(t *testing.T)
| 135 | } |
| 136 | |
| 137 | func TestNewDeviceRequestWithClientAuthn(t *testing.T) { |
| 138 | ctrl := gomock.NewController(t) |
| 139 | store := internal.NewMockStorage(ctrl) |
| 140 | clientManager := internal.NewMockClientManager(ctrl) |
| 141 | hasher := internal.NewMockHasher(ctrl) |
| 142 | client := &DefaultClient{ID: "client_id"} |
| 143 | t.Cleanup(ctrl.Finish) |
| 144 | config := &Config{ClientSecretsHasher: hasher, ScopeStrategy: ExactScopeStrategy, AudienceMatchingStrategy: DefaultAudienceMatchingStrategy} |
| 145 | fosite := &Fosite{Store: store, Config: config} |
| 146 | |
| 147 | client.Public = false |
| 148 | client.Secret = []byte("client_secret") |
| 149 | client.Scopes = []string{"foo", "bar"} |
| 150 | client.GrantTypes = []string{"urn:ietf:params:oauth:grant-type:device_code"} |
| 151 | |
| 152 | for k, c := range []struct { |
| 153 | header http.Header |
| 154 | form url.Values |
| 155 | method string |
| 156 | expectedError error |
| 157 | mock func() |
| 158 | expect DeviceRequester |
| 159 | description string |
| 160 | }{ |
| 161 | { |
| 162 | form: url.Values{ |
| 163 | "client_id": {"client_id"}, |
| 164 | "scope": {"foo bar"}, |
| 165 | }, |
| 166 | expectedError: ErrInvalidClient, |
| 167 | method: "POST", |
| 168 | mock: func() { |
| 169 | store.EXPECT().FositeClientManager().Return(clientManager).Times(1) |
| 170 | clientManager.EXPECT().GetClient(gomock.Any(), gomock.Eq("client_id")).Return(client, nil) |
| 171 | hasher.EXPECT().Compare(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New("")) |
| 172 | }, |
| 173 | description: "Should failed becaue no client authn provided.", |
| 174 | }, |
| 175 | { |
| 176 | form: url.Values{ |
| 177 | "client_id": {"client_id2"}, |
| 178 | "scope": {"foo bar"}, |
| 179 | }, |
| 180 | header: http.Header{ |
| 181 | "Authorization": {basicAuth("client_id", "client_secret")}, |
| 182 | }, |
| 183 | expectedError: ErrInvalidRequest, |
| 184 | method: "POST", |
| 185 | mock: func() { |
| 186 | store.EXPECT().FositeClientManager().Return(clientManager).Times(1) |
| 187 | clientManager.EXPECT().GetClient(gomock.Any(), gomock.Eq("client_id")).Return(client, nil) |
| 188 | hasher.EXPECT().Compare(gomock.Any(), gomock.Eq([]byte("client_secret")), gomock.Eq([]byte("client_secret"))).Return(nil) |
| 189 | }, |
| 190 | description: "should fail because different client is used in authn than in form", |
| 191 | }, |
| 192 | { |
| 193 | form: url.Values{ |
| 194 | "client_id": {"client_id"}, |
nothing calls this directly
no test coverage detected