MCPcopy
hub / github.com/ory/hydra / TestDecodeAndInvalidateLoginVerifier

Function TestDecodeAndInvalidateLoginVerifier

flow/flow_encoding_test.go:240–330  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

238}
239
240func TestDecodeAndInvalidateLoginVerifier(t *testing.T) {
241 ctx := t.Context()
242 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
243 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
244 ))
245
246 nid := reg.Networker().NetworkID(ctx)
247
248 t.Run("case=successful decode and invalidate with valid login verifier", func(t *testing.T) {
249 testFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
250
251 loginVerifier, err := testFlow.ToLoginVerifier(ctx, reg)
252 require.NoError(t, err)
253 require.NotEmpty(t, loginVerifier)
254
255 decoded, err := flow.DecodeAndInvalidateLoginVerifier(ctx, reg, loginVerifier)
256 require.NoError(t, err)
257
258 // Verify that InvalidateLoginRequest was called
259 assert.Equal(t, flow.FlowStateLoginUsed, decoded.State, "State should be FlowStateLoginUsed after invalidation")
260
261 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
262 })
263
264 t.Run("case=fails when flow has already been used", func(t *testing.T) {
265 testFlow := createTestFlow(nid, flow.FlowStateLoginUsed)
266
267 loginVerifier, err := testFlow.ToLoginVerifier(ctx, reg)
268 require.NoError(t, err)
269
270 _, err = flow.DecodeAndInvalidateLoginVerifier(ctx, reg, loginVerifier)
271 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
272 })
273
274 t.Run("case=fails with invalid flow state", func(t *testing.T) {
275 testFlow := createTestFlow(nid, flow.FlowStateConsentUnused)
276
277 loginVerifier, err := testFlow.ToLoginVerifier(ctx, reg)
278 require.NoError(t, err)
279
280 _, err = flow.DecodeAndInvalidateLoginVerifier(ctx, reg, loginVerifier)
281 assert.ErrorIs(t, err, fosite.ErrInvalidRequest)
282 })
283
284 t.Run("case=fails with wrong purpose (login challenge instead of verifier)", func(t *testing.T) {
285 testFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
286
287 loginChallenge, err := testFlow.ToLoginChallenge(ctx, reg)
288 require.NoError(t, err)
289 require.NotEmpty(t, loginChallenge)
290
291 _, err = flow.DecodeAndInvalidateLoginVerifier(ctx, reg, loginChallenge)
292 assert.ErrorIs(t, err, fosite.ErrAccessDenied)
293 })
294
295 t.Run("case=fails with different network ID", func(t *testing.T) {
296 differentNID := uuid.Must(uuid.NewV4())
297 flowWithDifferentNID := createTestFlow(differentNID, flow.FlowStateLoginUnused)

Callers

nothing calls this directly

Calls 10

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToLoginVerifierMethod · 0.80
ToLoginChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65

Tested by

no test coverage detected