
|
require.NoError(t, err)
|
|
require.Equal(t, n.String(), authCodeURL.Query().Get("nonce"))
|
|
|
|
require.Error(t, n.Validate(&oidc.IDToken{}))
|
|
require.NoError(t, n.Validate(&oidc.IDToken{Nonce: string(n)}))
|
|
|
|
err = n.Validate(&oidc.IDToken{Nonce: string(n) + "x"})
|
|
require.Error(t, err)
|
|
require.True(t, errors.As(err, &InvalidNonceError{}))
|
|
require.Contains(t, err.Error(), string(n)+"x")
|
|
|
|
var empty bytes.Buffer
|
|
n, err = generate(&empty)
|
|
require.EqualError(t, err, "could not generate random nonce: EOF")
|
|
require.Empty(t, n)
|
|
}
|