forked from canonical/fosite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authorize_error_test.go
449 lines (440 loc) · 24.2 KB
/
authorize_error_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package fosite_test
import (
"context"
"fmt"
"net/http"
"net/url"
"testing"
"github.com/golang/mock/gomock"
"github.com/stretchr/testify/assert"
. "github.com/ory/fosite"
. "github.com/ory/fosite/internal"
)
// Test for
// - https://tools.ietf.org/html/rfc6749#section-4.1.2.1
// If the request fails due to a missing, invalid, or mismatching
// redirection URI, or if the client identifier is missing or invalid,
// the authorization server SHOULD inform the resource owner of the
// error and MUST NOT automatically redirect the user-agent to the
// invalid redirection URI.
// - https://tools.ietf.org/html/rfc6749#section-3.1.2
// The redirection endpoint URI MUST be an absolute URI as defined by
// [RFC3986] Section 4.3. The endpoint URI MAY include an
// "application/x-www-form-urlencoded" formatted (per Appendix B) query
// component ([RFC3986] Section 3.4), which MUST be retained when adding
// additional query parameters. The endpoint URI MUST NOT include a
// fragment component.
func TestWriteAuthorizeError(t *testing.T) {
var urls = []string{
"https://foobar.com/",
"https://foobar.com/?foo=bar",
}
var purls = []*url.URL{}
for _, u := range urls {
purl, _ := url.Parse(u)
purls = append(purls, purl)
}
header := http.Header{}
for k, c := range []struct {
err *RFC6749Error
debug bool
doNotUseLegacyFormat bool
mock func(*MockResponseWriter, *MockAuthorizeRequester)
checkHeader func(*testing.T, int)
}{
// 0
{
err: ErrInvalidGrant,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(false)
req.EXPECT().GetResponseMode().Return(ResponseModeDefault)
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusBadRequest)
rw.EXPECT().Write(gomock.Any())
},
checkHeader: func(t *testing.T, k int) {
assert.Equal(t, "application/json;charset=UTF-8", header.Get("Content-Type"))
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 1
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code"}))
req.EXPECT().GetResponseMode().Return(ResponseModeQuery).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 2
{
debug: true,
doNotUseLegacyFormat: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code"}))
req.EXPECT().GetResponseMode().Return(ResponseModeQuery).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.+Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.+with-debug&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 3
{
doNotUseLegacyFormat: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code"}))
req.EXPECT().GetResponseMode().Return(ResponseModeQuery).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.+Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 4
{
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code"}))
req.EXPECT().GetResponseMode().Return(ResponseModeDefault).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 5
{
err: ErrInvalidRequest,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code"}))
req.EXPECT().GetResponseMode().Return(ResponseModeQuery).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&foo=bar&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 6
{
err: ErrUnsupportedGrantType,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"foobar"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=unsupported_grant_type&error_description=The+authorization+grant+type+is+not+supported+by+the+authorization+server.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b)
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 7
{
err: ErrInvalidRequest,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 8
{
err: ErrInvalidRequest,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 9
{
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 10
{
err: ErrInvalidRequest.WithDebug("with-debug"),
debug: true,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/#error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 11
{
err: ErrInvalidRequest.WithDebug("with-debug"),
debug: true,
doNotUseLegacyFormat: true,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.+Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.+with-debug&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.NotContains(t, header.Get("Location"), "error_hint")
assert.NotContains(t, header.Get("Location"), "error_debug")
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 12
{
err: ErrInvalidRequest.WithDebug("with-debug"),
doNotUseLegacyFormat: true,
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[0]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.+Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.NotContains(t, header.Get("Location"), "error_hint")
assert.NotContains(t, header.Get("Location"), "error_debug")
assert.NotContains(t, header.Get("Location"), "with-debug")
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 13
{
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=invalid_request&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 14
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"code", "token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 15
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"id_token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 16
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFragment).AnyTimes()
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().WriteHeader(http.StatusSeeOther)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar#error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed.&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate")
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a, b, "\n\t%s\n\t%s", header.Get("Location"), a.String())
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
},
},
// 17
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().AnyTimes().Return(Arguments([]string{"token"}))
req.EXPECT().GetResponseMode().Return(ResponseModeFormPost).Times(2)
rw.EXPECT().Header().Times(3).Return(header)
rw.EXPECT().Write(gomock.Any()).AnyTimes()
},
checkHeader: func(t *testing.T, k int) {
assert.Equal(t, "no-store", header.Get("Cache-Control"))
assert.Equal(t, "no-cache", header.Get("Pragma"))
assert.Equal(t, "text/html;charset=UTF-8", header.Get("Content-Type"))
},
},
} {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
oauth2 := &Fosite{
Config: &Config{
SendDebugMessagesToClients: c.debug,
UseLegacyErrorFormat: !c.doNotUseLegacyFormat,
},
}
ctrl := gomock.NewController(t)
defer ctrl.Finish()
rw := NewMockResponseWriter(ctrl)
req := NewMockAuthorizeRequester(ctrl)
c.mock(rw, req)
oauth2.WriteAuthorizeError(context.Background(), rw, req, c.err)
c.checkHeader(t, k)
header = http.Header{}
})
}
}
func copyUrl(u *url.URL) *url.URL {
u2, _ := url.Parse(u.String())
return u2
}