1 files changed, 66 insertions, 0 deletions

diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm
new file mode 100644
index 0000000..c12643e
--- /dev/null
+++ b/tests/client-manifest-fraudulent.scm
@@ -0,0 +1,66 @@
+(use-modules (webid-oidc client-manifest)
+             (webid-oidc cache)
+             (webid-oidc testing)
+             (webid-oidc errors)
+             (web uri)
+             (srfi srfi-19)
+             (web response)
+             (ice-9 optargs)
+             (ice-9 receive))
+
+;; In this example, the client_id of the oidcRegistration does not
+;; match the base URI.
+
+(with-test-environment
+ "client-manifest-fraudulent"
+ (lambda ()
+   (define the-current-time 0)
+   (define (current-time)
+     (make-time time-utc 0 the-current-time))
+   (define what-to-respond
+     (build-response #:headers '((content-type text/turtle))))
+   (define what-to-respond-body
+     "@prefix solid: <http://www.w3.org/ns/solid/terms#> .
+
+<#app> solid:oidcRegistration \"\"\"{
+    \"client_id\" : \"https://app.example.com/id#app\",
+    \"redirect_uris\" : [\"https://app.example.com/callback\"],
+    \"client_name\" : \"Solid Application Name\",
+    \"client_uri\" : \"https://app.example.com/\",
+    \"logo_uri\" : \"https://app.example.com/logo.png\",
+    \"tos_uri\" : \"https://app.example.com/tos.html\",
+    \"scope\" : \"openid profile offline_access\",
+    \"grant_types\" : [\"refresh_token\",\"authorization_code\"],
+    \"response_types\" : [\"code\"],
+    \"default_max_age\" : 60000,
+    \"require_auth_time\" : true
+    }\"\"\" .
+")
+   (define headers-to-expect
+     '((accept (text/turtle))))
+   (define uri-to-expect
+     (string->uri "https://fraudulent-app.example.com/id#app"))
+   (define* (respond uri #:key (headers '()))
+     (when (string? uri)
+       (set! uri (string->uri uri)))
+     (unless (equal? uri uri-to-expect)
+       (exit 1))
+     (unless (equal? headers headers-to-expect)
+       (exit 2))
+     (values what-to-respond what-to-respond-body))
+   (define cache-http-get
+     (with-cache
+      #:current-time current-time
+      #:http-get respond))
+   (with-exception-handler
+       (lambda (error)
+         (unless ((record-predicate &inconsistent-client-manifest-id)
+                  ((record-accessor &cannot-fetch-client-manifest 'cause) error))
+           (exit 3)))
+     (lambda ()
+       (get-client-manifest
+        (string->uri "https://fraudulent-app.example.com/id#app")
+        #:http-get cache-http-get)
+       (exit 4))
+     #:unwind? #t
+     #:unwind-for-type &cannot-fetch-client-manifest)))