MCPcopy
hub / github.com/ory/hydra / TestDecodeFromConsentChallenge

Function TestDecodeFromConsentChallenge

flow/flow_encoding_test.go:163–238  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

161}
162
163func TestDecodeFromConsentChallenge(t *testing.T) {
164 ctx := t.Context()
165 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
166 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
167 ))
168
169 nid := reg.Networker().NetworkID(ctx)
170 testFlow := createTestFlow(nid, flow.FlowStateConsentUnused)
171
172 t.Run("case=successful decode with valid consent challenge", func(t *testing.T) {
173 consentChallenge, err := testFlow.ToConsentChallenge(ctx, reg)
174 require.NoError(t, err)
175 require.NotEmpty(t, consentChallenge)
176
177 decoded, err := flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge)
178 require.NoError(t, err)
179 require.NotNil(t, decoded)
180
181 assert.Equal(t, testFlow.ID, decoded.ID)
182 assert.Equal(t, testFlow.NID, decoded.NID)
183 assert.Equal(t, testFlow.RequestedScope, decoded.RequestedScope)
184 assert.Equal(t, testFlow.Subject, decoded.Subject)
185
186 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
187
188 t.Run("decodes deterministically", func(t *testing.T) {
189 second, err := flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge)
190 require.NoError(t, err)
191 assert.Equal(t, decoded, second)
192 })
193 })
194
195 t.Run("case=fails with wrong purpose (login challenge instead of consent)", func(t *testing.T) {
196 loginChallenge, err := testFlow.ToLoginChallenge(ctx, reg)
197 require.NoError(t, err)
198 require.NotEmpty(t, loginChallenge)
199
200 decoded, err := flow.DecodeFromConsentChallenge(ctx, reg, loginChallenge)
201 assert.Error(t, err)
202 assert.Nil(t, decoded)
203 assert.ErrorIs(t, err, x.ErrNotFound)
204 })
205
206 t.Run("case=fails with different network ID", func(t *testing.T) {
207 flowWithDifferentNID := createTestFlow(uuid.Must(uuid.NewV4()), flow.FlowStateConsentUnused)
208
209 consentChallenge, err := flow.Encode(ctx, reg.FlowCipher(), flowWithDifferentNID, flow.AsConsentChallenge)
210 require.NoError(t, err)
211 require.NotEmpty(t, consentChallenge)
212
213 _, err = flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge)
214 assert.ErrorIs(t, err, x.ErrNotFound)
215 })
216
217 t.Run("case=fails with expired request", func(t *testing.T) {
218 expiredFlow := createTestFlow(nid, flow.FlowStateConsentUnused)
219 expiredFlow.RequestedAt = time.Now().Add(-2 * time.Hour)
220

Callers

nothing calls this directly

Calls 13

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToConsentChallengeMethod · 0.80
ToLoginChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65
AddMethod · 0.65
NowMethod · 0.65

Tested by

no test coverage detected