You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-06 06:02:40 +03:00
a0f5f3c642
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
109 lines
3.6 KiB
Rust
109 lines
3.6 KiB
Rust
// Copyright 2022 Kévin Commaille.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
use std::collections::HashMap;
|
|
|
|
use mas_iana::oauth::{OAuthClientAuthenticationMethod, OAuthTokenTypeHint};
|
|
use mas_oidc_client::{
|
|
requests::introspection::introspect_token,
|
|
types::scope::{ScopeExt, ScopeToken},
|
|
};
|
|
use oauth2_types::requests::IntrospectionResponse;
|
|
use rand::SeedableRng;
|
|
use wiremock::{
|
|
matchers::{method, path},
|
|
Mock, Request, ResponseTemplate,
|
|
};
|
|
|
|
use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, SUBJECT_IDENTIFIER};
|
|
|
|
#[tokio::test]
|
|
async fn pass_introspect_token() {
|
|
let (http_service, mock_server, issuer) = init_test().await;
|
|
let client_credentials =
|
|
client_credentials(&OAuthClientAuthenticationMethod::None, &issuer, None);
|
|
let introspection_endpoint = issuer.join("introspect").unwrap();
|
|
let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
|
|
|
|
Mock::given(method("POST"))
|
|
.and(path("/introspect"))
|
|
.and(|req: &Request| {
|
|
let query_pairs = form_urlencoded::parse(&req.body).collect::<HashMap<_, _>>();
|
|
|
|
if query_pairs
|
|
.get("token")
|
|
.filter(|s| *s == ACCESS_TOKEN)
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing token");
|
|
return false;
|
|
}
|
|
if query_pairs
|
|
.get("token_type_hint")
|
|
.filter(|s| *s == "access_token")
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing token type hint");
|
|
return false;
|
|
}
|
|
if query_pairs
|
|
.get("client_id")
|
|
.filter(|s| *s == CLIENT_ID)
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing client ID");
|
|
return false;
|
|
}
|
|
|
|
true
|
|
})
|
|
.respond_with(
|
|
ResponseTemplate::new(200).set_body_json(IntrospectionResponse {
|
|
active: true,
|
|
scope: Some([ScopeToken::Profile].into_iter().collect()),
|
|
client_id: Some(CLIENT_ID.to_owned()),
|
|
username: None,
|
|
token_type: Some(OAuthTokenTypeHint::AccessToken),
|
|
exp: None,
|
|
iat: None,
|
|
nbf: None,
|
|
sub: Some(SUBJECT_IDENTIFIER.to_owned()),
|
|
aud: Some(CLIENT_ID.to_owned()),
|
|
iss: Some(issuer.to_string()),
|
|
jti: None,
|
|
}),
|
|
)
|
|
.mount(&mock_server)
|
|
.await;
|
|
|
|
let response = introspect_token(
|
|
&http_service,
|
|
client_credentials.into(),
|
|
&introspection_endpoint,
|
|
ACCESS_TOKEN.to_owned(),
|
|
Some(OAuthTokenTypeHint::AccessToken),
|
|
now(),
|
|
&mut rng,
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
assert!(response.active);
|
|
assert_eq!(response.aud.unwrap(), CLIENT_ID);
|
|
assert!(response.scope.unwrap().contains_token(&ScopeToken::Profile));
|
|
assert_eq!(response.client_id.unwrap(), CLIENT_ID);
|
|
assert_eq!(response.iss.unwrap(), issuer.as_str());
|
|
assert_eq!(response.sub.unwrap(), SUBJECT_IDENTIFIER);
|
|
}
|