diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-08-09 18:46:48 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-08-13 01:06:38 +0200 |
commit | ded10e28782f289ad3db15320bcf619ab4336876 (patch) | |
tree | 32609fd9f1eb0d2f8a23105e09f193827d16a275 /tests | |
parent | 7b62790238902e10edb83c07286cf0643b097997 (diff) |
Switch to a more sensible error reporting system
Diffstat (limited to 'tests')
29 files changed, 281 insertions, 203 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index e09ad57..02512d8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -49,7 +49,6 @@ TESTS = %reldir%/load-library.scm \ %reldir%/refresh-token.scm \ %reldir%/too-many-refresh-tokens.scm \ %reldir%/refresh-token-with-wrong-key.scm \ - %reldir%/unknown-client-locale.scm \ %reldir%/authorization-endpoint-no-args.scm \ %reldir%/authorization-endpoint-get-form.scm \ %reldir%/authorization-endpoint-submit-form.scm \ diff --git a/tests/base64-error.scm b/tests/base64-error.scm index 21ef7a6..0d065af 100644 --- a/tests/base64-error.scm +++ b/tests/base64-error.scm @@ -27,12 +27,12 @@ (unless (with-exception-handler (lambda (error) - (unless ((record-predicate ¬-base64) error) + (unless (stubs:invalid-base64-data? error) (exit 1)) #t) (lambda () (stubs:base64-decode test) #f) #:unwind? #t - #:unwind-for-type ¬-base64) + #:unwind-for-type stubs:&invalid-base64-data) (exit 2))))) diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm index b786140..a1bfe20 100644 --- a/tests/client-manifest-fraudulent.scm +++ b/tests/client-manifest-fraudulent.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -63,8 +63,7 @@ #:http-get respond)) (with-exception-handler (lambda (error) - (unless ((record-predicate &inconsistent-client-manifest-id) - ((record-accessor &cannot-fetch-client-manifest 'cause) error)) + (unless (inconsistent-client-manifest? error) (exit 3))) (lambda () (get-client-manifest @@ -72,4 +71,4 @@ #:http-get cache-http-get) (exit 4)) #:unwind? #t - #:unwind-for-type &cannot-fetch-client-manifest))) + #:unwind-for-type &inconsistent-client-manifest))) diff --git a/tests/client-manifest-public.scm b/tests/client-manifest-public.scm index 1e2c628..76eb8ba 100644 --- a/tests/client-manifest-public.scm +++ b/tests/client-manifest-public.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -37,7 +37,7 @@ (exit 3)) (with-exception-handler (lambda (error) - (unless ((record-predicate &cannot-serve-public-manifest) error) + (unless (cannot-serve-public-manifest? error) (exit 4))) (lambda () (serve-client-manifest diff --git a/tests/client-manifest.scm b/tests/client-manifest.scm index 2812ede..8e98091 100644 --- a/tests/client-manifest.scm +++ b/tests/client-manifest.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -66,13 +66,13 @@ (exit 4)) (with-exception-handler (lambda (error) - (unless ((record-predicate &unauthorized-redirection-uri) error) + (unless (unauthorized-redirect-uri? error) (exit 5))) (lambda () (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback") (exit 55)) #:unwind? #t - #:unwind-for-type &unauthorized-redirection-uri) + #:unwind-for-type &unauthorized-redirect-uri) (receive (response response-body) (serve-client-manifest (time-utc->date (make-time time-utc 0 3600)) diff --git a/tests/client-workflow.scm b/tests/client-workflow.scm index 04a4455..15f480a 100644 --- a/tests/client-workflow.scm +++ b/tests/client-workflow.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -137,4 +137,118 @@ (equal? (request-uri final-request) (string->uri "https://server@client-workflow.scm/")) (eqv? (response-code final-response) 200)) - (exit 4))))))))) + (exit 4))))) + ;; 1 hour later, the access token should have expired. + (parameterize ((p:current-date 3600)) + (receive (response response-body) + (let ((handler + (client:request client + (string->uri "https://server@client-workflow.scm/alice#me") + (string->uri "https://server@client-workflow.scm") + #:http-request (cute sim:request simulation <...>)))) + (handler (build-request (string->uri "https://server@client-workflow.scm/")) + #f)) + (unless (eqv? (response-code response) 200) + ;; Only Alice can read that resource. + (exit 5))) + (match (sim:simulation-scroll-log! simulation) + ;; 1. and 2. The client starts sending the request, the server + ;; querries the identity provider and keys. + + ;; 3. The client directly sends the request. It fails because + ;; the access token expired. + + ;; 4. The client queries the OIDC configuration to get the + ;; token endpoint. + + ;; 5. The client gets an access token from the refresh token. + + ;; 6. 7. The client decodes the ID token, by getting the keys + ;; again. + + ;; 8. and 9. The client starts sending the new request, the + ;; server checks the access token. + + ;; 10. The client sends the request again, and it succeeds. + ((_ + _ + (naively-try-request _ naively-try-response _) + (get-token-endpoint-request _ get-token-endpoint-response _) + (refresh-request _ refresh-response _) + _ _ _ _ + (with-new-refresh-token-request _ with-new-refresh-token-response _)) + (unless + (and + ;; 3. The client realizes that the access token is + ;; expired. + (equal? (request-uri naively-try-request) + (string->uri "https://server@client-workflow.scm/")) + (eqv? (response-code naively-try-response) 401) + (eqv? (time-second (date->time-utc (response-date naively-try-response))) + 3600) + ;; 4. The client discovers the token endpoint. + (equal? (request-uri get-token-endpoint-request) + (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration")) + (eqv? (response-code get-token-endpoint-response) 200) + ;; 5. Refresh the access token. + (equal? (request-uri refresh-request) + (string->uri "https://server@client-workflow.scm/token")) + (eqv? (response-code refresh-response) 200) + ;; 10. Send again. + (equal? (request-uri with-new-refresh-token-request) + (string->uri "https://server@client-workflow.scm/")) + (eqv? (response-code with-new-refresh-token-response) 200)) + (exit 6))))) + ;; Wait another hour, and we’ll need to update the refresh + ;; token again, but this time it’s not there anymore. + (parameterize ((p:current-date 7200)) + (refresh:remove-refresh-token + (string->uri "https://server@client-workflow.scm/alice#me") + (string->uri "https://client@client-workflow.scm/id")) + (with-exception-handler + (lambda (error) + (unless (client:refresh-token-expired? error) + (exit 7))) + (lambda () + (let ((handler + (client:request client + (string->uri "https://server@client-workflow.scm/alice#me") + (string->uri "https://server@client-workflow.scm") + #:http-request (cute sim:request simulation <...>)))) + (handler (build-request (string->uri "https://server@client-workflow.scm/")) + #f)) + (exit 8)) + #:unwind? #t + #:unwind-for-type client:&refresh-token-expired) + (match (sim:simulation-scroll-log! simulation) + ;; 1. and 2. The client starts sending the request, the server + ;; querries the identity provider and keys. + + ;; 3. The client directly sends the request. It fails + ;; because the access token expired. + + ;; 4. The client queries the OIDC configuration to get the + ;; token endpoint. + + ;; 5. The client sends the token request, but it fails with + ;; 403. + ((_ + _ + (naively-try-request _ naively-try-response _) + (get-token-endpoint-request _ get-token-endpoint-response _) + (refresh-request _ refresh-response _)) + ;; 3. The client realizes that the access token is + ;; expired. + (equal? (request-uri naively-try-request) + (string->uri "https://server@client-workflow.scm/")) + (eqv? (response-code naively-try-response) 401) + (eqv? (time-second (date->time-utc (response-date naively-try-response))) + 7200) + ;; 4. The client discovers the token endpoint. + (equal? (request-uri get-token-endpoint-request) + (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration")) + (eqv? (response-code get-token-endpoint-response) 200) + ;; 5. The client tries to refresh. + (equal? (request-uri refresh-request) + (string->uri "https://server@client-workflow.scm/token")) + (eqv? (response-code refresh-response) 403)))))))) diff --git a/tests/dpop-proof-iat-in-future.scm b/tests/dpop-proof-iat-in-future.scm index b5dd3f8..d7f345b 100644 --- a/tests/dpop-proof-iat-in-future.scm +++ b/tests/dpop-proof-iat-in-future.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -17,6 +17,7 @@ (use-modules (webid-oidc dpop-proof) (webid-oidc jti) (webid-oidc jwk) + (webid-oidc jws) (webid-oidc testing) (webid-oidc errors) ((webid-oidc parameters) #:prefix p:) @@ -38,8 +39,11 @@ #:htu (string->uri "https://example.com/res#frag")))) (with-exception-handler (lambda (error) - (unless ((record-predicate &dpop-signed-in-future) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (and (signed-in-future? error) + (eqv? (time-second (date->time-utc (error-signature-date error))) + 10) + (eqv? (time-second (date->time-utc (error-current-date error))) + 0)) (raise-exception error))) (lambda () (parameterize ((p:current-date 0)) @@ -49,4 +53,4 @@ cnf)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &signed-in-future))) diff --git a/tests/dpop-proof-iat-too-late.scm b/tests/dpop-proof-iat-too-late.scm index 0e1f4ed..7cf2146 100644 --- a/tests/dpop-proof-iat-too-late.scm +++ b/tests/dpop-proof-iat-too-late.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -17,6 +17,7 @@ (use-modules (webid-oidc dpop-proof) (webid-oidc jti) (webid-oidc jwk) + (webid-oidc jws) (webid-oidc testing) ((webid-oidc parameters) #:prefix p:) (webid-oidc errors) @@ -38,8 +39,11 @@ #:htu (string->uri "https://example.com/res#frag")))) (with-exception-handler (lambda (error) - (unless ((record-predicate &dpop-too-old) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (and (expired? error) + (eqv? (time-second (date->time-utc (error-expiration-date error))) + 120) + (eqv? (time-second (date->time-utc (error-current-date error))) + 600)) (raise-exception error))) (lambda () (parameterize ((p:current-date 600)) @@ -49,4 +53,4 @@ cnf)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &expired))) diff --git a/tests/dpop-proof-invalid-ath.scm b/tests/dpop-proof-invalid-ath.scm index 90cd168..cecd162 100644 --- a/tests/dpop-proof-invalid-ath.scm +++ b/tests/dpop-proof-invalid-ath.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -36,11 +36,11 @@ (issue-access-token idp-key #:alg 'RS256 - #:webid "https://data.provider/subject" - #:iss "https://identity.provider" + #:webid (string->uri "https://data.provider/subject") + #:iss (string->uri "https://identity.provider") #:validity 3600 #:client-key jwk - #:client-id "https://client"))) + #:client-id (string->uri "https://client")))) (define proof (parameterize ((p:current-date 0)) (issue-dpop-proof @@ -51,14 +51,12 @@ #:access-token "aaaaaaaaaaaaaaa"))) (with-exception-handler (lambda (error) - (let ((cause - ((record-accessor &cannot-decode-dpop-proof 'cause) error))) - (unless (dpop-invalid-access-token-hash? cause) - (raise-exception error)) - (unless (and (equal? (dpop-invalid-access-token-hash-hash cause) - (stubs:hash 'SHA-256 "aaaaaaaaaaaaaaa")) - (equal? (dpop-invalid-access-token-hash-access-token cause) access-token)) - (exit 1)))) + (unless (and (dpop-invalid-ath? error) + (equal? (dpop-invalid-ath-hash error) + (stubs:hash 'SHA-256 "aaaaaaaaaaaaaaa")) + (equal? (dpop-invalid-ath-access-token error) + access-token)) + (raise-exception error))) (lambda () (parameterize ((p:current-date 10)) (dpop-proof-decode 'GET @@ -68,4 +66,4 @@ #:access-token access-token)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &dpop-invalid-ath))) diff --git a/tests/dpop-proof-no-ath.scm b/tests/dpop-proof-no-ath.scm index 35bff75..3d87368 100644 --- a/tests/dpop-proof-no-ath.scm +++ b/tests/dpop-proof-no-ath.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -38,14 +38,12 @@ #:htu (string->uri "https://example.com/res?query")))) (with-exception-handler (lambda (error) - (let ((cause - ((record-accessor &cannot-decode-dpop-proof 'cause) error))) - (unless (dpop-invalid-access-token-hash? cause) - (raise-exception error)) - (when (dpop-invalid-access-token-hash-hash cause) - ;; An #f value for hash indicates that there was no ath - ;; claim - (exit 1)))) + (unless (and (dpop-invalid-ath? error) + (equal? (dpop-invalid-ath-access-token error) "aaa") + ;; An #f value for hash indicates that there was + ;; no ath claim + (not (dpop-invalid-ath-hash error))) + (raise-exception error))) (lambda () (parameterize ((p:current-date 10)) (dpop-proof-decode 'GET @@ -55,4 +53,4 @@ #:access-token "aaa")) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &dpop-invalid-ath))) diff --git a/tests/dpop-proof-replay.scm b/tests/dpop-proof-replay.scm index b8f4668..71cabe5 100644 --- a/tests/dpop-proof-replay.scm +++ b/tests/dpop-proof-replay.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -45,11 +45,10 @@ (define decoded-once (decode)) (with-exception-handler (lambda (error) - (unless ((record-predicate &jti-found) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (jti-found? error) (raise-exception error))) (lambda () (decode) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &jti-found))) diff --git a/tests/dpop-proof-valid-ath.scm b/tests/dpop-proof-valid-ath.scm index 1e15e17..8753c3a 100644 --- a/tests/dpop-proof-valid-ath.scm +++ b/tests/dpop-proof-valid-ath.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -34,11 +34,11 @@ (issue-access-token idp-key #:alg 'RS256 - #:webid "https://data.provider/subject" - #:iss "https://identity.provider" + #:webid (string->uri "https://data.provider/subject") + #:iss (string->uri "https://identity.provider") #:validity 3600 #:client-key jwk - #:client-id "https://client"))) + #:client-id (string->uri "https://client")))) (define proof (parameterize ((p:current-date 0)) (issue-dpop-proof diff --git a/tests/dpop-proof-wrong-htm.scm b/tests/dpop-proof-wrong-htm.scm index 1b30161..204e87a 100644 --- a/tests/dpop-proof-wrong-htm.scm +++ b/tests/dpop-proof-wrong-htm.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -38,8 +38,11 @@ #:htu (string->uri "https://example.com/res#frag")))) (with-exception-handler (lambda (error) - (unless ((record-predicate &dpop-method-mismatch) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (and (dpop-method-mismatch? error) + (eq? (dpop-method-mismatch-advertised error) + 'POST) + (eq? (dpop-method-mismatch-actual error) + 'GET)) (raise-exception error))) (lambda () (parameterize ((p:current-date 10)) @@ -49,4 +52,4 @@ cnf)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &dpop-method-mismatch))) diff --git a/tests/dpop-proof-wrong-htu.scm b/tests/dpop-proof-wrong-htu.scm index 6f3ac0a..05bdea5 100644 --- a/tests/dpop-proof-wrong-htu.scm +++ b/tests/dpop-proof-wrong-htu.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -38,8 +38,11 @@ #:htu (string->uri "https://example.com/other-res#frag")))) (with-exception-handler (lambda (error) - (unless ((record-predicate &dpop-uri-mismatch) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (and (dpop-uri-mismatch? error) + (equal? (dpop-uri-mismatch-advertised error) + (string->uri "https://example.com/other-res#frag")) + (equal? (dpop-uri-mismatch-actual error) + (string->uri "https://example.com/res?query"))) (raise-exception error))) (lambda () (parameterize ((p:current-date 10)) @@ -49,4 +52,4 @@ cnf)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &dpop-uri-mismatch))) diff --git a/tests/dpop-proof-wrong-key.scm b/tests/dpop-proof-wrong-key.scm index 497ae0e..ca1e01b 100644 --- a/tests/dpop-proof-wrong-key.scm +++ b/tests/dpop-proof-wrong-key.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -38,8 +38,7 @@ #:htu (string->uri "https://example.com/res#frag")))) (with-exception-handler (lambda (error) - (unless ((record-predicate &dpop-unconfirmed-key) - ((record-accessor &cannot-decode-dpop-proof 'cause) error)) + (unless (dpop-unconfirmed-key? error) (raise-exception error))) (lambda () (parameterize ((p:current-date 10)) @@ -49,4 +48,4 @@ cnf)) (exit 2)) #:unwind? #t - #:unwind-for-type &cannot-decode-dpop-proof))) + #:unwind-for-type &dpop-unconfirmed-key))) diff --git a/tests/hash-unsupported.scm b/tests/hash-unsupported.scm index 3924202..bcea18c 100644 --- a/tests/hash-unsupported.scm +++ b/tests/hash-unsupported.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -25,13 +25,14 @@ (lambda () (with-exception-handler (lambda (error) - (unless ((record-predicate &unsupported-alg) error) + (unless (stubs:unsupported-algorithm? error) (exit 1)) - (let ((value ((record-accessor &unsupported-alg 'value) error))) - (unless (eq? value 'SHA-1024) - (exit 2)))) + (unless (eq? (stubs:unsupported-algorithm-alg error) 'SHA-1024) + (exit 2)) + (unless (eq? (stubs:unsupported-algorithm-application error) 'hash) + (exit 3))) (lambda () (stubs:hash 'SHA-1024 "hello :)") - (exit 3)) + (exit 4)) #:unwind? #t - #:unwind-for-type &unsupported-alg))) + #:unwind-for-type stubs:&unsupported-algorithm))) diff --git a/tests/jwk-kty-ec-incorrect.scm b/tests/jwk-kty-ec-incorrect.scm index 3ca1283..bacdff0 100644 --- a/tests/jwk-kty-ec-incorrect.scm +++ b/tests/jwk-kty-ec-incorrect.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -14,7 +14,8 @@ ;; You should have received a copy of the GNU Affero General Public License ;; along with this program. If not, see <https://www.gnu.org/licenses/>. -(use-modules (webid-oidc stubs) +(use-modules (webid-oidc jwk) + (webid-oidc stubs) (webid-oidc testing) (webid-oidc errors)) diff --git a/tests/jwk-kty-rsa-incorrect.scm b/tests/jwk-kty-rsa-incorrect.scm index fe81c1d..798933f 100644 --- a/tests/jwk-kty-rsa-incorrect.scm +++ b/tests/jwk-kty-rsa-incorrect.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -15,6 +15,7 @@ ;; along with this program. If not, see <https://www.gnu.org/licenses/>. (use-modules (webid-oidc stubs) + (webid-oidc jwk) (webid-oidc testing) (webid-oidc errors)) diff --git a/tests/jws.scm b/tests/jws.scm index cfd57b1..981e751 100644 --- a/tests/jws.scm +++ b/tests/jws.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -33,8 +33,8 @@ (parsed (jws-decode encoded (lambda (jws) (and (jws? jws) key)))) - (parsed-header (jws-header parsed)) - (parsed-payload (jws-payload parsed)) + (parsed-header (car parsed)) + (parsed-payload (cdr parsed)) (alg (jws-alg parsed)) (typ (assq-ref parsed-header 'typ)) (sub (assq-ref parsed-payload 'sub)) @@ -43,8 +43,8 @@ (iat (assq-ref parsed-payload 'iat)) (re-encoded (jws-encode parsed other-key)) (re-parsed (jws-decode re-encoded (lambda (jws) other-key))) - (re-parsed-header (jws-header re-parsed)) - (re-parsed-payload (jws-payload re-parsed)) + (re-parsed-header (car re-parsed)) + (re-parsed-payload (cdr re-parsed)) (re-alg (jws-alg re-parsed)) (re-typ (assq-ref re-parsed-header 'typ)) (re-sub (assq-ref re-parsed-payload 'sub)) diff --git a/tests/oidc-configuration.scm b/tests/oidc-configuration.scm index f7b3bbc..983c0f7 100644 --- a/tests/oidc-configuration.scm +++ b/tests/oidc-configuration.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -112,7 +112,8 @@ \"code_challenge_methods_supported\": [ \"plain\", \"S256\" - ] + ], + \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\" }")) (else (exit 2)))) (define cache-http-get @@ -128,18 +129,16 @@ (exit 3)) (unless (jwks? jwks) (exit 4)) - (let ((my-oidc (make-oidc-configuration - "https://example.com/keys" - "https://example.com/authorize" - "https://example.com/token"))) + (let ((my-oidc `((jwks_uri . "https://example.com/keys") + (authorization_endpoint . "https://example.com/authorize") + (token_endpoint . "https://example.com/token") + (solid_oidc_supported . "https://solidproject.org/TR/solid-oidc")))) (receive (response response-body) (serve-oidc-configuration (time-utc->date (make-time time-utc 0 3600)) my-oidc) (unless (eqv? (car (response-content-type response)) 'application/json) (exit 5)) - (let ((parsed (stubs:json-string->scm response-body))) - (unless (oidc-configuration? parsed) - (exit 6)) + (let ((parsed (the-oidc-configuration (stubs:json-string->scm response-body)))) (unless (equal? (assq-ref parsed 'jwks_uri) "https://example.com/keys") (exit 7)) diff --git a/tests/refresh-token-with-wrong-key.scm b/tests/refresh-token-with-wrong-key.scm index 38537ec..8a19905 100644 --- a/tests/refresh-token-with-wrong-key.scm +++ b/tests/refresh-token-with-wrong-key.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -34,7 +34,7 @@ (define refresh-token (issue-refresh-token sub aud (jkt first-key))) (with-exception-handler (lambda (error) - (unless ((record-predicate &invalid-key-for-refresh-token) error) + (unless (invalid-refresh-token? error) (exit 1))) (lambda () (with-refresh-token refresh-token second-key @@ -42,4 +42,4 @@ (exit 2))) (exit 3)) #:unwind? #t - #:unwind-for-type &invalid-key-for-refresh-token))) + #:unwind-for-type &invalid-refresh-token))) diff --git a/tests/refresh-token.scm b/tests/refresh-token.scm index 3bcb27f..cf5640b 100644 --- a/tests/refresh-token.scm +++ b/tests/refresh-token.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -58,7 +58,7 @@ (remove-refresh-token sub-b aud-b) (with-exception-handler (lambda (error) - (unless ((record-predicate &invalid-refresh-token) error) + (unless (invalid-refresh-token? error) (exit 10))) (lambda () (with-refresh-token refresh-b key-b diff --git a/tests/resource-server.scm b/tests/resource-server.scm index aba4bb0..b9f1036 100644 --- a/tests/resource-server.scm +++ b/tests/resource-server.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -39,10 +39,10 @@ (define jwks (make-jwks (list idp-key))) (define jwks-uri (string->uri "https://identity.provider/keys")) (define oidc-config - (make-oidc-configuration - jwks-uri - (string->uri "https://identity.provider/authorize") - (string->uri "https://identity.provider/token"))) + `((jwks_uri . ,(uri->string jwks-uri)) + (authorization_endpoint . "https://identity.provider/authorize") + (token_endpoint . "https://identity.provider/token") + (solid_oidc_supported . "https://solidproject.org/TR/solid-oidc"))) (define oidc-config-uri (string->uri "https://identity.provider/.well-known/openid-configuration")) @@ -60,10 +60,10 @@ idp-key #:alg 'RS256 #:webid subject - #:iss "https://identity.provider" + #:iss (string->uri "https://identity.provider") #:validity 3600 #:client-key client-key - #:client-id "https://client"))) + #:client-id (string->uri "https://client")))) (define uri (string->uri "https://resource.server/resource")) (define server-uri (string->uri "https://resource.server/")) (define method 'GET) diff --git a/tests/server-path.scm b/tests/server-path.scm index b2e1180..b497dae 100644 --- a/tests/server-path.scm +++ b/tests/server-path.scm @@ -33,26 +33,26 @@ (lambda (file) (false-if-exception (delete-file file))) '( - "tests/server-path.home/webid-oidc/server/content/6/8OMG_V5x-KmI6TI" - "tests/server-path.home/webid-oidc/server/content/X/hqM_2Avn5_egTzs" - "tests/server-path.home/webid-oidc/server/content/a/68pTwiImTWTpjQl" - "tests/server-path.home/webid-oidc/server/content/5/n1KPgAd3ng4wSqn" - "tests/server-path.home/webid-oidc/server/content/D/wxU0ogx5rzRrvu2" - "tests/server-path.home/webid-oidc/server/content/F/BQKBGrtq6U_M0L7" - "tests/server-path.home/webid-oidc/server/content/N/gnO8RAS9FpPiO5j" - "tests/server-path.home/webid-oidc/server/content/n/U46BXbknEaLWZpH" - "tests/server-path.home/webid-oidc/server/content/y/29x0MEOMybxUqDU" - "tests/server-path.home/webid-oidc/server/content/b/k7RqZevpCHAumba" - "tests/server-path.home/webid-oidc/server/content/H/y4S5p1BqTEJi-Jb" - "tests/server-path.home/webid-oidc/server/content/A/fkGTJRCHc-jHk-V" - "tests/server-path.home/webid-oidc/server/path/b/FkceBVDI7O39t4bFK02Vu0E7OWtjnjDfAXDLKuREbE" - "tests/server-path.home/webid-oidc/server/path/b/FkceBVDI7O39t4bFK02Vu0E7OWtjnjDfAXDLKuREbE.lock" - "tests/server-path.home/webid-oidc/server/path/g/pBBL3msK7bpJ_LUp4xDyrB-EZD1EaJgD6xo9ysqy6Q" - "tests/server-path.home/webid-oidc/server/path/g/pBBL3msK7bpJ_LUp4xDyrB-EZD1EaJgD6xo9ysqy6Q.lock" - "tests/server-path.home/webid-oidc/server/path/i/l7asoJjJEMhngUeSt4tHVu8Zxx4EFG_FDeJfL3-oPE" - "tests/server-path.home/webid-oidc/server/path/i/l7asoJjJEMhngUeSt4tHVu8Zxx4EFG_FDeJfL3-oPE.lock" - "tests/server-path.home/webid-oidc/server/path/Q/hRrKeOf3iJxfvabWz2CBYAlF_ovDFXqHWcwhhuQhXg" - "tests/server-path.home/webid-oidc/server/path/Q/hRrKeOf3iJxfvabWz2CBYAlF_ovDFXqHWcwhhuQhXg.lock" + "tests/server-path.home/disfluid/server/content/6/8OMG_V5x-KmI6TI" + "tests/server-path.home/disfluid/server/content/X/hqM_2Avn5_egTzs" + "tests/server-path.home/disfluid/server/content/a/68pTwiImTWTpjQl" + "tests/server-path.home/disfluid/server/content/5/n1KPgAd3ng4wSqn" + "tests/server-path.home/disfluid/server/content/D/wxU0ogx5rzRrvu2" + "tests/server-path.home/disfluid/server/content/F/BQKBGrtq6U_M0L7" + "tests/server-path.home/disfluid/server/content/N/gnO8RAS9FpPiO5j" + "tests/server-path.home/disfluid/server/content/n/U46BXbknEaLWZpH" + "tests/server-path.home/disfluid/server/content/y/29x0MEOMybxUqDU" + "tests/server-path.home/disfluid/server/content/b/k7RqZevpCHAumba" + "tests/server-path.home/disfluid/server/content/H/y4S5p1BqTEJi-Jb" + "tests/server-path.home/disfluid/server/content/A/fkGTJRCHc-jHk-V" + "tests/server-path.home/disfluid/server/path/b/FkceBVDI7O39t4bFK02Vu0E7OWtjnjDfAXDLKuREbE" + "tests/server-path.home/disfluid/server/path/b/FkceBVDI7O39t4bFK02Vu0E7OWtjnjDfAXDLKuREbE.lock" + "tests/server-path.home/disfluid/server/path/g/pBBL3msK7bpJ_LUp4xDyrB-EZD1EaJgD6xo9ysqy6Q" + "tests/server-path.home/disfluid/server/path/g/pBBL3msK7bpJ_LUp4xDyrB-EZD1EaJgD6xo9ysqy6Q.lock" + "tests/server-path.home/disfluid/server/path/i/l7asoJjJEMhngUeSt4tHVu8Zxx4EFG_FDeJfL3-oPE" + "tests/server-path.home/disfluid/server/path/i/l7asoJjJEMhngUeSt4tHVu8Zxx4EFG_FDeJfL3-oPE.lock" + "tests/server-path.home/disfluid/server/path/Q/hRrKeOf3iJxfvabWz2CBYAlF_ovDFXqHWcwhhuQhXg" + "tests/server-path.home/disfluid/server/path/Q/hRrKeOf3iJxfvabWz2CBYAlF_ovDFXqHWcwhhuQhXg.lock" )) (with-session (lambda (content-type contained static-content create delete) diff --git a/tests/token-endpoint-issue.scm b/tests/token-endpoint-issue.scm index 9438dfe..3b21f9b 100644 --- a/tests/token-endpoint-issue.scm +++ b/tests/token-endpoint-issue.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -17,6 +17,7 @@ (use-modules (webid-oidc token-endpoint) (webid-oidc authorization-code) (webid-oidc dpop-proof) + (webid-oidc access-token) (webid-oidc jwk) (webid-oidc jws) (webid-oidc jti) @@ -42,16 +43,18 @@ (define issuer (string->uri "https://issuer.token-endpoint-issue.scm")) (define validity 3600) (define authz - (issue-authorization-code - alg key - (time-utc->date (make-time time-utc 0 120)) - subject - client)) + (parameterize ((p:current-date 0)) + (issue-authorization-code + key + #:alg alg + #:validity 120 + #:webid subject + #:client-id client))) (define endpoint (make-token-endpoint (string->uri "https://token-endpoint-issue.scm/token") issuer alg key validity)) - (receive (response response-body user error) + (receive (response response-body . _) ;; The code is fake! (let ((dpop (parameterize ((p:current-date 0)) @@ -72,7 +75,7 @@ "grant_type=authorization_code&code=fake"))) (unless (eq? (response-code response) 400) (exit 3)) - (receive (response response-body user error) + (receive (response response-body . _) (let ((dpop (parameterize ((p:current-date 10)) (issue-dpop-proof @@ -106,12 +109,8 @@ (lambda (h) key)))) (unless access-token (exit 8)) - (let ((access-token-cnf (assq-ref (jws-payload access-token) - 'cnf))) - (unless access-token-cnf + (let ((access-token-cnf/jkt (access-token-cnf/jkt access-token))) + (unless access-token-cnf/jkt (exit 9)) - (let ((access-token-cnf/jkt (assq-ref access-token-cnf 'jkt))) - (unless access-token-cnf/jkt - (exit 10)) - (unless (string=? access-token-cnf/jkt (jkt client-key)) - (exit 11))))))))))) + (unless (string=? access-token-cnf/jkt (jkt client-key)) + (exit 10)))))))))) diff --git a/tests/token-endpoint-refresh.scm b/tests/token-endpoint-refresh.scm index f3d9b52..2d5ece4 100644 --- a/tests/token-endpoint-refresh.scm +++ b/tests/token-endpoint-refresh.scm @@ -1,5 +1,5 @@ -;; webid-oidc, implementation of the Solid specification -;; Copyright (C) 2020, 2021 Vivien Kraus +;; disfluid, implementation of the Solid specification Copyright (C) +;; 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify ;; it under the terms of the GNU Affero General Public License as @@ -47,7 +47,7 @@ (define endpoint (make-token-endpoint (string->uri "https://token-endpoint-issue.scm/token") issuer alg key validity)) - (receive (response response-body user error) + (receive (response response-body . _) ;; The refresh token is fake! (let ((dpop (parameterize ((p:current-date 0)) diff --git a/tests/too-many-refresh-tokens.scm b/tests/too-many-refresh-tokens.scm index 3926da4..aacfbbd 100644 --- a/tests/too-many-refresh-tokens.scm +++ b/tests/too-many-refresh-tokens.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -44,23 +44,25 @@ (second-refresh-token (vector-ref refresh-tokens 20))) (with-exception-handler (lambda (error) - (unless ((record-predicate &invalid-refresh-token) error) + (unless (invalid-refresh-token? error) (exit 1))) (lambda () - (with-refresh-token first-refresh-token key - (lambda (sub aud) - ;; It has been made invalid! - (exit 1)))) + (with-refresh-token + first-refresh-token key + (lambda (sub aud) + ;; It has been made invalid! + (exit 1)))) #:unwind? #t #:unwind-for-type &invalid-refresh-token) - (unless (with-refresh-token second-refresh-token key - (lambda (sub aud) - (format (current-error-port) - "~a / ~a\n" - (uri->string sub) - (uri->string aud)) - (unless (equal? sub (string->uri "https://subject-2.com")) - (exit 2)) - (unless (equal? aud (string->uri "https://client-2.com")) - (exit 3)))) + (unless (with-refresh-token + second-refresh-token key + (lambda (sub aud) + (format (current-error-port) + "~a / ~a\n" + (uri->string sub) + (uri->string aud)) + (unless (equal? sub (string->uri "https://subject-2.com")) + (exit 2)) + (unless (equal? aud (string->uri "https://client-2.com")) + (exit 3)))) (exit 4)))))) diff --git a/tests/unknown-client-locale.scm b/tests/unknown-client-locale.scm deleted file mode 100644 index c2fd4c2..0000000 --- a/tests/unknown-client-locale.scm +++ /dev/null @@ -1,45 +0,0 @@ -;; webid-oidc, implementation of the Solid specification -;; Copyright (C) 2020, 2021 Vivien Kraus - -;; This program is free software: you can redistribute it and/or modify -;; it under the terms of the GNU Affero General Public License as -;; published by the Free Software Foundation, either version 3 of the -;; License, or (at your option) any later version. - -;; This program is distributed in the hope that it will be useful, -;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;; GNU Affero General Public License for more details. - -;; You should have received a copy of the GNU Affero General Public License -;; along with this program. If not, see <https://www.gnu.org/licenses/>. - -(use-modules (webid-oidc authorization-page) - (webid-oidc testing) - (webid-oidc errors) - (web uri) - (srfi srfi-19) - (web response) - (ice-9 optargs) - (ice-9 receive)) - -(with-test-environment - "unknown-client-locale" - (lambda () - (let ((problem-acknowledged #f)) - (receive (response response-body) - (with-exception-handler - (lambda (error) - (unless ((record-predicate &unknown-client-locale) error) - (format (current-error-port) "Huh... ~a\n" (error->str error)) - (exit 1)) - (set! problem-acknowledged #t)) - (lambda () - (authorization-page "qdfkljsmfklsjmf" #f - (string->uri "https://example.com") - (string->uri "https://example.com")))) - (unless (eqv? (response-code response) 200) - (exit 2)) - (unless problem-acknowledged - (exit 3)) - (format (current-error-port) "~a" response-body))))) diff --git a/tests/verification-failed.scm b/tests/verification-failed.scm index f4c22de..5bb5dd0 100644 --- a/tests/verification-failed.scm +++ b/tests/verification-failed.scm @@ -1,4 +1,4 @@ -;; webid-oidc, implementation of the Solid specification +;; disfluid, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify @@ -31,7 +31,7 @@ (signature "lNhmpAX_WwmpBvwhok4E74kWCiGBNdavjLAeevGy32H3dbF0Jbri69Nm2ukkwb-uyUI4AUg_JSskfWIyo4UCbQ")) ;; Replaced 1 with _ (with-exception-handler (lambda (error) - (unless ((record-predicate &invalid-signature) error) + (unless (invalid-signature? error) (exit 1))) (lambda () (verify 'ES256 key payload signature) |