1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
;; webid-oidc, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU Affero General Public License as
;; published by the Free Software Foundation, either version 3 of the
;; License, or (at your option) any later version.
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU Affero General Public License for more details.
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(use-modules (webid-oidc client-manifest)
(webid-oidc cache)
(webid-oidc testing)
(webid-oidc errors)
(web uri)
(srfi srfi-19)
(web response)
(ice-9 optargs)
(ice-9 receive))
;; In this example, the client_id of the oidcRegistration does not
;; match the base URI.
(with-test-environment
"client-manifest-fraudulent"
(lambda ()
(define the-current-time 0)
(define (current-time)
(make-time time-utc 0 the-current-time))
(define what-to-respond
(build-response #:headers '((content-type text/turtle))))
(define what-to-respond-body
"{
\"client_id\" : \"https://app.example.com/id#app\",
\"redirect_uris\" : [\"https://app.example.com/callback\"],
\"client_name\" : \"Solid Application Name\",
\"client_uri\" : \"https://app.example.com/\",
\"logo_uri\" : \"https://app.example.com/logo.png\",
\"tos_uri\" : \"https://app.example.com/tos.html\",
\"scope\" : \"openid profile offline_access\",
\"grant_types\" : [\"refresh_token\",\"authorization_code\"],
\"response_types\" : [\"code\"],
\"default_max_age\" : 60000,
\"require_auth_time\" : true
}")
(define headers-to-expect
'())
(define uri-to-expect
(string->uri "https://fraudulent-app.example.com/id#app"))
(define* (respond uri #:key (headers '()))
(when (string? uri)
(set! uri (string->uri uri)))
(unless (equal? uri uri-to-expect)
(exit 1))
(unless (equal? headers headers-to-expect)
(exit 2))
(values what-to-respond what-to-respond-body))
(define cache-http-get
(with-cache
#:current-time current-time
#:http-get respond))
(with-exception-handler
(lambda (error)
(unless ((record-predicate &inconsistent-client-manifest-id)
((record-accessor &cannot-fetch-client-manifest 'cause) error))
(exit 3)))
(lambda ()
(get-client-manifest
(string->uri "https://fraudulent-app.example.com/id#app")
#:http-get cache-http-get)
(exit 4))
#:unwind? #t
#:unwind-for-type &cannot-fetch-client-manifest)))
|
