MCPcopy
hub / github.com/ory/hydra / TestDecodeFromLoginChallenge

Function TestDecodeFromLoginChallenge

flow/flow_encoding_test.go:86–161  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

84}
85
86func TestDecodeFromLoginChallenge(t *testing.T) {
87 ctx := t.Context()
88 reg := testhelpers.NewRegistryMemory(t, driver.WithConfigOptions(
89 configx.WithValue(config.KeyConsentRequestMaxAge, time.Hour),
90 ))
91
92 nid := reg.Networker().NetworkID(ctx)
93 testFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
94
95 t.Run("case=successful decode with valid login challenge", func(t *testing.T) {
96 loginChallenge, err := testFlow.ToLoginChallenge(ctx, reg)
97 require.NoError(t, err)
98 require.NotEmpty(t, loginChallenge)
99
100 decoded, err := flow.DecodeFromLoginChallenge(ctx, reg, loginChallenge)
101 require.NoError(t, err)
102 require.NotNil(t, decoded)
103
104 assert.Equal(t, testFlow.ID, decoded.ID)
105 assert.Equal(t, testFlow.NID, decoded.NID)
106 assert.Equal(t, testFlow.RequestedScope, decoded.RequestedScope)
107 assert.Equal(t, testFlow.Subject, decoded.Subject)
108
109 snapshotx.SnapshotT(t, decoded, snapshotx.ExceptPaths("n", "ia"))
110
111 t.Run("decodes deterministically", func(t *testing.T) {
112 second, err := flow.DecodeFromLoginChallenge(ctx, reg, loginChallenge)
113 require.NoError(t, err)
114 assert.Equal(t, decoded, second)
115 })
116 })
117
118 t.Run("case=fails with wrong purpose (consent challenge instead of login)", func(t *testing.T) {
119 consentChallenge, err := testFlow.ToConsentChallenge(ctx, reg)
120 require.NoError(t, err)
121 require.NotEmpty(t, consentChallenge)
122
123 decoded, err := flow.DecodeFromLoginChallenge(ctx, reg, consentChallenge)
124 assert.Error(t, err)
125 assert.Nil(t, decoded)
126 assert.ErrorIs(t, err, x.ErrNotFound)
127 })
128
129 t.Run("case=fails with different network ID", func(t *testing.T) {
130 flowWithDifferentNID := createTestFlow(uuid.Must(uuid.NewV4()), flow.FlowStateLoginUnused)
131
132 loginChallenge, err := flow.Encode(ctx, reg.FlowCipher(), flowWithDifferentNID, flow.AsLoginChallenge)
133 require.NoError(t, err)
134 require.NotEmpty(t, loginChallenge)
135
136 _, err = flow.DecodeFromLoginChallenge(ctx, reg, loginChallenge)
137 assert.ErrorIs(t, err, x.ErrNotFound)
138 })
139
140 t.Run("case=fails with expired request", func(t *testing.T) {
141 expiredFlow := createTestFlow(nid, flow.FlowStateLoginUnused)
142 expiredFlow.RequestedAt = time.Now().Add(-2 * time.Hour)
143

Callers

nothing calls this directly

Calls 13

NewRegistryMemoryFunction · 0.92
WithConfigOptionsFunction · 0.92
DecodeFromLoginChallengeFunction · 0.92
EncodeFunction · 0.92
createTestFlowFunction · 0.85
ToLoginChallengeMethod · 0.80
ToConsentChallengeMethod · 0.80
NetworkIDMethod · 0.65
NetworkerMethod · 0.65
FlowCipherMethod · 0.65
AddMethod · 0.65
NowMethod · 0.65

Tested by

no test coverage detected