You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-07 17:03:01 +03:00
a0f5f3c642
This enables a lot more lints than before in some crates, so this fixed a lot of warnings as well.
111 lines
3.5 KiB
Rust
111 lines
3.5 KiB
Rust
// Copyright 2022 Kévin Commaille.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
use std::collections::HashMap;
|
|
|
|
use mas_iana::oauth::{OAuthAccessTokenType, OAuthClientAuthenticationMethod};
|
|
use mas_oidc_client::{
|
|
requests::client_credentials::access_token_with_client_credentials,
|
|
types::scope::{ScopeExt, ScopeToken},
|
|
};
|
|
use oauth2_types::{requests::AccessTokenResponse, scope::Scope};
|
|
use rand::SeedableRng;
|
|
use wiremock::{
|
|
matchers::{method, path},
|
|
Mock, Request, ResponseTemplate,
|
|
};
|
|
|
|
use crate::{client_credentials, init_test, now, ACCESS_TOKEN, CLIENT_ID, CLIENT_SECRET};
|
|
|
|
#[tokio::test]
|
|
async fn pass_access_token_with_client_credentials() {
|
|
let (http_service, mock_server, issuer) = init_test().await;
|
|
let client_credentials = client_credentials(
|
|
&OAuthClientAuthenticationMethod::ClientSecretPost,
|
|
&issuer,
|
|
None,
|
|
);
|
|
let token_endpoint = issuer.join("token").unwrap();
|
|
let scope = [ScopeToken::Profile].into_iter().collect::<Scope>();
|
|
let mut rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
|
|
|
|
Mock::given(method("POST"))
|
|
.and(path("/token"))
|
|
.and(|req: &Request| {
|
|
let query_pairs = form_urlencoded::parse(&req.body).collect::<HashMap<_, _>>();
|
|
|
|
if query_pairs
|
|
.get("grant_type")
|
|
.filter(|s| *s == "client_credentials")
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing grant type");
|
|
return false;
|
|
}
|
|
if query_pairs
|
|
.get("scope")
|
|
.filter(|s| *s == "profile")
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing scope");
|
|
return false;
|
|
}
|
|
if query_pairs
|
|
.get("client_id")
|
|
.filter(|s| *s == CLIENT_ID)
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing client ID");
|
|
return false;
|
|
}
|
|
if query_pairs
|
|
.get("client_secret")
|
|
.filter(|s| *s == CLIENT_SECRET)
|
|
.is_none()
|
|
{
|
|
println!("Wrong or missing client secret");
|
|
return false;
|
|
}
|
|
|
|
true
|
|
})
|
|
.respond_with(
|
|
ResponseTemplate::new(200).set_body_json(AccessTokenResponse {
|
|
access_token: ACCESS_TOKEN.to_owned(),
|
|
refresh_token: None,
|
|
id_token: None,
|
|
token_type: OAuthAccessTokenType::Bearer,
|
|
expires_in: None,
|
|
scope: Some(scope.clone()),
|
|
}),
|
|
)
|
|
.mount(&mock_server)
|
|
.await;
|
|
|
|
let response = access_token_with_client_credentials(
|
|
&http_service,
|
|
client_credentials,
|
|
&token_endpoint,
|
|
Some(scope),
|
|
now(),
|
|
&mut rng,
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
assert_eq!(response.access_token, ACCESS_TOKEN);
|
|
assert_eq!(response.refresh_token, None);
|
|
assert!(response.scope.unwrap().contains_token(&ScopeToken::Profile));
|
|
}
|