MCPcopy
hub / github.com/ory/hydra / TestDecodeAndInvalidateDeviceVerifier

Function TestDecodeAndInvalidateDeviceVerifier

flow/flow_encoding_test.go:409–485  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

407}
408
409func TestDecodeAndInvalidateDeviceVerifier(t *testing.T) {
410 ctx := context.Background()
411 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
412 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
413 ))
414
415 nid := reg.Networker().NetworkID(ctx)
416
417 t.Run("case=successful decode and invalidate with valid device verifier", func(t *testing.T) {
418 testFlow := createTestFlow(nid, flow.DeviceFlowStateUnused)
419
420 deviceVerifier, err := testFlow.ToDeviceVerifier(ctx, reg)
421 require.NoError(t, err)
422 require.NotEmpty(t, deviceVerifier)
423
424 decoded, err := flow.DecodeAndInvalidateDeviceVerifier(ctx, reg, deviceVerifier)
425 require.NoError(t, err)
426 require.NotNil(t, decoded)
427
428 assert.Equal(t, flow.DeviceFlowStateUsed, decoded.State, "State should be DeviceFlowStateUsed after invalidation")
429
430 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
431 })
432
433 t.Run("case=fails when flow has already been used", func(t *testing.T) {
434 testFlow := createTestFlow(nid, flow.DeviceFlowStateUsed)
435
436 deviceVerifier, err := testFlow.ToDeviceVerifier(ctx, reg)
437 require.NoError(t, err)
438
439 _, err = flow.DecodeAndInvalidateDeviceVerifier(ctx, reg, deviceVerifier)
440 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
441 })
442
443 t.Run("case=fails with invalid flow state", func(t *testing.T) {
444 testFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
445
446 deviceVerifier, err := testFlow.ToDeviceVerifier(ctx, reg)
447 require.NoError(t, err)
448
449 _, err = flow.DecodeAndInvalidateDeviceVerifier(ctx, reg, deviceVerifier)
450 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
451 })
452
453 t.Run("case=fails with wrong purpose (device challenge instead of verifier)", func(t *testing.T) {
454 testFlow := createTestFlow(nid, flow.DeviceFlowStateUnused)
455
456 deviceChallenge, err := testFlow.ToDeviceChallenge(ctx, reg)
457 require.NoError(t, err)
458 require.NotEmpty(t, deviceChallenge)
459
460 _, err = flow.DecodeAndInvalidateDeviceVerifier(ctx, reg, deviceChallenge)
461 assert.ErrorIs(t, err, fosite.ErrAccessDenied)
462 })
463
464 t.Run("case=fails with different network ID", func(t *testing.T) {
465 differentNID := uuid.Must(uuid.NewV4())
466 flowWithDifferentNID := createTestFlow(differentNID, flow.DeviceFlowStateUnused)

Callers

nothing calls this directly

Calls 10

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToDeviceVerifierMethod · 0.80
ToDeviceChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65

Tested by

no test coverage detected