github.com/resonatecoop/id@v1.1.0-43/oauth/grant_type_refresh_token_test.go (about) 1 package oauth_test 2 3 import ( 4 "context" 5 "net/http" 6 "net/http/httptest" 7 "net/url" 8 "time" 9 10 "github.com/resonatecoop/id/oauth" 11 "github.com/resonatecoop/id/oauth/tokentypes" 12 testutil "github.com/resonatecoop/id/test-util" 13 "github.com/resonatecoop/user-api/model" 14 "github.com/stretchr/testify/assert" 15 ) 16 17 func (suite *OauthTestSuite) TestRefreshTokenGrantEmptyNotFound() { 18 // Prepare a request 19 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 20 assert.NoError(suite.T(), err, "Request setup should not get an error") 21 r.SetBasicAuth("test_client_1", "test_secret") 22 r.PostForm = url.Values{ 23 "grant_type": {"refresh_token"}, 24 "refresh_token": {""}, 25 } 26 27 // Serve the request 28 w := httptest.NewRecorder() 29 suite.router.ServeHTTP(w, r) 30 31 // Check the response 32 testutil.TestResponseForError( 33 suite.T(), 34 w, 35 oauth.ErrRefreshTokenNotFound.Error(), 36 404, 37 ) 38 } 39 40 func (suite *OauthTestSuite) TestRefreshTokenGrantBogusNotFound() { 41 // Prepare a request 42 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 43 assert.NoError(suite.T(), err, "Request setup should not get an error") 44 r.SetBasicAuth("test_client_1", "test_secret") 45 r.PostForm = url.Values{ 46 "grant_type": {"refresh_token"}, 47 "refresh_token": {"bogus_token"}, 48 } 49 50 // Serve the request 51 w := httptest.NewRecorder() 52 suite.router.ServeHTTP(w, r) 53 54 // Check the response 55 testutil.TestResponseForError( 56 suite.T(), 57 w, 58 oauth.ErrRefreshTokenNotFound.Error(), 59 404, 60 ) 61 } 62 63 func (suite *OauthTestSuite) TestRefreshTokenGrantExipired() { 64 65 ctx := context.Background() 66 // Insert a test refresh token 67 refreshtoken := &model.RefreshToken{ 68 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 69 Token: "test_token", 70 ExpiresAt: time.Now().UTC().Add(-10 * time.Second), 71 ClientID: suite.clients[0].ID, 72 UserID: suite.users[0].ID, 73 Scope: "read_write", 74 } 75 76 _, err := suite.db.NewInsert(). 77 Model(refreshtoken). 78 Exec(ctx) 79 80 // confirm there is no error 81 assert.Nil(suite.T(), err) 82 83 // Prepare a request 84 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 85 assert.NoError(suite.T(), err, "Request setup should not get an error") 86 r.SetBasicAuth("test_client_1", "test_secret") 87 r.PostForm = url.Values{ 88 "grant_type": {"refresh_token"}, 89 "refresh_token": {"test_token"}, 90 "scope": {"read read_write"}, 91 } 92 93 // Serve the request 94 w := httptest.NewRecorder() 95 suite.router.ServeHTTP(w, r) 96 97 // Check the response 98 testutil.TestResponseForError( 99 suite.T(), 100 w, 101 oauth.ErrRefreshTokenExpired.Error(), 102 400, 103 ) 104 } 105 106 func (suite *OauthTestSuite) TestRefreshTokenGrantScopeCannotBeGreater() { 107 // Insert a test refresh token 108 refreshtoken := &model.RefreshToken{ 109 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 110 Token: "test_token", 111 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 112 ClientID: suite.clients[0].ID, 113 UserID: suite.users[0].ID, 114 Scope: "read_write", 115 } 116 117 ctx := context.Background() 118 // Insert a test refresh token 119 _, err := suite.db.NewInsert(). 120 Model(refreshtoken). 121 Exec(ctx) 122 123 // confirm there is no error 124 assert.Nil(suite.T(), err) 125 126 // Prepare a request 127 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 128 assert.NoError(suite.T(), err, "Request setup should not get an error") 129 r.SetBasicAuth("test_client_1", "test_secret") 130 r.PostForm = url.Values{ 131 "grant_type": {"refresh_token"}, 132 "refresh_token": {"test_token"}, 133 "scope": {"read read_write"}, 134 } 135 136 // Serve the request 137 w := httptest.NewRecorder() 138 suite.router.ServeHTTP(w, r) 139 140 // Check the response 141 testutil.TestResponseForError( 142 suite.T(), 143 w, 144 oauth.ErrRequestedScopeCannotBeGreater.Error(), 145 400, 146 ) 147 } 148 149 func (suite *OauthTestSuite) TestRefreshTokenGrantDefaultsToOriginalScope() { 150 151 refreshtoken := &model.RefreshToken{ 152 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 153 Token: "test_token", 154 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 155 ClientID: suite.clients[0].ID, 156 UserID: suite.users[0].ID, 157 Scope: "read_write tenantadmin", 158 } 159 160 ctx := context.Background() 161 // Insert a test refresh token 162 _, err := suite.db.NewInsert(). 163 Model(refreshtoken). 164 Exec(ctx) 165 166 // confirm there is no error 167 assert.Nil(suite.T(), err) 168 169 // Make a request 170 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 171 assert.NoError(suite.T(), err, "Request setup should not get an error") 172 r.SetBasicAuth("test_client_1", "test_secret") 173 r.PostForm = url.Values{ 174 "grant_type": {"refresh_token"}, 175 "refresh_token": {"test_token"}, 176 } 177 178 // Serve the request 179 w := httptest.NewRecorder() 180 suite.router.ServeHTTP(w, r) 181 182 // Fetch data 183 accessToken := new(model.AccessToken) 184 185 err = suite.db.NewSelect(). 186 Model(accessToken). 187 Order("created_at DESC"). 188 Limit(1). 189 Scan(ctx) 190 191 // record found 192 assert.Nil(suite.T(), err) 193 194 refreshToken := new(model.RefreshToken) 195 196 err = suite.db.NewSelect(). 197 Model(refreshToken). 198 Order("created_at DESC"). 199 Limit(1). 200 Scan(ctx) 201 202 // record found 203 assert.Nil(suite.T(), err) 204 205 // Check the response body 206 expected := &oauth.AccessTokenResponse{ 207 UserID: accessToken.UserID.String(), 208 AccessToken: accessToken.Token, 209 ExpiresIn: 3600, 210 TokenType: tokentypes.Bearer, 211 Scope: "read_write tenantadmin", 212 RefreshToken: refreshToken.Token, 213 } 214 testutil.TestResponseObject(suite.T(), w, expected, 200) 215 } 216 217 func (suite *OauthTestSuite) TestRefreshTokenGrant() { 218 // Insert a test refresh token 219 refreshToken := &model.RefreshToken{ 220 IDRecord: model.IDRecord{CreatedAt: time.Now().UTC()}, 221 Token: "test_token", 222 ExpiresAt: time.Now().UTC().Add(+10 * time.Second), 223 ClientID: suite.clients[0].ID, 224 UserID: suite.users[0].ID, 225 Scope: "read_write tenantadmin", 226 } 227 228 ctx := context.Background() 229 230 _, err := suite.db.NewInsert(). 231 Model(refreshToken). 232 Exec(ctx) 233 234 assert.Nil(suite.T(), err) 235 236 // Make a request 237 r, err := http.NewRequest("POST", "http://1.2.3.4/v1/oauth/tokens", nil) 238 assert.NoError(suite.T(), err, "Request setup should not get an error") 239 r.SetBasicAuth("test_client_1", "test_secret") 240 r.PostForm = url.Values{ 241 "grant_type": {"refresh_token"}, 242 "refresh_token": {"test_token"}, 243 "scope": {"read_write tenantadmin"}, 244 } 245 246 // Serve the request 247 w := httptest.NewRecorder() 248 suite.router.ServeHTTP(w, r) 249 250 // Fetch data 251 accessToken := new(model.AccessToken) 252 253 err = suite.db.NewSelect(). 254 Model(accessToken). 255 Order("created_at DESC"). 256 Limit(1). 257 Scan(ctx) 258 259 // record found 260 assert.Nil(suite.T(), err) 261 262 refreshToken = new(model.RefreshToken) 263 264 err = suite.db.NewSelect(). 265 Model(refreshToken). 266 Order("created_at DESC"). 267 Limit(1). 268 Scan(ctx) 269 270 // record found 271 assert.Nil(suite.T(), err) 272 273 // Check the response 274 expected := &oauth.AccessTokenResponse{ 275 UserID: accessToken.UserID.String(), 276 AccessToken: accessToken.Token, 277 ExpiresIn: 3600, 278 TokenType: tokentypes.Bearer, 279 Scope: "read_write tenantadmin", 280 RefreshToken: refreshToken.Token, 281 } 282 testutil.TestResponseObject(suite.T(), w, expected, 200) 283 }