forked from Mirrors/oauth2
Draft showing WIP testing approach.
This commit is contained in:
parent
5d25da1a8d
commit
9ed4d33b3a
|
@ -0,0 +1,90 @@
|
|||
package externalaccount
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func ExchangeToken(endpoint string, request *STSTokenExchangeRequest, authentication ClientAuthentication, headers http.Header, options map[string]interface{}) (*STSTokenExchangeResponse, error) {
|
||||
|
||||
client := &http.Client{}
|
||||
|
||||
data := url.Values{}
|
||||
data.Set("audience", request.Audience)
|
||||
data.Set("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange")
|
||||
data.Set("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
|
||||
data.Set("subject_token_type", request.SubjectTokenType)
|
||||
data.Set("subject_token", request.SubjectToken)
|
||||
data.Set("scope", strings.Join(request.Scope, " "))
|
||||
|
||||
//req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
|
||||
//if err != nil {
|
||||
// fmt.Errorf("oauth2/google: failed to properly build http request")
|
||||
//}
|
||||
//for key, _ := range headers {
|
||||
// for _, val := range headers.Values(key) {
|
||||
// req.Header.Add(key, val)
|
||||
// }
|
||||
//}
|
||||
//if authentication.ClientID != "" && authentication.ClientSecret != "" {
|
||||
// plainHeader := authentication.ClientID + ":" + authentication.ClientSecret
|
||||
// req.Header.Add("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(plainHeader)))
|
||||
//}
|
||||
//req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
|
||||
authentication.InjectAuthentication(&data, &headers)
|
||||
req, err := http.NewRequest("POST", endpoint, strings.NewReader(data.Encode()))
|
||||
if err != nil {
|
||||
fmt.Errorf("oauth2/google: failed to properly build http request")
|
||||
}
|
||||
for key, _ := range headers {
|
||||
for _, val := range headers.Values(key) {
|
||||
req.Header.Add(key, val)
|
||||
}
|
||||
}
|
||||
req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
|
||||
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
fmt.Errorf("oauth2/google: invalid response from Secure Token Server: #{err}")
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
body, err := ioutil.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
fmt.Errorf("oauth2/google: invalid body in Secute Token Server response: #{err}")
|
||||
}
|
||||
var stsResp STSTokenExchangeResponse
|
||||
err = json.Unmarshal(body, &stsResp)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
}
|
||||
return &stsResp, nil
|
||||
}
|
||||
|
||||
type STSTokenExchangeRequest struct {
|
||||
ActingParty struct {
|
||||
ActorToken string
|
||||
ActorTokenType string
|
||||
}
|
||||
GrantType string
|
||||
Resource string
|
||||
Audience string
|
||||
Scope []string
|
||||
RequestedTokenType string
|
||||
SubjectToken string
|
||||
SubjectTokenType string
|
||||
}
|
||||
|
||||
type STSTokenExchangeResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
IssuedTokenType string `json:"issued_token_type"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
Scope string `json:"scope"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
}
|
|
@ -0,0 +1,113 @@
|
|||
package externalaccount
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
stsExchange_test.go
|
||||
|
||||
package externalaccount
|
||||
|
||||
import (
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"golang.org/x/oauth2"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
)
|
||||
|
||||
var auth = ClientAuthentication{
|
||||
AuthStyle: oauth2.AuthStyleInHeader,
|
||||
ClientID: clientID,
|
||||
ClientSecret: clientSecret,
|
||||
}
|
||||
|
||||
var tokenRequest = STSTokenExchangeRequest{
|
||||
ActingParty: struct {
|
||||
ActorToken string
|
||||
ActorTokenType string
|
||||
}{},
|
||||
GrantType: "urn:ietf:params:oauth:grant-type:token-exchange",
|
||||
Resource: "",
|
||||
Audience: "32555940559.apps.googleusercontent.com", //TODO: Make sure audience is correct in this test (might be mismatched)
|
||||
Scope: []string{"https://www.googleapis.com/auth/devstorage.full_control"},
|
||||
RequestedTokenType: "urn:ietf:params:oauth:token-type:access_token",
|
||||
SubjectToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjJjNmZhNmY1OTUwYTdjZTQ2NWZjZjI0N2FhMGIwOTQ4MjhhYzk1MmMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEzMzE4NTQxMDA5MDU3Mzc4MzI4IiwiaGQiOiJnb29nbGUuY29tIiwiZW1haWwiOiJpdGh1cmllbEBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiJyWUtBTjZwX21rS0U4U2ItN3ZGalBBIiwiaWF0IjoxNjAxNTk0NDY1LCJleHAiOjE2MDE1OTgwNjV9.mWOLjD6ghfgrFNcm_1h-wrpLlKFc2WSS13lu2L5t4549uYhX5DEbI7MmeUEwXSffrns1ljcdbJm4nXymXK3AH6ftRV17O3BnOsWngxKj5eKhzOMF308YNXjBKTDiu_crzjCpf_2ng03IIGbFsTvAUx4wvWhnFO-z4xl2tb13OMCxpkw52dO1ZcFhw0d_1iUj_q0UL9E15ADL4SOr-BVtXerWPhNVBplTw8gzL4HHmo2GGUA_ilQpJzD528BKLygemqy1taXZwOGJEAUYkcKm8DhA0NJWneUyqHN6qbs0wm_d_nZsiFx9CIDblt1dUkgfuPIsno-xrkkkwubcv1WlgA",
|
||||
SubjectTokenType: "urn:ietf:params:oauth:token-type:jwt",
|
||||
}
|
||||
|
||||
var serverReq = http.Request{
|
||||
Method: "POSTURL:/",
|
||||
URL: nil,
|
||||
Proto: "HTTP/1.1",
|
||||
ProtoMajor: 1,
|
||||
ProtoMinor: 1,
|
||||
Header: map[string][]string{
|
||||
"Accept-Encoding": []string{"gzip"},
|
||||
"Authorization": []string{"Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="},
|
||||
"Content-Length": []string{"1192"},
|
||||
"Content-Type": []string{"application/x-www-form-urlencoded"},
|
||||
"User-Agent": []string{"Go-http-client/1.1"},
|
||||
},
|
||||
Body: nil, //TODO: Oh god how do I get this...
|
||||
ContentLength: 1192,
|
||||
Close: false,
|
||||
Host: "127.0.0.1:41147", //TODO: Does this conflict due to separate addresses?
|
||||
Form: nil, //TODO: Should Form, PostForm, TransferEncoding, etc be initialized with Make?
|
||||
PostForm: nil,
|
||||
MultipartForm: nil,
|
||||
Trailer: nil,
|
||||
RemoteAddr: "127.0.0.1:52760",
|
||||
RequestURI: "/",
|
||||
TLS: nil,
|
||||
Cancel: nil,
|
||||
Response: nil,
|
||||
//TODO: I hope to God that I don't need to set ctx for the comparison...
|
||||
}
|
||||
|
||||
var serverResp = http.Response{
|
||||
Status: "200 OK",
|
||||
StatusCode: 200,
|
||||
Proto: "HTTP/1.1",
|
||||
ProtoMajor: 1,
|
||||
ProtoMinor: 1,
|
||||
Header: map[string][]string{
|
||||
"Connection":[]string{"keep-alive"},
|
||||
"Content-Length":[]string{"362"},
|
||||
"Content-Type":[]string{"application/json; charset=utf-8"},
|
||||
"Date":[]string{"Wed, 07 Oct 2020 21:54:27 GMT"},
|
||||
"X-Powered-By":[]string{"Express"},
|
||||
},
|
||||
Body: nil,
|
||||
ContentLength: 0,
|
||||
TransferEncoding: nil,
|
||||
Close: false,
|
||||
Uncompressed: false,
|
||||
Trailer: nil,
|
||||
Request: nil,
|
||||
TLS: nil,
|
||||
}
|
||||
|
||||
func TestExchangeToken(t *testing.T) {
|
||||
|
||||
|
||||
|
||||
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if diff := cmp.Diff(*r, serverReq); diff != "" {
|
||||
t.Errorf("mismatched messages received by mock server (-want +got): \n%s", diff)
|
||||
}
|
||||
|
||||
return
|
||||
}))
|
||||
|
||||
headers := make(map[string][]string)
|
||||
headers["Content-Type"] = []string{"application/x-www-form-urlencoded"}
|
||||
|
||||
//TODO: Call TokenExchange, make sure I get the right results
|
||||
resp, err := ExchangeToken(ts.URL, &tokenRequest, auth, headers, nil)
|
||||
if err != nil {
|
||||
t.Errorf("ExchangeToken failed with error: %s", err)
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue