(t *testing.T)
| 53 | } |
| 54 | |
| 55 | func TestHandler(t *testing.T) { |
| 56 | ctx := context.Background() |
| 57 | reg := testhelpers.NewRegistryMemory(t) |
| 58 | h := client.NewHandler(reg) |
| 59 | |
| 60 | t.Run("create client registration tokens", func(t *testing.T) { |
| 61 | for k, tc := range []struct { |
| 62 | c *client.Client |
| 63 | dynamic bool |
| 64 | }{ |
| 65 | {dynamic: true, c: new(client.Client)}, |
| 66 | {c: new(client.Client)}, |
| 67 | {c: &client.Client{Secret: "01bbf13a-ae3e-44d5-b4b4-dd78137041be"}}, |
| 68 | } { |
| 69 | t.Run(fmt.Sprintf("case=%d/dynamic=%v", k, tc.dynamic), func(t *testing.T) { |
| 70 | var b bytes.Buffer |
| 71 | require.NoError(t, json.NewEncoder(&b).Encode(tc.c)) |
| 72 | r, err := http.NewRequest("POST", "/openid/registration", &b) |
| 73 | require.NoError(t, err) |
| 74 | |
| 75 | hadSecret := len(tc.c.Secret) > 0 |
| 76 | c, err := h.CreateClient(r, func(ctx context.Context, c *client.Client) error { |
| 77 | return nil |
| 78 | }, tc.dynamic) |
| 79 | require.NoError(t, err) |
| 80 | require.NotEqual(t, c.NID, uuid.Nil) |
| 81 | |
| 82 | except := []string{"client_id", "registration_access_token", "updated_at", "created_at", "registration_client_uri"} |
| 83 | require.NotEmpty(t, c.RegistrationAccessToken) |
| 84 | require.NotEqual(t, c.RegistrationAccessTokenSignature, c.RegistrationAccessToken) |
| 85 | if !hadSecret { |
| 86 | require.NotEmpty(t, c.Secret) |
| 87 | except = append(except, "client_secret") |
| 88 | } |
| 89 | |
| 90 | if tc.dynamic { |
| 91 | require.NotEmpty(t, c.GetID()) |
| 92 | assert.Equal(t, reg.Config().PublicURL(ctx).String()+"oauth2/register/"+c.GetID(), c.RegistrationClientURI) |
| 93 | except = append(except, "client_id", "client_secret", "registration_client_uri") |
| 94 | } |
| 95 | |
| 96 | snapshotx.SnapshotT(t, c, snapshotx.ExceptPaths(except...)) |
| 97 | }) |
| 98 | } |
| 99 | }) |
| 100 | |
| 101 | t.Run("dynamic client registration protocol authentication", func(t *testing.T) { |
| 102 | r, err := http.NewRequest("POST", "/openid/registration", bytes.NewBufferString("{}")) |
| 103 | require.NoError(t, err) |
| 104 | expected, err := h.CreateClient(r, func(ctx context.Context, c *client.Client) error { |
| 105 | return nil |
| 106 | }, true) |
| 107 | require.NoError(t, err) |
| 108 | |
| 109 | t.Run("valid auth", func(t *testing.T) { |
| 110 | actual, err := h.ValidDynamicAuth(&http.Request{Header: http.Header{"Authorization": {"Bearer " + expected.RegistrationAccessToken}}}, expected.ID) |
| 111 | require.NoError(t, err, "authentication with registration access token works") |
| 112 | assert.EqualValues(t, expected.GetID(), actual.GetID()) |
nothing calls this directly
no test coverage detected