(t *testing.T)
| 1124 | } |
| 1125 | |
| 1126 | func TestStrategyDeviceLoginConsent(t *testing.T) { |
| 1127 | t.Parallel() |
| 1128 | |
| 1129 | ctx := context.Background() |
| 1130 | reg := testhelpers.NewRegistryMemory(t) |
| 1131 | reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque") |
| 1132 | reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour) |
| 1133 | reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour) |
| 1134 | reg.Config().MustSet(ctx, config.KeyScopeStrategy, "exact") |
| 1135 | reg.Config().MustSet(ctx, config.KeySubjectTypesSupported, []string{"pairwise", "public"}) |
| 1136 | reg.Config().MustSet(ctx, config.KeySubjectIdentifierAlgorithmSalt, "76d5d2bf-747f-4592-9fbd-d2b895a54b3a") |
| 1137 | |
| 1138 | publicTS, adminTS := testhelpers.NewOAuth2Server(ctx, t, reg) |
| 1139 | adminClient := hydra.NewAPIClient(hydra.NewConfiguration()) |
| 1140 | adminClient.GetConfig().Servers = hydra.ServerConfigurations{{URL: adminTS.URL}} |
| 1141 | |
| 1142 | oauth2Config := func(t *testing.T, c *client.Client) *oauth2.Config { |
| 1143 | return &oauth2.Config{ |
| 1144 | ClientID: c.GetID(), |
| 1145 | ClientSecret: c.Secret, |
| 1146 | Endpoint: oauth2.Endpoint{ |
| 1147 | DeviceAuthURL: publicTS.URL + "/oauth2/device/auth", |
| 1148 | TokenURL: publicTS.URL + "/oauth2/token", |
| 1149 | AuthStyle: oauth2.AuthStyleInHeader, |
| 1150 | }, |
| 1151 | } |
| 1152 | } |
| 1153 | |
| 1154 | now := 1723546027 // Unix timestamps must round-trip through Hydra without converting to floats or similar |
| 1155 | acceptDeviceHandler := func(t *testing.T) http.HandlerFunc { |
| 1156 | return checkAndAcceptDeviceHandler(t, adminClient) |
| 1157 | } |
| 1158 | |
| 1159 | acceptLoginHandler := func(t *testing.T, subject string, payload *hydra.AcceptOAuth2LoginRequest) http.HandlerFunc { |
| 1160 | return checkAndAcceptLoginHandler(t, adminClient, subject, func(*testing.T, *hydra.OAuth2LoginRequest, error) hydra.AcceptOAuth2LoginRequest { |
| 1161 | if payload == nil { |
| 1162 | return hydra.AcceptOAuth2LoginRequest{} |
| 1163 | } |
| 1164 | return *payload |
| 1165 | }) |
| 1166 | } |
| 1167 | |
| 1168 | acceptConsentHandler := func(t *testing.T, payload *hydra.AcceptOAuth2ConsentRequest) http.HandlerFunc { |
| 1169 | return checkAndAcceptConsentHandler(t, adminClient, func(*testing.T, *hydra.OAuth2ConsentRequest, error) hydra.AcceptOAuth2ConsentRequest { |
| 1170 | if payload == nil { |
| 1171 | return hydra.AcceptOAuth2ConsentRequest{} |
| 1172 | } |
| 1173 | return *payload |
| 1174 | }) |
| 1175 | } |
| 1176 | |
| 1177 | createDefaultClient := func(t *testing.T) *client.Client { |
| 1178 | c := &client.Client{GrantTypes: []string{"urn:ietf:params:oauth:grant-type:device_code"}} |
| 1179 | return createClient(t, reg, c) |
| 1180 | } |
| 1181 | t.Run("case=should pass if both login and consent are granted and check remember flows as well as various payloads", func(t *testing.T) { |
| 1182 | subject := "aeneas-rekkas" |
| 1183 | c := createDefaultClient(t) |
nothing calls this directly
no test coverage detected