From 4508b846b551745e91e83e6128982397e029d7e5 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Mon, 30 Nov 2020 23:13:17 +0100 Subject: Fetch a client manifest on the web --- tests/Makefile.am | 5 ++- tests/client-manifest-fraudulent.scm | 66 ++++++++++++++++++++++++++++ tests/client-manifest-public.scm | 33 ++++++++++++++ tests/client-manifest.scm | 85 ++++++++++++++++++++++++++++++++++++ 4 files changed, 188 insertions(+), 1 deletion(-) create mode 100644 tests/client-manifest-fraudulent.scm create mode 100644 tests/client-manifest-public.scm create mode 100644 tests/client-manifest.scm (limited to 'tests') diff --git a/tests/Makefile.am b/tests/Makefile.am index 2eb0db6..bce5c10 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -23,7 +23,10 @@ TESTS = %reldir%/load-library.scm \ %reldir%/dpop-proof-iat-in-future.scm \ %reldir%/dpop-proof-iat-too-late.scm \ %reldir%/dpop-proof-wrong-key.scm \ - %reldir%/dpop-proof-replay.scm + %reldir%/dpop-proof-replay.scm \ + %reldir%/client-manifest-public.scm \ + %reldir%/client-manifest.scm \ + %reldir%/client-manifest-fraudulent.scm EXTRA_DIST += $(TESTS) diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm new file mode 100644 index 0000000..c12643e --- /dev/null +++ b/tests/client-manifest-fraudulent.scm @@ -0,0 +1,66 @@ +(use-modules (webid-oidc client-manifest) + (webid-oidc cache) + (webid-oidc testing) + (webid-oidc errors) + (web uri) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +;; In this example, the client_id of the oidcRegistration does not +;; match the base URI. + +(with-test-environment + "client-manifest-fraudulent" + (lambda () + (define the-current-time 0) + (define (current-time) + (make-time time-utc 0 the-current-time)) + (define what-to-respond + (build-response #:headers '((content-type text/turtle)))) + (define what-to-respond-body + "@prefix solid: . + +<#app> solid:oidcRegistration \"\"\"{ + \"client_id\" : \"https://app.example.com/id#app\", + \"redirect_uris\" : [\"https://app.example.com/callback\"], + \"client_name\" : \"Solid Application Name\", + \"client_uri\" : \"https://app.example.com/\", + \"logo_uri\" : \"https://app.example.com/logo.png\", + \"tos_uri\" : \"https://app.example.com/tos.html\", + \"scope\" : \"openid profile offline_access\", + \"grant_types\" : [\"refresh_token\",\"authorization_code\"], + \"response_types\" : [\"code\"], + \"default_max_age\" : 60000, + \"require_auth_time\" : true + }\"\"\" . +") + (define headers-to-expect + '((accept (text/turtle)))) + (define uri-to-expect + (string->uri "https://fraudulent-app.example.com/id#app")) + (define* (respond uri #:key (headers '())) + (when (string? uri) + (set! uri (string->uri uri))) + (unless (equal? uri uri-to-expect) + (exit 1)) + (unless (equal? headers headers-to-expect) + (exit 2)) + (values what-to-respond what-to-respond-body)) + (define cache-http-get + (with-cache + #:current-time current-time + #:http-get respond)) + (with-exception-handler + (lambda (error) + (unless ((record-predicate &inconsistent-client-manifest-id) + ((record-accessor &cannot-fetch-client-manifest 'cause) error)) + (exit 3))) + (lambda () + (get-client-manifest + (string->uri "https://fraudulent-app.example.com/id#app") + #:http-get cache-http-get) + (exit 4)) + #:unwind? #t + #:unwind-for-type &cannot-fetch-client-manifest))) diff --git a/tests/client-manifest-public.scm b/tests/client-manifest-public.scm new file mode 100644 index 0000000..e285782 --- /dev/null +++ b/tests/client-manifest-public.scm @@ -0,0 +1,33 @@ +(use-modules (webid-oidc client-manifest) + (webid-oidc testing) + (webid-oidc errors) + (web uri) + (srfi srfi-19) + (web response)) + +(with-test-environment + "client-manifest-public" + (lambda () + (define mf + (get-client-manifest + (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient") + #:http-get + (lambda args + (exit 1)))) + (define id (client-manifest-client-id mf)) + (unless (equal? id (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient")) + (exit 2)) + (unless (client-manifest-check-redirect-uri mf "https://example.com") + (exit 3)) + (with-exception-handler + (lambda (error) + (unless ((record-predicate &cannot-serve-public-manifest) error) + (exit 4))) + (lambda () + (serve-client-manifest + (time-utc->date + (make-time time-utc 0 0)) + mf) + (exit 5)) + #:unwind? #t + #:unwind-for-type &cannot-serve-public-manifest))) diff --git a/tests/client-manifest.scm b/tests/client-manifest.scm new file mode 100644 index 0000000..cee586c --- /dev/null +++ b/tests/client-manifest.scm @@ -0,0 +1,85 @@ +(use-modules (webid-oidc client-manifest) + (webid-oidc cache) + (webid-oidc testing) + (webid-oidc errors) + (web uri) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +(with-test-environment + "client-manifest" + (lambda () + (define what-to-respond + (build-response #:headers '((content-type text/turtle)))) + (define what-to-respond-body + "@prefix solid: . + +<#app> solid:oidcRegistration \"\"\"{ + \"client_id\" : \"https://app.example.com/id#app\", + \"redirect_uris\" : [\"https://app.example.com/callback\"], + \"client_name\" : \"Solid Application Name\", + \"client_uri\" : \"https://app.example.com/\", + \"logo_uri\" : \"https://app.example.com/logo.png\", + \"tos_uri\" : \"https://app.example.com/tos.html\", + \"scope\" : \"openid profile offline_access\", + \"grant_types\" : [\"refresh_token\",\"authorization_code\"], + \"response_types\" : [\"code\"], + \"default_max_age\" : 60000, + \"require_auth_time\" : true + }\"\"\" . +") + (define* (respond uri #:key (headers '())) + (unless (equal? headers '((accept (text/turtle)))) + (exit 1)) + (when (string? uri) + (set! uri (string->uri uri))) + (unless (equal? uri + (string->uri "https://app.example.com/id#app")) + (exit 2)) + (values what-to-respond what-to-respond-body)) + (define current-time 0) + (define cache-http-get + (with-cache + #:current-time + (lambda () + (make-time time-utc 0 current-time)) + #:http-get respond)) + (define mf + (get-client-manifest + (string->uri "https://app.example.com/id#app") + #:http-get cache-http-get)) + (define id (client-manifest-client-id mf)) + (unless (equal? id (string->uri "https://app.example.com/id#app")) + (exit 3)) + (unless (client-manifest-check-redirect-uri mf "https://app.example.com/callback") + (exit 4)) + (with-exception-handler + (lambda (error) + (unless ((record-predicate &unauthorized-redirection-uri) error) + (exit 5))) + (lambda () + (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback") + (exit 55)) + #:unwind? #t + #:unwind-for-type &unauthorized-redirection-uri) + (receive (response response-body) + (serve-client-manifest + (time-utc->date (make-time time-utc 0 3600)) + mf) + (unless (equal? (response-content-type response) '(text/turtle)) + (exit 6)) + (set! what-to-respond response) + (set! what-to-respond-body response-body) + (set! current-time 10) + (let ((re-parsed (get-client-manifest + (string->uri "https://app.example.com/id#app") + #:http-get cache-http-get))) + (map (lambda (key) + (unless (equal? (assq-ref mf key) + (assq-ref re-parsed key)) + (exit 9))) + '(client_id redirect_uris client_name client_uri + logo_uri tos_uri scope grant_types response_types + default_max_age require_auth_time)))))) -- cgit v1.2.3