forked from ory/fosite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorize_write_test.go
213 lines (198 loc) · 6.94 KB
/
authorize_write_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package fosite_test
import (
"context"
"net/http"
"net/url"
"testing"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
. "github.com/ory/fosite"
. "github.com/ory/fosite/internal"
)
func TestWriteAuthorizeResponse(t *testing.T) {
oauth2 := &Fosite{Config: new(Config)}
header := http.Header{}
ctrl := gomock.NewController(t)
rw := NewMockResponseWriter(ctrl)
ar := NewMockAuthorizeRequester(ctrl)
resp := NewMockAuthorizeResponder(ctrl)
defer ctrl.Finish()
for k, c := range []struct {
setup func()
expect func()
}{
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeDefault)
resp.EXPECT().GetParameters().Return(url.Values{})
resp.EXPECT().GetHeader().Return(http.Header{})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"Location": []string{"https://foobar.com/?foo=bar"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
resp.EXPECT().GetParameters().Return(url.Values{"bar": {"baz"}})
resp.EXPECT().GetHeader().Return(http.Header{})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"Location": []string{"https://foobar.com/?foo=bar#bar=baz"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeQuery)
resp.EXPECT().GetParameters().Return(url.Values{"bar": {"baz"}})
resp.EXPECT().GetHeader().Return(http.Header{})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
expectedUrl, _ := url.Parse("https://foobar.com/?foo=bar&bar=baz")
actualUrl, err := url.Parse(header.Get("Location"))
assert.Nil(t, err)
assert.Equal(t, expectedUrl.Query(), actualUrl.Query())
assert.Equal(t, "no-cache", header.Get("Pragma"))
assert.Equal(t, "no-store", header.Get("Cache-Control"))
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
resp.EXPECT().GetParameters().Return(url.Values{"bar": {"b+az ab"}})
resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"X-Bar": {"baz"},
"Location": {"https://foobar.com/?foo=bar#bar=b%2Baz+ab"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeQuery)
resp.EXPECT().GetParameters().Return(url.Values{"bar": {"b+az"}, "scope": {"a b"}})
resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
expectedUrl, err := url.Parse("https://foobar.com/?foo=bar&bar=b%2Baz&scope=a+b")
assert.Nil(t, err)
actualUrl, err := url.Parse(header.Get("Location"))
assert.Nil(t, err)
assert.Equal(t, expectedUrl.Query(), actualUrl.Query())
assert.Equal(t, "no-cache", header.Get("Pragma"))
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "baz", header.Get("X-Bar"))
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
resp.EXPECT().GetParameters().Return(url.Values{"scope": {"api:*"}})
resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"X-Bar": {"baz"},
"Location": {"https://foobar.com/?foo=bar#scope=api%3A%2A"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar#bar=baz")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
resp.EXPECT().GetParameters().Return(url.Values{"qux": {"quux"}})
resp.EXPECT().GetHeader().Return(http.Header{})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"Location": {"https://foobar.com/?foo=bar#qux=quux"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFragment)
resp.EXPECT().GetParameters().Return(url.Values{"state": {"{\"a\":\"b=c&d=e\"}"}})
resp.EXPECT().GetHeader().Return(http.Header{})
rw.EXPECT().Header().Return(header).Times(2)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
expect: func() {
assert.Equal(t, http.Header{
"Location": {"https://foobar.com/?foo=bar#state=%7B%22a%22%3A%22b%3Dc%26d%3De%22%7D"},
"Cache-Control": []string{"no-store"},
"Pragma": []string{"no-cache"},
}, header)
},
},
{
setup: func() {
redir, _ := url.Parse("https://foobar.com/?foo=bar")
ar.EXPECT().GetRedirectURI().Return(redir)
ar.EXPECT().GetResponseMode().Return(ResponseModeFormPost)
resp.EXPECT().GetHeader().Return(http.Header{"X-Bar": {"baz"}})
resp.EXPECT().GetParameters().Return(url.Values{"code": {"poz65kqoneu"}, "state": {"qm6dnsrn"}})
rw.EXPECT().Header().Return(header).AnyTimes()
rw.EXPECT().Write(gomock.Any()).AnyTimes()
},
expect: func() {
assert.Equal(t, "text/html;charset=UTF-8", header.Get("Content-Type"))
},
},
} {
t.Logf("Starting test case %d", k)
c.setup()
oauth2.WriteAuthorizeResponse(context.Background(), rw, ar, resp)
c.expect()
header = http.Header{}
t.Logf("Passed test case %d", k)
}
}