(t *testing.T)
| 161 | } |
| 162 | |
| 163 | func TestDecodeFromConsentChallenge(t *testing.T) { |
| 164 | ctx := t.Context() |
| 165 | reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions( |
| 166 | configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour), |
| 167 | )) |
| 168 | |
| 169 | nid := reg.Networker().NetworkID(ctx) |
| 170 | testFlow := createTestFlow(nid, flow.FlowStateConsentUnused) |
| 171 | |
| 172 | t.Run("case=successful decode with valid consent challenge", func(t *testing.T) { |
| 173 | consentChallenge, err := testFlow.ToConsentChallenge(ctx, reg) |
| 174 | require.NoError(t, err) |
| 175 | require.NotEmpty(t, consentChallenge) |
| 176 | |
| 177 | decoded, err := flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge) |
| 178 | require.NoError(t, err) |
| 179 | require.NotNil(t, decoded) |
| 180 | |
| 181 | assert.Equal(t, testFlow.ID, decoded.ID) |
| 182 | assert.Equal(t, testFlow.NID, decoded.NID) |
| 183 | assert.Equal(t, testFlow.RequestedScope, decoded.RequestedScope) |
| 184 | assert.Equal(t, testFlow.Subject, decoded.Subject) |
| 185 | |
| 186 | snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia")) |
| 187 | |
| 188 | t.Run("decodes deterministically", func(t *testing.T) { |
| 189 | second, err := flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge) |
| 190 | require.NoError(t, err) |
| 191 | assert.Equal(t, decoded, second) |
| 192 | }) |
| 193 | }) |
| 194 | |
| 195 | t.Run("case=fails with wrong purpose (login challenge instead of consent)", func(t *testing.T) { |
| 196 | loginChallenge, err := testFlow.ToLoginChallenge(ctx, reg) |
| 197 | require.NoError(t, err) |
| 198 | require.NotEmpty(t, loginChallenge) |
| 199 | |
| 200 | decoded, err := flow.DecodeFromConsentChallenge(ctx, reg, loginChallenge) |
| 201 | assert.Error(t, err) |
| 202 | assert.Nil(t, decoded) |
| 203 | assert.ErrorIs(t, err, x.ErrNotFound) |
| 204 | }) |
| 205 | |
| 206 | t.Run("case=fails with different network ID", func(t *testing.T) { |
| 207 | flowWithDifferentNID := createTestFlow(uuid.Must(uuid.NewV4()), flow.FlowStateConsentUnused) |
| 208 | |
| 209 | consentChallenge, err := flow.Encode(ctx, reg.FlowCipher(), flowWithDifferentNID, flow.AsConsentChallenge) |
| 210 | require.NoError(t, err) |
| 211 | require.NotEmpty(t, consentChallenge) |
| 212 | |
| 213 | _, err = flow.DecodeFromConsentChallenge(ctx, reg, consentChallenge) |
| 214 | assert.ErrorIs(t, err, x.ErrNotFound) |
| 215 | }) |
| 216 | |
| 217 | t.Run("case=fails with expired request", func(t *testing.T) { |
| 218 | expiredFlow := createTestFlow(nid, flow.FlowStateConsentUnused) |
| 219 | expiredFlow.RequestedAt = time.Now().Add(-2 * time.Hour) |
| 220 |
nothing calls this directly
no test coverage detected