oauth2/device_code_flow_test.go - pulsar-client-go - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package oauth2

 import (
 	"errors"
 	"time"

 	"github.com/apache/pulsar-client-go/oauth2/clock"
 	"github.com/apache/pulsar-client-go/oauth2/clock/testing"
 	"golang.org/x/oauth2"

 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )

 type MockDeviceCodeProvider struct {
 	Called                     bool
 	CalledWithAudience         string
 	CalledWithAdditionalScopes []string
 	DeviceCodeResult           *DeviceCodeResult
 	ReturnsError               error
 }

 func (cp *MockDeviceCodeProvider) GetCode(audience string, additionalScopes ...string) (*DeviceCodeResult, error) {
 	cp.Called = true
 	cp.CalledWithAudience = audience
 	cp.CalledWithAdditionalScopes = additionalScopes
 	return cp.DeviceCodeResult, cp.ReturnsError
 }

 type MockDeviceCodeCallback struct {
 	Called           bool
 	DeviceCodeResult *DeviceCodeResult
 	ReturnsError     error
 }

 func (c *MockDeviceCodeCallback) Callback(code *DeviceCodeResult) error {
 	c.Called = true
 	c.DeviceCodeResult = code
 	if c.ReturnsError != nil {
 		return c.ReturnsError
 	}
 	return nil
 }

 var _ = Describe("DeviceCodeFlow", func() {

 	Describe("Authorize", func() {
 		const audience = "test_clientID"

 		var mockClock clock.Clock
 		var mockCodeProvider *MockDeviceCodeProvider
 		var mockTokenExchanger *MockTokenExchanger
 		var mockCallback *MockDeviceCodeCallback
 		var flow *DeviceCodeFlow

 		BeforeEach(func() {
 			mockClock = testing.NewFakeClock(time.Unix(0, 0))

 			mockCodeProvider = &MockDeviceCodeProvider{
 				DeviceCodeResult: &DeviceCodeResult{
 					DeviceCode:              "test_deviceCode",
 					UserCode:                "test_userCode",
 					VerificationURI:         "http://verification_uri",
 					VerificationURIComplete: "http://verification_uri_complete",
 					ExpiresIn:               10,
 					Interval:                5,
 				},
 			}

 			expectedTokens := TokenResult{AccessToken: "accessToken", RefreshToken: "refreshToken", ExpiresIn: 1234}
 			mockTokenExchanger = &MockTokenExchanger{
 				ReturnsTokens: &expectedTokens,
 			}

 			mockCallback = &MockDeviceCodeCallback{}

 			opts := DeviceCodeFlowOptions{
 				IssuerEndpoint:   "http://issuer",
 				ClientID:         "test_clientID",
 				AdditionalScopes: nil,
 				AllowRefresh:     true,
 			}
 			flow = newDeviceCodeFlow(
 				opts,
 				oidcEndpoints,
 				mockCodeProvider,
 				mockTokenExchanger,
 				mockCallback.Callback,
 				mockClock,
 			)
 		})

 		It("invokes DeviceCodeProvider", func() {
 			_, _ = flow.Authorize(audience)
 			Expect(mockCodeProvider.Called).To(BeTrue())
 			Expect(mockCodeProvider.CalledWithAdditionalScopes).To(ContainElement("offline_access"))
 		})

 		It("invokes callback with returned code", func() {
 			_, _ = flow.Authorize(audience)
 			Expect(mockCallback.Called).To(BeTrue())
 			Expect(mockCallback.DeviceCodeResult).To(Equal(mockCodeProvider.DeviceCodeResult))
 		})

 		It("invokes TokenExchanger with returned code", func() {
 			_, _ = flow.Authorize(audience)
 			Expect(mockTokenExchanger.CalledWithRequest).To(Equal(&DeviceCodeExchangeRequest{
 				TokenEndpoint: oidcEndpoints.TokenEndpoint,
 				ClientID:      "test_clientID",
 				PollInterval:  time.Duration(5) * time.Second,
 				DeviceCode:    "test_deviceCode",
 			}))
 		})

 		It("returns an authorization grant", func() {
 			grant, _ := flow.Authorize(audience)
 			Expect(grant).ToNot(BeNil())
 			Expect(grant.Audience).To(Equal(audience))
 			Expect(grant.ClientID).To(Equal("test_clientID"))
 			Expect(grant.ClientCredentials).To(BeNil())
 			Expect(grant.TokenEndpoint).To(Equal(oidcEndpoints.TokenEndpoint))
 			expected := convertToOAuth2Token(mockTokenExchanger.ReturnsTokens, mockClock)
 			Expect(*grant.Token).To(Equal(expected))
 		})
 	})
 })

 var _ = Describe("DeviceAuthorizationGrantRefresher", func() {

 	Describe("Refresh", func() {
 		var mockClock clock.Clock
 		var mockTokenExchanger *MockTokenExchanger
 		var refresher *DeviceAuthorizationGrantRefresher
 		var grant *AuthorizationGrant

 		BeforeEach(func() {
 			mockClock = testing.NewFakeClock(time.Unix(0, 0))

 			mockTokenExchanger = &MockTokenExchanger{}

 			refresher = &DeviceAuthorizationGrantRefresher{
 				exchanger: mockTokenExchanger,
 				clock:     mockClock,
 			}

 			token := oauth2.Token{AccessToken: "gat", RefreshToken: "grt", Expiry: time.Unix(1, 0)}
 			grant = &AuthorizationGrant{
 				Type:          GrantTypeDeviceCode,
 				ClientID:      "test_clientID",
 				TokenEndpoint: oidcEndpoints.TokenEndpoint,
 				Token:         &token,
 			}
 		})

 		It("invokes the token exchanger", func() {
 			mockTokenExchanger.ReturnsTokens = &TokenResult{
 				AccessToken: "new token",
 			}

 			_, _ = refresher.Refresh(grant)
 			Expect(*mockTokenExchanger.RefreshCalledWithRequest).To(Equal(RefreshTokenExchangeRequest{
 				TokenEndpoint: oidcEndpoints.TokenEndpoint,
 				ClientID:      grant.ClientID,
 				RefreshToken:  "grt",
 			}))
 		})

 		It("returns the refreshed access token from the TokenExchanger", func() {
 			mockTokenExchanger.ReturnsTokens = &TokenResult{
 				AccessToken: "new token",
 			}

 			grant, _ = refresher.Refresh(grant)
 			Expect(grant.Token.AccessToken).To(Equal(mockTokenExchanger.ReturnsTokens.AccessToken))
 		})

 		It("preserves the existing refresh token from the TokenExchanger", func() {
 			mockTokenExchanger.ReturnsTokens = &TokenResult{
 				AccessToken: "new token",
 			}

 			grant, _ = refresher.Refresh(grant)
 			Expect(grant.Token.RefreshToken).To(Equal("grt"))
 		})

 		It("returns the refreshed refresh token from the TokenExchanger", func() {
 			mockTokenExchanger.ReturnsTokens = &TokenResult{
 				AccessToken:  "new token",
 				RefreshToken: "new token",
 			}

 			grant, _ = refresher.Refresh(grant)
 			Expect(grant.Token.RefreshToken).To(Equal("new token"))
 		})

 		It("returns a meaningful expiration time", func() {
 			mockTokenExchanger.ReturnsTokens = &TokenResult{
 				AccessToken: "new token",
 				ExpiresIn:   60,
 			}

 			grant, _ = refresher.Refresh(grant)
 			Expect(grant.Token.Expiry).To(Equal(mockClock.Now().Add(time.Duration(60) * time.Second)))
 		})

 		It("returns an error when TokenExchanger does", func() {
 			mockTokenExchanger.ReturnsError = errors.New("someerror")

 			_, err := refresher.Refresh(grant)
 			Expect(err.Error()).To(Equal("could not exchange refresh token: someerror"))
 		})
 	})
 })
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package oauth2

	import (
	"errors"
	"time"

	"github.com/apache/pulsar-client-go/oauth2/clock"
	"github.com/apache/pulsar-client-go/oauth2/clock/testing"
	"golang.org/x/oauth2"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
	)

	type MockDeviceCodeProvider struct {
	Called bool
	CalledWithAudience string
	CalledWithAdditionalScopes []string
	DeviceCodeResult *DeviceCodeResult
	ReturnsError error
	}

	func (cp MockDeviceCodeProvider) GetCode(audience string, additionalScopes ...string) (DeviceCodeResult, error) {
	cp.Called = true
	cp.CalledWithAudience = audience
	cp.CalledWithAdditionalScopes = additionalScopes
	return cp.DeviceCodeResult, cp.ReturnsError
	}

	type MockDeviceCodeCallback struct {
	Called bool
	DeviceCodeResult *DeviceCodeResult
	ReturnsError error
	}

	func (c MockDeviceCodeCallback) Callback(code DeviceCodeResult) error {
	c.Called = true
	c.DeviceCodeResult = code
	if c.ReturnsError != nil {
	return c.ReturnsError
	}
	return nil
	}

	var _ = Describe("DeviceCodeFlow", func() {

	Describe("Authorize", func() {
	const audience = "test_clientID"

	var mockClock clock.Clock
	var mockCodeProvider *MockDeviceCodeProvider
	var mockTokenExchanger *MockTokenExchanger
	var mockCallback *MockDeviceCodeCallback
	var flow *DeviceCodeFlow

	BeforeEach(func() {
	mockClock = testing.NewFakeClock(time.Unix(0, 0))

	mockCodeProvider = &MockDeviceCodeProvider{
	DeviceCodeResult: &DeviceCodeResult{
	DeviceCode: "test_deviceCode",
	UserCode: "test_userCode",
	VerificationURI: "http://verification_uri",
	VerificationURIComplete: "http://verification_uri_complete",
	ExpiresIn: 10,
	Interval: 5,
	},
	}

	expectedTokens := TokenResult{AccessToken: "accessToken", RefreshToken: "refreshToken", ExpiresIn: 1234}
	mockTokenExchanger = &MockTokenExchanger{
	ReturnsTokens: &expectedTokens,
	}

	mockCallback = &MockDeviceCodeCallback{}

	opts := DeviceCodeFlowOptions{
	IssuerEndpoint: "http://issuer",
	ClientID: "test_clientID",
	AdditionalScopes: nil,
	AllowRefresh: true,
	}
	flow = newDeviceCodeFlow(
	opts,
	oidcEndpoints,
	mockCodeProvider,
	mockTokenExchanger,
	mockCallback.Callback,
	mockClock,
	)
	})

	It("invokes DeviceCodeProvider", func() {
	_, _ = flow.Authorize(audience)
	Expect(mockCodeProvider.Called).To(BeTrue())
	Expect(mockCodeProvider.CalledWithAdditionalScopes).To(ContainElement("offline_access"))
	})

	It("invokes callback with returned code", func() {
	_, _ = flow.Authorize(audience)
	Expect(mockCallback.Called).To(BeTrue())
	Expect(mockCallback.DeviceCodeResult).To(Equal(mockCodeProvider.DeviceCodeResult))
	})

	It("invokes TokenExchanger with returned code", func() {
	_, _ = flow.Authorize(audience)
	Expect(mockTokenExchanger.CalledWithRequest).To(Equal(&DeviceCodeExchangeRequest{
	TokenEndpoint: oidcEndpoints.TokenEndpoint,
	ClientID: "test_clientID",
	PollInterval: time.Duration(5) * time.Second,
	DeviceCode: "test_deviceCode",
	}))
	})

	It("returns an authorization grant", func() {
	grant, _ := flow.Authorize(audience)
	Expect(grant).ToNot(BeNil())
	Expect(grant.Audience).To(Equal(audience))
	Expect(grant.ClientID).To(Equal("test_clientID"))
	Expect(grant.ClientCredentials).To(BeNil())
	Expect(grant.TokenEndpoint).To(Equal(oidcEndpoints.TokenEndpoint))
	expected := convertToOAuth2Token(mockTokenExchanger.ReturnsTokens, mockClock)
	Expect(*grant.Token).To(Equal(expected))
	})
	})
	})

	var _ = Describe("DeviceAuthorizationGrantRefresher", func() {

	Describe("Refresh", func() {
	var mockClock clock.Clock
	var mockTokenExchanger *MockTokenExchanger
	var refresher *DeviceAuthorizationGrantRefresher
	var grant *AuthorizationGrant

	BeforeEach(func() {
	mockClock = testing.NewFakeClock(time.Unix(0, 0))

	mockTokenExchanger = &MockTokenExchanger{}

	refresher = &DeviceAuthorizationGrantRefresher{
	exchanger: mockTokenExchanger,
	clock: mockClock,
	}

	token := oauth2.Token{AccessToken: "gat", RefreshToken: "grt", Expiry: time.Unix(1, 0)}
	grant = &AuthorizationGrant{
	Type: GrantTypeDeviceCode,
	ClientID: "test_clientID",
	TokenEndpoint: oidcEndpoints.TokenEndpoint,
	Token: &token,
	}
	})

	It("invokes the token exchanger", func() {
	mockTokenExchanger.ReturnsTokens = &TokenResult{
	AccessToken: "new token",
	}

	_, _ = refresher.Refresh(grant)
	Expect(*mockTokenExchanger.RefreshCalledWithRequest).To(Equal(RefreshTokenExchangeRequest{
	TokenEndpoint: oidcEndpoints.TokenEndpoint,
	ClientID: grant.ClientID,
	RefreshToken: "grt",
	}))
	})

	It("returns the refreshed access token from the TokenExchanger", func() {
	mockTokenExchanger.ReturnsTokens = &TokenResult{
	AccessToken: "new token",
	}

	grant, _ = refresher.Refresh(grant)
	Expect(grant.Token.AccessToken).To(Equal(mockTokenExchanger.ReturnsTokens.AccessToken))
	})

	It("preserves the existing refresh token from the TokenExchanger", func() {
	mockTokenExchanger.ReturnsTokens = &TokenResult{
	AccessToken: "new token",
	}

	grant, _ = refresher.Refresh(grant)
	Expect(grant.Token.RefreshToken).To(Equal("grt"))
	})

	It("returns the refreshed refresh token from the TokenExchanger", func() {
	mockTokenExchanger.ReturnsTokens = &TokenResult{
	AccessToken: "new token",
	RefreshToken: "new token",
	}

	grant, _ = refresher.Refresh(grant)
	Expect(grant.Token.RefreshToken).To(Equal("new token"))
	})

	It("returns a meaningful expiration time", func() {
	mockTokenExchanger.ReturnsTokens = &TokenResult{
	AccessToken: "new token",
	ExpiresIn: 60,
	}

	grant, _ = refresher.Refresh(grant)
	Expect(grant.Token.Expiry).To(Equal(mockClock.Now().Add(time.Duration(60) * time.Second)))
	})

	It("returns an error when TokenExchanger does", func() {
	mockTokenExchanger.ReturnsError = errors.New("someerror")

	_, err := refresher.Refresh(grant)
	Expect(err.Error()).To(Equal("could not exchange refresh token: someerror"))
	})
	})
	})