MCPcopy
hub / github.com/ory/hydra / TestDecodeFromDeviceChallenge

Function TestDecodeFromDeviceChallenge

flow/flow_encoding_test.go:332–407  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

330}
331
332func TestDecodeFromDeviceChallenge(t *testing.T) {
333 ctx := t.Context()
334 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
335 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
336 ))
337
338 nid := reg.Networker().NetworkID(ctx)
339 testFlow := createTestFlow(nid, flow.DeviceFlowStateUnused)
340
341 t.Run("case=successful decode with valid device challenge", func(t *testing.T) {
342 deviceChallenge, err := testFlow.ToDeviceChallenge(ctx, reg)
343 require.NoError(t, err)
344 require.NotEmpty(t, deviceChallenge)
345
346 decoded, err := flow.DecodeFromDeviceChallenge(ctx, reg, deviceChallenge)
347 require.NoError(t, err)
348 require.NotNil(t, decoded)
349
350 assert.Equal(t, testFlow.ID, decoded.ID)
351 assert.Equal(t, testFlow.NID, decoded.NID)
352 assert.Equal(t, testFlow.RequestedScope, decoded.RequestedScope)
353 assert.Equal(t, testFlow.Subject, decoded.Subject)
354
355 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
356
357 t.Run("decodes deterministically", func(t *testing.T) {
358 second, err := flow.DecodeFromDeviceChallenge(ctx, reg, deviceChallenge)
359 require.NoError(t, err)
360 assert.Equal(t, decoded, second)
361 })
362 })
363
364 t.Run("case=fails with wrong purpose (login challenge instead of device)", func(t *testing.T) {
365 loginChallenge, err := testFlow.ToLoginChallenge(ctx, reg)
366 require.NoError(t, err)
367 require.NotEmpty(t, loginChallenge)
368
369 decoded, err := flow.DecodeFromDeviceChallenge(ctx, reg, loginChallenge)
370 assert.Error(t, err)
371 assert.Nil(t, decoded)
372 assert.ErrorIs(t, err, x.ErrNotFound)
373 })
374
375 t.Run("case=fails with different network ID", func(t *testing.T) {
376 flowWithDifferentNID := createTestFlow(uuid.Must(uuid.NewV4()), flow.DeviceFlowStateUnused)
377
378 deviceChallenge, err := flow.Encode(ctx, reg.FlowCipher(), flowWithDifferentNID, flow.AsDeviceChallenge)
379 require.NoError(t, err)
380 require.NotEmpty(t, deviceChallenge)
381
382 _, err = flow.DecodeFromDeviceChallenge(ctx, reg, deviceChallenge)
383 assert.ErrorIs(t, err, x.ErrNotFound)
384 })
385
386 t.Run("case=fails with expired request", func(t *testing.T) {
387 expiredFlow := createTestFlow(nid, flow.DeviceFlowStateUnused)
388 expiredFlow.RequestedAt = time.Now().Add(-2 * time.Hour)
389

Callers

nothing calls this directly

Calls 13

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToDeviceChallengeMethod · 0.80
ToLoginChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65
AddMethod · 0.65
NowMethod · 0.65

Tested by

no test coverage detected