auth
auth/token_test.go
Implement handlers for retrieving clients. Create a GetClientHandler and ListClientsHandler for retrieving details about a client. Currently, we're not returning the client secret for these clients. We're also not doing any auth. We may want to restrict auth to the owner of the clients, and return secrets only when auth'd, and maybe even only when a special header is included. Alternatively, we could only return the secret when retrieving a single client. Still unsure how I want to handle that.
1 package auth
3 import (
4 "testing"
5 "time"
7 "code.secondbit.org/uuid.hg"
8 )
10 var tokenStores = []tokenStore{NewMemstore()}
12 func compareTokens(token1, token2 Token) (success bool, field string, val1, val2 interface{}) {
13 if token1.AccessToken != token2.AccessToken {
14 return false, "access token", token1.AccessToken, token2.AccessToken
15 }
16 if token1.RefreshToken != token2.RefreshToken {
17 return false, "refresh token", token1.RefreshToken, token2.RefreshToken
18 }
19 if !token1.Created.Equal(token2.Created) {
20 return false, "created", token1.Created, token2.Created
21 }
22 if token1.CreatedFrom != token2.CreatedFrom {
23 return false, "created from", token1.CreatedFrom, token2.CreatedFrom
24 }
25 if token1.ExpiresIn != token2.ExpiresIn {
26 return false, "expires in", token1.ExpiresIn, token2.ExpiresIn
27 }
28 if token1.TokenType != token2.TokenType {
29 return false, "token type", token1.TokenType, token2.TokenType
30 }
31 if token1.Scope != token2.Scope {
32 return false, "scope", token1.Scope, token2.Scope
33 }
34 if !token1.ProfileID.Equal(token2.ProfileID) {
35 return false, "profile ID", token1.ProfileID, token2.ProfileID
36 }
37 if token1.Revoked != token2.Revoked {
38 return false, "revoked", token1.Revoked, token2.Revoked
39 }
40 return true, "", nil, nil
41 }
43 func TestTokenStoreSuccess(t *testing.T) {
44 t.Parallel()
45 token := Token{
46 AccessToken: "access",
47 RefreshToken: "refresh",
48 Created: time.Now(),
49 ExpiresIn: 3600,
50 TokenType: "bearer",
51 Scope: "scope",
52 ProfileID: uuid.NewID(),
53 }
54 for _, store := range tokenStores {
55 context := Context{tokens: store}
56 retrievedAccess, err := context.GetToken(token.AccessToken, false)
57 if err == nil {
58 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedAccess)
59 } else if err != ErrTokenNotFound {
60 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
61 }
62 retrievedRefresh, err := context.GetToken(token.RefreshToken, true)
63 if err == nil {
64 t.Errorf("Expected ErrTokenNotFound from %T, got %+v", store, retrievedRefresh)
65 } else if err != ErrTokenNotFound {
66 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
67 }
68 err = context.RevokeToken(token.AccessToken, false)
69 if err != ErrTokenNotFound {
70 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
71 }
72 err = context.RevokeToken(token.RefreshToken, true)
73 if err != ErrTokenNotFound {
74 t.Errorf("Expected ErrTokenNotFound from %T, got %s", store, err)
75 }
76 err = context.SaveToken(token)
77 if err != nil {
78 t.Errorf("Error saving token to %T: %s", store, err)
79 }
80 err = context.SaveToken(token)
81 if err != ErrTokenAlreadyExists {
82 t.Errorf("Expected ErrTokenAlreadyExists from %T, got %s", store, err)
83 }
84 retrievedAccess, err = context.GetToken(token.AccessToken, false)
85 if err != nil {
86 t.Errorf("Error retrieving token from %T: %s", store, err)
87 }
88 success, field, expectation, result := compareTokens(token, retrievedAccess)
89 if !success {
90 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
91 }
92 retrievedRefresh, err = context.GetToken(token.RefreshToken, true)
93 if err != nil {
94 t.Errorf("Error retrieving refresh token from %T: %s", store, err)
95 }
96 success, field, expectation, result = compareTokens(token, retrievedRefresh)
97 if !success {
98 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
99 }
100 retrievedProfile, err := context.GetTokensByProfileID(token.ProfileID, 25, 0)
101 if err != nil {
102 t.Errorf("Error retrieving token by profile from %T: %s", store, err)
103 }
104 if len(retrievedProfile) != 1 {
105 t.Errorf("Expected 1 token retrieved by profile ID from %T, got %+v", store, retrievedProfile)
106 }
107 success, field, expectation, result = compareTokens(token, retrievedProfile[0])
108 if !success {
109 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
110 }
111 err = context.RevokeToken(token.AccessToken, false)
112 if err != nil {
113 t.Errorf("Error revoking token in %T: %s", store, err)
114 }
115 retrievedRevoked, err := context.GetToken(token.AccessToken, false)
116 if err != nil {
117 t.Errorf("Error retrieving token from %T: %s", store, err)
118 }
119 token.Revoked = true
120 success, field, expectation, result = compareTokens(token, retrievedRevoked)
121 if !success {
122 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
123 }
124 err = context.RevokeToken(token.RefreshToken, true)
125 if err != nil {
126 t.Errorf("Error revoking token in %T: %s", store, err)
127 }
128 retrievedRevoked, err = context.GetToken(token.RefreshToken, true)
129 if err != nil {
130 t.Errorf("Error retrieving token from %T: %s", store, err)
131 }
132 token.RefreshRevoked = true
133 success, field, expectation, result = compareTokens(token, retrievedRevoked)
134 if !success {
135 t.Errorf("Expected field %s to be %v, but got %v from %T", field, expectation, result, store)
136 }
137 }
138 }
140 // BUG(paddy): We need to test the refreshTokenValidate function.
141 // BUG(paddy): We need to test the refreshTokenInvalidate function.