tests/client-manifest-fraudulent.scm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

(use-modules (webid-oidc client-manifest)
             (webid-oidc cache)
             (webid-oidc testing)
             (webid-oidc errors)
             (web uri)
             (srfi srfi-19)
             (web response)
             (ice-9 optargs)
             (ice-9 receive))

;; In this example, the client_id of the oidcRegistration does not
;; match the base URI.

(with-test-environment
 "client-manifest-fraudulent"
 (lambda ()
   (define the-current-time 0)
   (define (current-time)
     (make-time time-utc 0 the-current-time))
   (define what-to-respond
     (build-response #:headers '((content-type text/turtle))))
   (define what-to-respond-body
     "@prefix solid: <http://www.w3.org/ns/solid/terms#> .

<#app> solid:oidcRegistration \"\"\"{
    \"client_id\" : \"https://app.example.com/id#app\",
    \"redirect_uris\" : [\"https://app.example.com/callback\"],
    \"client_name\" : \"Solid Application Name\",
    \"client_uri\" : \"https://app.example.com/\",
    \"logo_uri\" : \"https://app.example.com/logo.png\",
    \"tos_uri\" : \"https://app.example.com/tos.html\",
    \"scope\" : \"openid profile offline_access\",
    \"grant_types\" : [\"refresh_token\",\"authorization_code\"],
    \"response_types\" : [\"code\"],
    \"default_max_age\" : 60000,
    \"require_auth_time\" : true
    }\"\"\" .
")
   (define headers-to-expect
     '((accept (text/turtle))))
   (define uri-to-expect
     (string->uri "https://fraudulent-app.example.com/id#app"))
   (define* (respond uri #:key (headers '()))
     (when (string? uri)
       (set! uri (string->uri uri)))
     (unless (equal? uri uri-to-expect)
       (exit 1))
     (unless (equal? headers headers-to-expect)
       (exit 2))
     (values what-to-respond what-to-respond-body))
   (define cache-http-get
     (with-cache
      #:current-time current-time
      #:http-get respond))
   (with-exception-handler
       (lambda (error)
         (unless ((record-predicate &inconsistent-client-manifest-id)
                  ((record-accessor &cannot-fetch-client-manifest 'cause) error))
           (exit 3)))
     (lambda ()
       (get-client-manifest
        (string->uri "https://fraudulent-app.example.com/id#app")
        #:http-get cache-http-get)
       (exit 4))
     #:unwind? #t
     #:unwind-for-type &cannot-fetch-client-manifest)))