;; webid-oidc, implementation of the Solid specification ;; Copyright (C) 2020, 2021 Vivien Kraus ;; This program is free software: you can redistribute it and/or modify ;; it under the terms of the GNU Affero General Public License as ;; published by the Free Software Foundation, either version 3 of the ;; License, or (at your option) any later version. ;; This program is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU Affero General Public License for more details. ;; You should have received a copy of the GNU Affero General Public License ;; along with this program. If not, see . (use-modules (webid-oidc authorization-endpoint) (webid-oidc authorization-code) (webid-oidc client-manifest) (webid-oidc jwk) (webid-oidc cache) (webid-oidc jti) (webid-oidc testing) ((webid-oidc parameters) #:prefix p:) (web uri) (web request) (web response) (srfi srfi-19) (web response) (ice-9 optargs) (ice-9 receive)) (with-test-environment "authorization-endpoint-submit-form" (lambda () (define alg 'RS256) (define key (generate-key #:n-size 2048)) (define subject (string->uri "https://authorization-endpoint-submit-form.scm/profile/card#me")) (define client (string->uri "https://authorization-endpoint-submit-form.scm/client/card#app")) (define redirect (string->uri "https://authorization-endpoint-submit-form.scm/client/redirect")) (define password "p4ssw0rd") (define encrypted-password (crypt password "$6$this.is.the.salt")) (define validity 120) (define what-uri-to-expect client) (define served (receive (response response-body) (serve-client-manifest (time-utc->date (make-time time-utc 0 3600)) (make-client-manifest client (list redirect))) (cons response response-body))) (define the-response (car served)) (define the-response-body (cdr served)) (define* (http-get uri #:key (headers '())) (unless (equal? uri what-uri-to-expect) (exit 2)) (values the-response the-response-body)) (define cached-http-get (with-cache #:http-get http-get)) (define endpoint (make-authorization-endpoint subject encrypted-password alg key validity #:http-get cached-http-get)) (receive (response response-body) ;; The password is fake! (parameterize ((p:current-date 0)) (endpoint (build-request (string->uri (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" (uri-encode (uri->string client)) (uri-encode (uri->string redirect)))) #:headers '((content-type application/x-www-form-urlencoded)) #:method 'POST #:port #t) "password=fake")) (when (eq? (response-code response) 302) (exit 3))) (receive (response response-body) (parameterize ((p:current-date 0)) (endpoint (build-request (string->uri (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" (uri-encode (uri->string client)) (uri-encode (uri->string redirect)))) #:headers '((content-type application/x-www-form-urlencoded)) #:method 'POST #:port #t) "password=p4ssw0rd")) (unless (eq? (response-code response) 302) (exit 4)) (let ((loc (response-location response))) (unless (uri? loc) (exit 5)) (let ((loc-scheme (uri-scheme loc)) (loc-host (uri-host loc)) (loc-path (uri-path loc)) (loc-query (uri-query loc))) (unless (eq? loc-scheme 'https) (exit 6)) (unless (string=? loc-host "authorization-endpoint-submit-form.scm") (exit 7)) (unless (string=? loc-path "/client/redirect") (exit 8)) (let* ((kv (string-split loc-query #\&)) (args (map (lambda (x) (map uri-decode (string-split x #\=))) kv))) (unless (assoc-ref args "code") (exit 9)) (let ((parsed (parameterize ((p:current-date 60)) (authorization-code-decode (car (assoc-ref args "code")) key)))) (unless parsed (exit 10)))))))))