github.com/RichardKnop/Go-oauth2-server@v1.0.1/oauth/introspect_test.go (about) 1 package oauth_test 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "net/url" 7 "time" 8 9 "github.com/RichardKnop/go-oauth2-server/models" 10 "github.com/RichardKnop/go-oauth2-server/oauth" 11 "github.com/RichardKnop/go-oauth2-server/oauth/tokentypes" 12 testutil "github.com/RichardKnop/go-oauth2-server/test-util" 13 "github.com/RichardKnop/go-oauth2-server/util" 14 "github.com/RichardKnop/uuid" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func (suite *OauthTestSuite) TestNewIntrospectResponseFromAccessToken() { 19 MG := models.MyGormModel{ 20 ID: uuid.New(), 21 CreatedAt: time.Now().UTC(), 22 } 23 24 accessToken := &models.OauthAccessToken{ 25 MyGormModel: MG, 26 Token: "test_token_introspect_1", 27 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 28 ClientID: util.StringOrNull(string(suite.clients[0].ID)), 29 UserID: util.StringOrNull(string(suite.users[0].ID)), 30 Scope: "read_write", 31 } 32 expected := &oauth.IntrospectResponse{ 33 Active: true, 34 Scope: accessToken.Scope, 35 TokenType: tokentypes.Bearer, 36 ExpiresAt: int(accessToken.ExpiresAt.Unix()), 37 ClientID: suite.clients[0].Key, 38 Username: suite.users[0].Username, 39 } 40 41 actual, err := suite.service.NewIntrospectResponseFromAccessToken(accessToken) 42 assert.NoError(suite.T(), err) 43 assert.Equal(suite.T(), expected, actual) 44 45 accessToken.ClientID = util.StringOrNull("") 46 expected.ClientID = "" 47 actual, err = suite.service.NewIntrospectResponseFromAccessToken(accessToken) 48 assert.NoError(suite.T(), err) 49 assert.Equal(suite.T(), expected, actual) 50 51 accessToken.UserID = util.StringOrNull("") 52 expected.Username = "" 53 actual, err = suite.service.NewIntrospectResponseFromAccessToken(accessToken) 54 assert.NoError(suite.T(), err) 55 assert.Equal(suite.T(), expected, actual) 56 } 57 58 func (suite *OauthTestSuite) TestNewIntrospectResponseFromRefreshToken() { 59 MG := models.MyGormModel{ 60 ID: uuid.New(), 61 CreatedAt: time.Now().UTC(), 62 } 63 64 refreshToken := &models.OauthRefreshToken{ 65 MyGormModel: MG, 66 Token: "test_token_introspect_1", 67 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 68 ClientID: util.StringOrNull(string(suite.clients[0].ID)), 69 UserID: util.StringOrNull(string(suite.users[0].ID)), 70 Scope: "read_write", 71 } 72 expected := &oauth.IntrospectResponse{ 73 Active: true, 74 Scope: refreshToken.Scope, 75 TokenType: tokentypes.Bearer, 76 ExpiresAt: int(refreshToken.ExpiresAt.Unix()), 77 ClientID: suite.clients[0].Key, 78 Username: suite.users[0].Username, 79 } 80 81 actual, err := suite.service.NewIntrospectResponseFromRefreshToken(refreshToken) 82 assert.NoError(suite.T(), err) 83 assert.Equal(suite.T(), expected, actual) 84 85 refreshToken.ClientID = util.StringOrNull("") 86 expected.ClientID = "" 87 actual, err = suite.service.NewIntrospectResponseFromRefreshToken(refreshToken) 88 assert.NoError(suite.T(), err) 89 assert.Equal(suite.T(), expected, actual) 90 91 refreshToken.UserID = util.StringOrNull("") 92 expected.Username = "" 93 actual, err = suite.service.NewIntrospectResponseFromRefreshToken(refreshToken) 94 assert.NoError(suite.T(), err) 95 assert.Equal(suite.T(), expected, actual) 96 } 97 98 func (suite *OauthTestSuite) TestHandleIntrospectMissingToken() { 99 // Make a request 100 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil) 101 assert.NoError(suite.T(), err, "Request setup should not get an error") 102 r.SetBasicAuth("test_client_1", "test_secret") 103 r.PostForm = url.Values{} 104 105 // And serve the request 106 w := httptest.NewRecorder() 107 suite.router.ServeHTTP(w, r) 108 109 // Check response 110 testutil.TestResponseForError( 111 suite.T(), 112 w, 113 oauth.ErrTokenMissing.Error(), 114 400, 115 ) 116 } 117 118 func (suite *OauthTestSuite) TestHandleIntrospectInvailidTokenHint() { 119 // Make a request 120 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil) 121 assert.NoError(suite.T(), err, "Request setup should not get an error") 122 r.SetBasicAuth("test_client_1", "test_secret") 123 r.PostForm = url.Values{"token": {"token"}, "token_type_hint": {"wrong"}} 124 125 // And serve the request 126 w := httptest.NewRecorder() 127 suite.router.ServeHTTP(w, r) 128 129 // Check response 130 testutil.TestResponseForError( 131 suite.T(), 132 w, 133 oauth.ErrTokenHintInvalid.Error(), 134 400, 135 ) 136 } 137 138 func (suite *OauthTestSuite) TestHandleIntrospectAccessToken() { 139 // Insert a test access token with a user 140 accessToken := &models.OauthAccessToken{ 141 MyGormModel: models.MyGormModel{ 142 ID: uuid.New(), 143 CreatedAt: time.Now().UTC(), 144 }, 145 Token: "test_token_introspect_1", 146 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 147 Client: suite.clients[0], 148 User: suite.users[0], 149 Scope: "read_write", 150 } 151 err := suite.db.Create(accessToken).Error 152 assert.NoError(suite.T(), err, "Inserting test data failed") 153 154 // Make a request 155 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil) 156 assert.NoError(suite.T(), err, "Request setup should not get an error") 157 r.SetBasicAuth("test_client_1", "test_secret") 158 159 // With correct token hint 160 r.PostForm = url.Values{ 161 "token": {accessToken.Token}, 162 "token_type_hint": {oauth.AccessTokenHint}, 163 } 164 165 // And serve the request 166 w := httptest.NewRecorder() 167 suite.router.ServeHTTP(w, r) 168 169 // Check the response 170 expected, err := suite.service.NewIntrospectResponseFromAccessToken(accessToken) 171 assert.NoError(suite.T(), err) 172 testutil.TestResponseObject(suite.T(), w, expected, 200) 173 174 // With incorrect token hint 175 r.PostForm = url.Values{ 176 "token": {accessToken.Token}, 177 "token_type_hint": {oauth.RefreshTokenHint}, 178 } 179 180 // Serve the request 181 w = httptest.NewRecorder() 182 suite.router.ServeHTTP(w, r) 183 184 // Check response 185 testutil.TestResponseForError( 186 suite.T(), 187 w, 188 oauth.ErrRefreshTokenNotFound.Error(), 189 404, 190 ) 191 192 // Without token hint 193 r.PostForm = url.Values{ 194 "token": {accessToken.Token}, 195 } 196 197 // Serve the request 198 w = httptest.NewRecorder() 199 suite.router.ServeHTTP(w, r) 200 201 // Check the response 202 expected, err = suite.service.NewIntrospectResponseFromAccessToken(accessToken) 203 assert.NoError(suite.T(), err) 204 testutil.TestResponseObject(suite.T(), w, expected, 200) 205 } 206 207 func (suite *OauthTestSuite) TestHandleIntrospectRefreshToken() { 208 // Insert a test refresh token with a user 209 refreshToken := &models.OauthRefreshToken{ 210 MyGormModel: models.MyGormModel{ 211 ID: uuid.New(), 212 CreatedAt: time.Now().UTC(), 213 }, 214 Token: "test_token_introspect_1", 215 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 216 Client: suite.clients[0], 217 User: suite.users[0], 218 Scope: "read_write", 219 } 220 err := suite.db.Create(refreshToken).Error 221 assert.NoError(suite.T(), err, "Inserting test data failed") 222 223 // Make a request 224 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil) 225 assert.NoError(suite.T(), err, "Request setup should not get an error") 226 r.SetBasicAuth("test_client_1", "test_secret") 227 228 // With correct token hint 229 r.PostForm = url.Values{ 230 "token": {refreshToken.Token}, 231 "token_type_hint": {oauth.RefreshTokenHint}, 232 } 233 234 // And serve the request 235 w := httptest.NewRecorder() 236 suite.router.ServeHTTP(w, r) 237 238 // Check the response 239 expected, err := suite.service.NewIntrospectResponseFromRefreshToken(refreshToken) 240 assert.NoError(suite.T(), err) 241 testutil.TestResponseObject(suite.T(), w, expected, 200) 242 243 // With incorrect token hint 244 r.PostForm = url.Values{ 245 "token": {refreshToken.Token}, 246 "token_type_hint": {oauth.AccessTokenHint}, 247 } 248 249 // Serve the request 250 w = httptest.NewRecorder() 251 suite.router.ServeHTTP(w, r) 252 253 // Check response 254 testutil.TestResponseForError( 255 suite.T(), 256 w, 257 oauth.ErrAccessTokenNotFound.Error(), 258 404, 259 ) 260 261 // Without token hint 262 r.PostForm = url.Values{ 263 "token": {refreshToken.Token}, 264 } 265 266 // Serve the request 267 w = httptest.NewRecorder() 268 suite.router.ServeHTTP(w, r) 269 270 // Check response 271 testutil.TestResponseForError( 272 suite.T(), 273 w, 274 oauth.ErrAccessTokenNotFound.Error(), 275 404, 276 ) 277 } 278 279 func (suite *OauthTestSuite) TestHandleIntrospectInactiveToken() { 280 // Make a request 281 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/introspect", nil) 282 assert.NoError(suite.T(), err, "Request setup should not get an error") 283 r.SetBasicAuth("test_client_1", "test_secret") 284 285 // With access token hint 286 r.PostForm = url.Values{ 287 "token": {"unexisting_token"}, 288 "token_type_hint": {oauth.AccessTokenHint}, 289 } 290 291 // And serve the request 292 w := httptest.NewRecorder() 293 suite.router.ServeHTTP(w, r) 294 295 // Check response 296 testutil.TestResponseForError( 297 suite.T(), 298 w, 299 oauth.ErrAccessTokenNotFound.Error(), 300 404, 301 ) 302 303 // With refresh token hint 304 r.PostForm = url.Values{ 305 "token": {"unexisting_token"}, 306 "token_type_hint": {oauth.RefreshTokenHint}, 307 } 308 309 // Serve the request 310 w = httptest.NewRecorder() 311 suite.router.ServeHTTP(w, r) 312 313 // Check response 314 testutil.TestResponseForError( 315 suite.T(), 316 w, 317 oauth.ErrRefreshTokenNotFound.Error(), 318 404, 319 ) 320 321 // Without token hint 322 r.PostForm = url.Values{ 323 "token": {"unexisting_token"}, 324 } 325 326 // Serve the request 327 w = httptest.NewRecorder() 328 suite.router.ServeHTTP(w, r) 329 330 // Check response 331 testutil.TestResponseForError( 332 suite.T(), 333 w, 334 oauth.ErrAccessTokenNotFound.Error(), 335 404, 336 ) 337 }