You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-07 17:03:01 +03:00
94 lines
2.7 KiB
Rust
94 lines
2.7 KiB
Rust
// Copyright 2022 Kévin Commaille.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
use assert_matches::assert_matches;
|
|
use mas_oidc_client::{
|
|
error::{IdTokenError, UserInfoError},
|
|
requests::userinfo::fetch_userinfo,
|
|
};
|
|
use serde_json::json;
|
|
use wiremock::{
|
|
matchers::{header, method, path},
|
|
Mock, ResponseTemplate,
|
|
};
|
|
|
|
use crate::{id_token, init_test, ACCESS_TOKEN, SUBJECT_IDENTIFIER};
|
|
|
|
#[tokio::test]
|
|
async fn pass_fetch_userinfo() {
|
|
let (http_service, mock_server, issuer) = init_test().await;
|
|
let userinfo_endpoint = issuer.join("userinfo").unwrap();
|
|
let (auth_id_token, _) = id_token(issuer.as_str());
|
|
|
|
Mock::given(method("GET"))
|
|
.and(path("/userinfo"))
|
|
.and(header(
|
|
"authorization",
|
|
format!("Bearer {ACCESS_TOKEN}").as_str(),
|
|
))
|
|
.respond_with(ResponseTemplate::new(200).set_body_json(json!({
|
|
"sub": SUBJECT_IDENTIFIER,
|
|
"email": "janedoe@example.com",
|
|
})))
|
|
.mount(&mock_server)
|
|
.await;
|
|
|
|
let claims = fetch_userinfo(
|
|
&http_service,
|
|
&userinfo_endpoint,
|
|
ACCESS_TOKEN,
|
|
None,
|
|
&auth_id_token,
|
|
)
|
|
.await
|
|
.unwrap();
|
|
|
|
assert_eq!(claims.get("email").unwrap(), "janedoe@example.com");
|
|
}
|
|
|
|
#[tokio::test]
|
|
async fn fail_wrong_subject_identifier() {
|
|
let (http_service, mock_server, issuer) = init_test().await;
|
|
let userinfo_endpoint = issuer.join("userinfo").unwrap();
|
|
let (auth_id_token, _) = id_token(issuer.as_str());
|
|
|
|
Mock::given(method("GET"))
|
|
.and(path("/userinfo"))
|
|
.and(header(
|
|
"authorization",
|
|
format!("Bearer {ACCESS_TOKEN}").as_str(),
|
|
))
|
|
.respond_with(ResponseTemplate::new(200).set_body_json(json!({
|
|
"sub": "wrong_subject_identifier",
|
|
"email": "janedoe@example.com",
|
|
})))
|
|
.mount(&mock_server)
|
|
.await;
|
|
|
|
let error = fetch_userinfo(
|
|
&http_service,
|
|
&userinfo_endpoint,
|
|
ACCESS_TOKEN,
|
|
None,
|
|
&auth_id_token,
|
|
)
|
|
.await
|
|
.unwrap_err();
|
|
|
|
assert_matches!(
|
|
error,
|
|
UserInfoError::IdToken(IdTokenError::WrongSubjectIdentifier)
|
|
);
|
|
}
|