From 94dd29912cf969321870921c752a80c4e984b6aa Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Fri, 4 Dec 2020 19:23:04 +0100 Subject: Make an authorization endpoint --- tests/Makefile.am | 5 +- tests/authorization-endpoint-get-form.scm | 43 ++++++++++++ tests/authorization-endpoint-no-args.scm | 36 ++++++++++ tests/authorization-endpoint-submit-form.scm | 101 +++++++++++++++++++++++++++ 4 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 tests/authorization-endpoint-get-form.scm create mode 100644 tests/authorization-endpoint-no-args.scm create mode 100644 tests/authorization-endpoint-submit-form.scm (limited to 'tests') diff --git a/tests/Makefile.am b/tests/Makefile.am index 2d09363..457d462 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -30,7 +30,10 @@ TESTS = %reldir%/load-library.scm \ %reldir%/refresh-token.scm \ %reldir%/too-many-refresh-tokens.scm \ %reldir%/refresh-token-with-wrong-key.scm \ - %reldir%/unknown-client-locale.scm + %reldir%/unknown-client-locale.scm \ + %reldir%/authorization-endpoint-no-args.scm \ + %reldir%/authorization-endpoint-get-form.scm \ + %reldir%/authorization-endpoint-submit-form.scm EXTRA_DIST += $(TESTS) %reldir%/ChangeLog diff --git a/tests/authorization-endpoint-get-form.scm b/tests/authorization-endpoint-get-form.scm new file mode 100644 index 0000000..d6fabe9 --- /dev/null +++ b/tests/authorization-endpoint-get-form.scm @@ -0,0 +1,43 @@ +(use-modules (webid-oidc authorization-endpoint) + (webid-oidc jwk) + (webid-oidc testing) + (web uri) + (web request) + (web response) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +(with-test-environment + "authorization-endpoint-get-form" + (lambda () + (define alg 'RS256) + (define key (generate-key #:n-size 2048)) + (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me")) + (define password "p4ssw0rd") + (define validity 120) + (define the-time 0) + (define (current-time) + (make-time time-utc 0 the-time)) + (define* (http-get uri #:key (headers '())) + (exit 2)) + (define endpoint + (make-authorization-endpoint + subject password alg key validity + #:http-get http-get + #:current-time current-time)) + (receive (response response-body) + (endpoint + (build-request (string->uri + (format #f "https://authorization-endpoint-get-form.scm/authorize?client_id=~a&redirect_uri=~a" + (uri-encode "https://authorization-endpoint-get-form.scm/client/card#app") + (uri-encode "https://authorization-endpoint-get-form.scm/client/redirect")))) + "") + (unless (eq? (response-code response) 200) + (exit 3)) + (unless (response-content-type response) + (exit 4)) + (unless (eq? (car (response-content-type response)) + 'application/xhtml+xml) + (exit 5))))) diff --git a/tests/authorization-endpoint-no-args.scm b/tests/authorization-endpoint-no-args.scm new file mode 100644 index 0000000..04ab575 --- /dev/null +++ b/tests/authorization-endpoint-no-args.scm @@ -0,0 +1,36 @@ +(use-modules (webid-oidc authorization-endpoint) + (webid-oidc jwk) + (webid-oidc testing) + (web uri) + (web request) + (web response) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +(with-test-environment + "authorization-endpoint-get-form" + (lambda () + (define alg 'RS256) + (define key (generate-key #:n-size 2048)) + (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me")) + (define password "p4ssw0rd") + (define validity 120) + (define the-time 0) + (define (current-time) + (make-time time-utc 0 the-time)) + (define* (http-get uri #:key (headers '())) + (exit 2)) + (define endpoint + (make-authorization-endpoint + subject password alg key validity + #:http-get http-get + #:current-time current-time)) + (receive (response response-body) + (endpoint + (build-request (string->uri + "https://authorization-endpoint-get-form.scm/authorize")) + "") + (unless (eq? (response-code response) 400) + (exit 3))))) diff --git a/tests/authorization-endpoint-submit-form.scm b/tests/authorization-endpoint-submit-form.scm new file mode 100644 index 0000000..156bf4e --- /dev/null +++ b/tests/authorization-endpoint-submit-form.scm @@ -0,0 +1,101 @@ +(use-modules (webid-oidc authorization-endpoint) + (webid-oidc authorization-code) + (webid-oidc client-manifest) + (webid-oidc jwk) + (webid-oidc cache) + (webid-oidc jti) + (webid-oidc testing) + (web uri) + (web request) + (web response) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +(with-test-environment + "authorization-endpoint-submit-form" + (lambda () + (define alg 'RS256) + (define key (generate-key #:n-size 2048)) + (define subject (string->uri "https://authorization-endpoint-submit-form.scm/profile/card#me")) + (define client (string->uri "https://authorization-endpoint-submit-form.scm/client/card#app")) + (define redirect (string->uri "https://authorization-endpoint-submit-form.scm/client/redirect")) + (define password "p4ssw0rd") + (define validity 120) + (define the-time 0) + (define (current-time) + (make-time time-utc 0 the-time)) + (define what-uri-to-expect client) + (define served + (receive (response response-body) + (serve-client-manifest + (time-utc->date (make-time time-utc 0 3600)) + (make-client-manifest client (list redirect))) + (cons response response-body))) + (define the-response (car served)) + (define the-response-body (cdr served)) + (define* (http-get uri #:key (headers '())) + (unless (equal? uri what-uri-to-expect) + (exit 2)) + (values the-response the-response-body)) + (define cached-http-get + (with-cache #:http-get http-get + #:current-time current-time)) + (define jti-list (make-jti-list)) + (define endpoint + (make-authorization-endpoint + subject password alg key validity + #:http-get cached-http-get + #:current-time current-time)) + (receive (response response-body) + ;; The password is fake! + (endpoint + (build-request (string->uri + (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" + (uri-encode (uri->string client)) + (uri-encode (uri->string redirect)))) + #:headers '((content-type application/x-www-form-urlencoded)) + #:method 'POST + #:port #t) + "password=fake") + (when (eq? (response-code response) 302) + (exit 3))) + (receive (response response-body) + (endpoint + (build-request (string->uri + (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" + (uri-encode (uri->string client)) + (uri-encode (uri->string redirect)))) + #:headers '((content-type application/x-www-form-urlencoded)) + #:method 'POST + #:port #t) + "password=p4ssw0rd") + (unless (eq? (response-code response) 302) + (exit 4)) + (let ((loc (response-location response))) + (unless (uri? loc) + (exit 5)) + (let ((loc-scheme (uri-scheme loc)) + (loc-host (uri-host loc)) + (loc-path (uri-path loc)) + (loc-query (uri-query loc))) + (unless (eq? loc-scheme 'https) + (exit 6)) + (unless (string=? loc-host "authorization-endpoint-submit-form.scm") + (exit 7)) + (unless (string=? loc-path "/client/redirect") + (exit 8)) + (let* ((kv (string-split loc-query #\&)) + (args (map (lambda (x) + (map uri-decode (string-split x #\=))) + kv))) + (unless (assoc-ref args "code") + (exit 9)) + (let ((parsed (authorization-code-decode + 60 + jti-list + (car (assoc-ref args "code")) + key))) + (unless parsed + (exit 10))))))))) -- cgit v1.2.3