MCPcopy
hub / github.com/ory/hydra / TestDecodeAndInvalidateConsentVerifier

Function TestDecodeAndInvalidateConsentVerifier

flow/flow_encoding_test.go:487–577  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

485}
486
487func TestDecodeAndInvalidateConsentVerifier(t *testing.T) {
488 ctx := t.Context()
489 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
490 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
491 ))
492
493 nid := reg.Networker().NetworkID(ctx)
494
495 t.Run("case=successful decode and invalidate with valid consent verifier", func(t *testing.T) {
496 testFlow := createTestFlow(nid, flow.FlowStateConsentUnused)
497
498 consentVerifier, err := testFlow.ToConsentVerifier(ctx, reg)
499 require.NoError(t, err)
500 require.NotEmpty(t, consentVerifier)
501
502 decoded, err := flow.DecodeAndInvalidateConsentVerifier(ctx, reg, consentVerifier)
503 require.NoError(t, err)
504
505 // Verify that InvalidateConsentRequest was called
506 assert.Equal(t, flow.FlowStateConsentUsed, decoded.State, "State should be FlowStateConsentUsed after invalidation")
507
508 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
509 })
510
511 t.Run("case=fails when flow has already been used", func(t *testing.T) {
512 testFlow := createTestFlow(nid, flow.FlowStateConsentUsed)
513
514 consentVerifier, err := testFlow.ToConsentVerifier(ctx, reg)
515 require.NoError(t, err)
516
517 _, err = flow.DecodeAndInvalidateConsentVerifier(ctx, reg, consentVerifier)
518 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
519 })
520
521 t.Run("case=fails with invalid flow state", func(t *testing.T) {
522 testFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
523
524 consentVerifier, err := testFlow.ToConsentVerifier(ctx, reg)
525 require.NoError(t, err)
526
527 _, err = flow.DecodeAndInvalidateConsentVerifier(ctx, reg, consentVerifier)
528 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
529 })
530
531 t.Run("case=fails with wrong purpose (consent challenge instead of verifier)", func(t *testing.T) {
532 testFlow := createTestFlow(nid, flow.FlowStateConsentUnused)
533
534 consentChallenge, err := testFlow.ToConsentChallenge(ctx, reg)
535 require.NoError(t, err)
536 require.NotEmpty(t, consentChallenge)
537
538 _, err = flow.DecodeAndInvalidateConsentVerifier(ctx, reg, consentChallenge)
539 assert.ErrorIs(t, err, fosite.ErrAccessDenied)
540 })
541
542 t.Run("case=fails with different network ID", func(t *testing.T) {
543 differentNID := uuid.Must(uuid.NewV4())
544 flowWithDifferentNID := createTestFlow(differentNID, flow.FlowStateConsentUnused)

Callers

nothing calls this directly

Calls 10

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToConsentVerifierMethod · 0.80
ToConsentChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65

Tested by

no test coverage detected