blob: f379e383037ea9a10cb89a645bce824bd62835ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
;; webid-oidc, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU Affero General Public License for more details.
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(use-modules (webid-oidc authorization-endpoint)
(webid-oidc authorization-code)
(webid-oidc client-manifest)
(webid-oidc jwk)
(webid-oidc cache)
(webid-oidc jti)
(webid-oidc testing)
(web uri)
(web request)
(web response)
(srfi srfi-19)
(web response)
(ice-9 optargs)
(ice-9 receive))
(with-test-environment
"authorization-endpoint-submit-form"
(lambda ()
(define alg 'RS256)
(define key (generate-key #:n-size 2048))
(define subject (string->uri "https://authorization-endpoint-submit-form.scm/profile/card#me"))
(define client (string->uri "https://authorization-endpoint-submit-form.scm/client/card#app"))
(define redirect (string->uri "https://authorization-endpoint-submit-form.scm/client/redirect"))
(define password "p4ssw0rd")
(define encrypted-password (crypt password "$6$this.is.the.salt"))
(define validity 120)
(define the-time 0)
(define (current-time)
(make-time time-utc 0 the-time))
(define what-uri-to-expect client)
(define served
(receive (response response-body)
(serve-client-manifest
(time-utc->date (make-time time-utc 0 3600))
(make-client-manifest client (list redirect)))
(cons response response-body)))
(define the-response (car served))
(define the-response-body (cdr served))
(define* (http-get uri #:key (headers '()))
(unless (equal? uri what-uri-to-expect)
(exit 2))
(values the-response the-response-body))
(define cached-http-get
(with-cache #:http-get http-get
#:current-time current-time))
(define jti-list (make-jti-list))
(define endpoint
(make-authorization-endpoint
subject encrypted-password alg key validity
#:http-get cached-http-get
#:current-time current-time))
(receive (response response-body)
;; The password is fake!
(endpoint
(build-request (string->uri
(format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
(uri-encode (uri->string client))
(uri-encode (uri->string redirect))))
#:headers '((content-type application/x-www-form-urlencoded))
#:method 'POST
#:port #t)
"password=fake")
(when (eq? (response-code response) 302)
(exit 3)))
(receive (response response-body)
(endpoint
(build-request (string->uri
(format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
(uri-encode (uri->string client))
(uri-encode (uri->string redirect))))
#:headers '((content-type application/x-www-form-urlencoded))
#:method 'POST
#:port #t)
"password=p4ssw0rd")
(unless (eq? (response-code response) 302)
(exit 4))
(let ((loc (response-location response)))
(unless (uri? loc)
(exit 5))
(let ((loc-scheme (uri-scheme loc))
(loc-host (uri-host loc))
(loc-path (uri-path loc))
(loc-query (uri-query loc)))
(unless (eq? loc-scheme 'https)
(exit 6))
(unless (string=? loc-host "authorization-endpoint-submit-form.scm")
(exit 7))
(unless (string=? loc-path "/client/redirect")
(exit 8))
(let* ((kv (string-split loc-query #\&))
(args (map (lambda (x)
(map uri-decode (string-split x #\=)))
kv)))
(unless (assoc-ref args "code")
(exit 9))
(let ((parsed (authorization-code-decode
60
jti-list
(car (assoc-ref args "code"))
key)))
(unless parsed
(exit 10)))))))))
|