Draft showing WIP testing approach.

2020-10-13 12:02:46 -07:00 · 2020-10-13 12:02:46 -07:00 · 358bcd3d11
parent 532f2dec32
commit 358bcd3d11
2 changed files with 203 additions and 0 deletions
--- a/google/internal/oauth/stsExchange.go
+++ b/google/internal/oauth/stsExchange.go
@ -0,0 +1,90 @@
 package externalaccount
 import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
 )
 func ExchangeToken(endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) {
 	client := &http.Client{}
 	data := url.Values{}
 	data.Set("audience", request.Audience)
 	data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
 	data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
 	data.Set("subject_token_type", request.SubjectTokenType)
 	data.Set("subject_token", request.SubjectToken)
 	data.Set("scope", strings.Join(request.Scope, " "))
 	//req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
 	//if err != nil {
 	//	fmt.Errorf("oauth2/google: failed to properly build http request")
 	//}
 	//for key, _ := range headers {
 	//	for _, val := range headers.Values(key) {
 	//		req.Header.Add(key, val)
 	//	}
 	//}
 	//if authentication.ClientID != "" && authentication.ClientSecret != "" {
 	//	plainHeader := authentication.ClientID + ":" + authentication.ClientSecret
 	//	req.Header.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader)))
 	//}
 	//req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
 	authentication.InjectAuthentication(&data, &headers)
 	req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
 	if err != nil {
 		fmt.Errorf("oauth2/google: failed to properly build http request")
 	}
 	for key, _ := range headers {
 		for _, val := range headers.Values(key) {
 			req.Header.Add(key, val)
 		}
 	}
 	req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
 	resp, err := client.Do(req)
 	if err != nil {
 		fmt.Errorf("oauth2/google: invalid response from Secure Token Server: #{err}")
 	}
 	defer resp.Body.Close()
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		fmt.Errorf("oauth2/google: invalid body in Secute Token Server response: #{err}")
 	}
 	var stsResp STSTokenExchangeResponse
 	err = json.Unmarshal(body, &stsResp)
 	if err != nil {
 		fmt.Println(err)
 	}
 	return &stsResp, nil
 }
 type STSTokenExchangeRequest struct {
 	ActingParty struct {
 		ActorToken     string
 		ActorTokenType string
 	}
 	GrantType          string
 	Resource           string
 	Audience           string
 	Scope              []string
 	RequestedTokenType string
 	SubjectToken       string
 	SubjectTokenType   string
 }
 type STSTokenExchangeResponse struct {
 	AccessToken     string `json:"access_token"`
 	IssuedTokenType string `json:"issued_token_type"`
 	TokenType       string `json:"token_type"`
 	ExpiresIn       int    `json:"expires_in"`
 	Scope           string `json:"scope"`
 	RefreshToken    string `json:"refresh_token"`
 }
--- a/google/internal/oauth/stsExchange_test.go
+++ b/google/internal/oauth/stsExchange_test.go
@ -0,0 +1,113 @@
 package externalaccount
 import (
 	"net/http"
 	"net/http/httptest"
 	"testing"
 )
 stsExchange_test.go
 package externalaccount
 import (
 "github.com/google/go-cmp/cmp"
 "golang.org/x/oauth2"
 "net/http"
 "net/http/httptest"
 "testing"
 )
 var auth = ClientAuthentication{
 	AuthStyle: oauth2.AuthStyleInHeader,
 	ClientID: clientID,
 	ClientSecret: clientSecret,
 }
 var tokenRequest = STSTokenExchangeRequest{
 	ActingParty: struct {
 		ActorToken     string
 		ActorTokenType string
 	}{},
 	GrantType:          "urn:ietf:params:oauth:grant-type:token-exchange",
 	Resource:           "",
 	Audience:           "32555940559.apps.googleusercontent.com",  //TODO: Make sure audience is correct in this test (might be mismatched)
 	Scope:              []string{"https://www.googleapis.com/auth/devstorage.full_control"},
 	RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token",
 	SubjectToken:       "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJjNmZhNmY1OTUwYTdjZTQ2NWZjZjI0N2FhMGIwOTQ4MjhhYzk1MmMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEzMzE4NTQxMDA5MDU3Mzc4MzI4IiwiaGQiOiJnb29nbGUuY29tIiwiZW1haWwiOiJpdGh1cmllbEBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJyWUtBTjZwX21rS0U4U2ItN3ZGalBBIiwiaWF0IjoxNjAxNTk0NDY1LCJleHAiOjE2MDE1OTgwNjV9.mWOLjD6ghfgrFNcm_1h-wrpLlKFc2WSS13lu2L5t4549uYhX5DEbI7MmeUEwXSffrns1ljcdbJm4nXymXK3AH6ftRV17O3BnOsWngxKj5eKhzOMF308YNXjBKTDiu_crzjCpf_2ng03IIGbFsTvAUx4wvWhnFO-z4xl2tb13OMCxpkw52dO1ZcFhw0d_1iUj_q0UL9E15ADL4SOr-BVtXerWPhNVBplTw8gzL4HHmo2GGUA_ilQpJzD528BKLygemqy1taXZwOGJEAUYkcKm8DhA0NJWneUyqHN6qbs0wm_d_nZsiFx9CIDblt1dUkgfuPIsno-xrkkkwubcv1WlgA",
 	SubjectTokenType:   "urn:ietf:params:oauth:token-type:jwt",
 }
 var serverReq = http.Request{
 	Method:           "POSTURL:/",
 	URL:              nil,
 	Proto:            "HTTP/1.1",
 	ProtoMajor:       1,
 	ProtoMinor:       1,
 	Header:           map[string][]string{
 		"Accept-Encoding": []string{"gzip"},
 		"Authorization": []string{"Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="},
 		"Content-Length": []string{"1192"},
 		"Content-Type": []string{"application/x-www-form-urlencoded"},
 		"User-Agent": []string{"Go-http-client/1.1"},
 	},
 	Body:             nil, //TODO: Oh god how do I get this...
 	ContentLength:    1192,
 	Close:            false,
 	Host:             "127.0.0.1:41147", //TODO: Does this conflict due to separate addresses?
 	Form:             nil,  //TODO: Should Form, PostForm, TransferEncoding, etc be initialized with Make?
 	PostForm:         nil,
 	MultipartForm:    nil,
 	Trailer:          nil,
 	RemoteAddr:       "127.0.0.1:52760",
 	RequestURI:       "/",
 	TLS:              nil,
 	Cancel:           nil,
 	Response:         nil,
 	//TODO: I hope to God that I don't need to set ctx for the comparison...
 }
 var serverResp = http.Response{
 	Status:           "200 OK",
 	StatusCode:       200,
 	Proto:            "HTTP/1.1",
 	ProtoMajor:       1,
 	ProtoMinor:       1,
 	Header:           map[string][]string{
 		"Connection":[]string{"keep-alive"},
 		"Content-Length":[]string{"362"},
 		"Content-Type":[]string{"application/json; charset=utf-8"},
 		"Date":[]string{"Wed, 07 Oct 2020 21:54:27 GMT"},
 		"X-Powered-By":[]string{"Express"},
 	},
 	Body:             nil,
 	ContentLength:    0,
 	TransferEncoding: nil,
 	Close:            false,
 	Uncompressed:     false,
 	Trailer:          nil,
 	Request:          nil,
 	TLS:              nil,
 }
 func TestExchangeToken(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if diff := cmp.Diff(*r, serverReq); diff != "" {
 			t.Errorf("mismatched messages received by mock server (-want +got): \n%s", diff)
 		}
 		return
 	}))
 	headers := make(map[string][]string)
 	headers["Content-Type"] = []string{"application/x-www-form-urlencoded"}
 	//TODO: Call TokenExchange, make sure I get the right results
 	resp, err := ExchangeToken(ts.URL, &tokenRequest, auth, headers, nil)
 	if err != nil {
 		t.Errorf("ExchangeToken failed with error: %s", err)
 	}
 }