-
Notifications
You must be signed in to change notification settings - Fork 370
/
Copy pathflow_device_auth_test.go
121 lines (107 loc) · 2.88 KB
/
flow_device_auth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// Copyright © 2025 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package openid
import (
"context"
"fmt"
"testing"
"time"
"github.com/ory/fosite/internal"
gomock "go.uber.org/mock/gomock"
"github.com/stretchr/testify/require"
"github.com/ory/fosite"
"github.com/ory/fosite/handler/rfc8628"
"github.com/ory/fosite/token/hmac"
"github.com/ory/fosite/token/jwt"
)
func TestDeviceAuth_HandleDeviceEndpointRequest(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
store := internal.NewMockOpenIDConnectRequestStorage(ctrl)
config := &fosite.Config{
MinParameterEntropy: fosite.MinParameterEntropy,
DeviceAndUserCodeLifespan: time.Hour * 24,
}
signer := &jwt.DefaultSigner{
GetPrivateKey: func(ctx context.Context) (interface{}, error) {
return key, nil
},
}
h := OpenIDConnectDeviceHandler{
OpenIDConnectRequestStorage: store,
DeviceCodeStrategy: &rfc8628.DefaultDeviceStrategy{
Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobar")}},
Config: config,
},
Config: config,
IDTokenHandleHelper: &IDTokenHandleHelper{
IDTokenStrategy: &DefaultStrategy{
Signer: signer,
Config: config,
},
},
}
session := &DefaultSession{
Claims: &jwt.IDTokenClaims{
Subject: "foo",
},
Headers: &jwt.Headers{},
}
client := &fosite.DefaultClient{
ID: "foo",
GrantTypes: fosite.Arguments{"urn:ietf:params:oauth:grant-type:device_code"},
}
testCases := []struct {
description string
authreq *fosite.DeviceRequest
authresp *fosite.DeviceResponse
setup func(authreq *fosite.DeviceRequest)
expectErr error
}{
{
description: "should ignore because scope openid is not set",
authreq: &fosite.DeviceRequest{
Request: fosite.Request{
RequestedScope: fosite.Arguments{"email"},
},
},
},
{
description: "should ignore because client grant type is invalid",
authreq: &fosite.DeviceRequest{
Request: fosite.Request{
RequestedScope: fosite.Arguments{"openid", "email"},
Client: &fosite.DefaultClient{
GrantTypes: []string{"authorization_code"},
},
},
},
},
{
description: "should pass",
authreq: &fosite.DeviceRequest{
Request: fosite.Request{
RequestedScope: fosite.Arguments{"openid", "email"},
Client: client,
Session: session,
},
},
authresp: &fosite.DeviceResponse{
DeviceCode: "device_code",
},
},
}
for i, testCase := range testCases {
t.Run(fmt.Sprintf("case=%d/description=%s", i, testCase.description), func(t *testing.T) {
if testCase.setup != nil {
testCase.setup(testCase.authreq)
}
err := h.HandleDeviceEndpointRequest(context.Background(), testCase.authreq, testCase.authresp)
if testCase.expectErr != nil {
require.EqualError(t, err, testCase.expectErr.Error(), "%+v", err)
} else {
require.NoError(t, err, "%+v", err)
}
})
}
}