auth
auth/token_test.go
Log ignored errors, grant revocations can return an error. Turn a few TODOs for logging errors into calls to log the actual error. Change the return type of grant revocations for GrantTypes to an error, so they can be logged by the system, not each GrantType. Implement a stub of the revocation function for the authcode GrantType.
| paddy@28 | 1 package auth |
| paddy@28 | 2 |
| paddy@28 | 3 import ( |
| paddy@28 | 4 "testing" |
| paddy@28 | 5 "time" |
| paddy@28 | 6 |
| paddy@45 | 7 "code.secondbit.org/uuid" |
| paddy@28 | 8 ) |
| paddy@28 | 9 |
| paddy@57 | 10 var tokenStores = []tokenStore{NewMemstore()} |
| paddy@28 | 11 |
| paddy@35 | 12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) { |
| paddy@35 | 13 if token1.AccessToken != token2.AccessToken { |
| paddy@35 | 14 return false, "access token", token1.AccessToken, token2.AccessToken |
| paddy@35 | 15 } |
| paddy@35 | 16 if token1.RefreshToken != token2.RefreshToken { |
| paddy@35 | 17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken |
| paddy@35 | 18 } |
| paddy@35 | 19 if !token1.Created.Equal(token2.Created) { |
| paddy@35 | 20 return false, "created", token1.Created, token2.Created |
| paddy@35 | 21 } |
| paddy@35 | 22 if token1.ExpiresIn != token2.ExpiresIn { |
| paddy@35 | 23 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn |
| paddy@35 | 24 } |
| paddy@35 | 25 if token1.TokenType != token2.TokenType { |
| paddy@35 | 26 return false, "token type", token1.TokenType, token2.TokenType |
| paddy@35 | 27 } |
| paddy@35 | 28 if token1.Scope != token2.Scope { |
| paddy@35 | 29 return false, "scope", token1.Scope, token2.Scope |
| paddy@35 | 30 } |
| paddy@35 | 31 if !token1.ProfileID.Equal(token2.ProfileID) { |
| paddy@35 | 32 return false, "profile ID", token1.ProfileID, token2.ProfileID |
| paddy@35 | 33 } |
| paddy@35 | 34 return true, "", nil, nil |
| paddy@35 | 35 } |
| paddy@35 | 36 |
| paddy@28 | 37 func TestTokenStoreSuccess(t *testing.T) { |
| paddy@37 | 38 t.Parallel() |
| paddy@28 | 39 token := Token{ |
| paddy@28 | 40 AccessToken: "access", |
| paddy@28 | 41 RefreshToken: "refresh", |
| paddy@28 | 42 Created: time.Now(), |
| paddy@28 | 43 ExpiresIn: 3600, |
| paddy@28 | 44 TokenType: "bearer", |
| paddy@28 | 45 Scope: "scope", |
| paddy@28 | 46 ProfileID: uuid.NewID(), |
| paddy@28 | 47 } |
| paddy@35 | 48 for _, store := range tokenStores { |
| paddy@57 | 49 err := store.saveToken(token) |
| paddy@28 | 50 if err != nil { |
| paddy@37 | 51 t.Errorf("Error saving token to %T: %s", store, err) |
| paddy@37 | 52 } |
| paddy@57 | 53 err = store.saveToken(token) |
| paddy@37 | 54 if err != ErrTokenAlreadyExists { |
| paddy@37 | 55 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err) |
| paddy@28 | 56 } |
| paddy@57 | 57 retrievedAccess, err := store.getToken(token.AccessToken, false) |
| paddy@28 | 58 if err != nil { |
| paddy@35 | 59 t.Errorf("Error retrieving token from %T: %s", store, err) |
| paddy@28 | 60 } |
| paddy@35 | 61 success, field, expectation, result := compareTokens(token, retrievedAccess) |
| paddy@35 | 62 if !success { |
| paddy@35 | 63 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 64 } |
| paddy@57 | 65 retrievedRefresh, err := store.getToken(token.RefreshToken, true) |
| paddy@28 | 66 if err != nil { |
| paddy@35 | 67 t.Errorf("Error retrieving refresh token from %T: %s", store, err) |
| paddy@28 | 68 } |
| paddy@35 | 69 success, field, expectation, result = compareTokens(token, retrievedRefresh) |
| paddy@35 | 70 if !success { |
| paddy@35 | 71 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 72 } |
| paddy@57 | 73 retrievedProfile, err := store.getTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 74 if err != nil { |
| paddy@35 | 75 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 76 } |
| paddy@28 | 77 if len(retrievedProfile) != 1 { |
| paddy@35 | 78 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 79 } |
| paddy@35 | 80 success, field, expectation, result = compareTokens(token, retrievedProfile[0]) |
| paddy@35 | 81 if !success { |
| paddy@35 | 82 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store) |
| paddy@35 | 83 } |
| paddy@57 | 84 err = store.removeToken(token.AccessToken) |
| paddy@28 | 85 if err != nil { |
| paddy@35 | 86 t.Errorf("Error removing token from %T: %s", store, err) |
| paddy@28 | 87 } |
| paddy@57 | 88 _, err = store.getToken(token.AccessToken, false) |
| paddy@28 | 89 if err != ErrTokenNotFound { |
| paddy@35 | 90 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 91 } |
| paddy@57 | 92 _, err = store.getToken(token.RefreshToken, true) |
| paddy@28 | 93 if err != ErrTokenNotFound { |
| paddy@35 | 94 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@28 | 95 } |
| paddy@57 | 96 retrievedProfile, err = store.getTokensByProfileID(token.ProfileID, 25, 0) |
| paddy@28 | 97 if err != nil { |
| paddy@35 | 98 t.Errorf("Error retrieving token by profile from %T: %s", store, err) |
| paddy@28 | 99 } |
| paddy@28 | 100 if len(retrievedProfile) != 0 { |
| paddy@35 | 101 t.Errorf("Expected list of 0 tokens from %T, got %+v", store, retrievedProfile) |
| paddy@28 | 102 } |
| paddy@57 | 103 err = store.removeToken(token.AccessToken) |
| paddy@37 | 104 if err != ErrTokenNotFound { |
| paddy@37 | 105 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err) |
| paddy@37 | 106 } |
| paddy@28 | 107 } |
| paddy@28 | 108 } |