From 49ad6697f7c4842419f658cd394e4ddebb075f16 Mon Sep 17 00:00:00 2001 From: hijiki51 Date: Sat, 23 Sep 2023 14:17:00 +0900 Subject: [PATCH] test: add test for DecodeIDToken --- handler/openid/strategy_jwt_test.go | 85 +++++++++++++++++++++++++++++ internal/id_token_strategy.go | 1 + 2 files changed, 86 insertions(+) diff --git a/handler/openid/strategy_jwt_test.go b/handler/openid/strategy_jwt_test.go index fff45519..42d9c64d 100644 --- a/handler/openid/strategy_jwt_test.go +++ b/handler/openid/strategy_jwt_test.go @@ -10,8 +10,10 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/ory/fosite" + "github.com/ory/fosite/internal/gen" "github.com/ory/fosite/token/jwt" ) @@ -283,3 +285,86 @@ func TestJWTStrategy_GenerateIDToken(t *testing.T) { }) } } + +func TestJWTStrategy_DecodeIDToken(t *testing.T) { + var j = &DefaultStrategy{ + Signer: &jwt.DefaultSigner{ + GetPrivateKey: func(_ context.Context) (interface{}, error) { + return key, nil + }}, + Config: &fosite.Config{ + MinParameterEntropy: fosite.MinParameterEntropy, + }, + } + + var anotherKey = gen.MustRSAKey() + + var genIDToken = func(c jwt.IDTokenClaims) string { + s, _, err := j.Generate(context.TODO(), c.ToMapClaims(), jwt.NewHeaders()) + require.NoError(t, err) + return s + } + + var token string + var decoder *DefaultStrategy + for k, c := range []struct { + description string + setup func() + expectErr bool + }{ + { + description: "should pass with valid token", + setup: func() { + token = genIDToken(jwt.IDTokenClaims{ + Subject: "peter", + RequestedAt: time.Now(), + ExpiresAt: time.Now().Add(time.Hour), + }) + decoder = j + }, + expectErr: false, + }, + { + description: "should pass even though token is expired", + setup: func() { + token = genIDToken(jwt.IDTokenClaims{ + Subject: "peter", + RequestedAt: time.Now(), + ExpiresAt: time.Now().Add(-time.Hour), + }) + decoder = j + }, + expectErr: false, + }, + { + description: "should fail because token is decoded with wrong key", + setup: func() { + token = genIDToken(jwt.IDTokenClaims{ + Subject: "peter", + RequestedAt: time.Now(), + ExpiresAt: time.Now().Add(time.Hour), + }) + decoder = &DefaultStrategy{ + Signer: &jwt.DefaultSigner{ + GetPrivateKey: func(_ context.Context) (interface{}, error) { + return anotherKey, nil + }}, + Config: &fosite.Config{ + MinParameterEntropy: fosite.MinParameterEntropy, + }, + } + }, + expectErr: true, + }, + } { + t.Run(fmt.Sprintf("case=%d/description=%s", k, c.description), func(t *testing.T) { + c.setup() + req := fosite.NewAccessRequest(&DefaultSession{}) + idtoken, err := decoder.DecodeIDToken(context.Background(), req, token) + assert.Equal(t, c.expectErr, err != nil, "%d: %+v", k, err) + if !c.expectErr { + assert.NotNil(t, idtoken) + } + }) + } +} diff --git a/internal/id_token_strategy.go b/internal/id_token_strategy.go index 1359b1dc..c8c13716 100644 --- a/internal/id_token_strategy.go +++ b/internal/id_token_strategy.go @@ -13,6 +13,7 @@ import ( time "time" gomock "github.com/golang/mock/gomock" + fosite "github.com/ory/fosite" jwt "github.com/ory/fosite/token/jwt" )