oauth2/trust/validator_test.go
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package trust
import (
"testing"
"time"
"github.com/go-jose/go-jose/v3"
)
func TestEmptyIssuerIsInvalid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "",
Subject: "valid-subject",
AllowAnySubject: false,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err == nil {
t.Error("an empty issuer should not be valid")
}
}
func TestEmptySubjectAndNoAnySubjectFlagIsInvalid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "",
AllowAnySubject: false,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err == nil {
t.Error("an empty subject should not be valid")
}
}
func TestEmptySubjectWithAnySubjectFlagIsValid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "",
AllowAnySubject: true,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err != nil {
t.Error("an empty subject with the allow_any_subject flag should be valid")
}
}
func TestNonEmptySubjectWithAnySubjectFlagIsInvalid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "some-issuer",
AllowAnySubject: true,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err == nil {
t.Error("a non empty subject with the allow_any_subject flag should not be valid")
}
}
func TestEmptyExpiresAtIsInvalid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "valid-subject",
AllowAnySubject: false,
ExpiresAt: time.Time{},
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err == nil {
t.Error("an empty expiration should not be valid")
}
}
func TestEmptyPublicKeyIdIsInvalid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "valid-subject",
AllowAnySubject: false,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "",
},
}
if err := v.Validate(r); err == nil {
t.Error("an empty public key id should not be valid")
}
}
func TestIsValid(t *testing.T) {
v := GrantValidator{}
r := createGrantRequest{
Issuer: "valid-issuer",
Subject: "valid-subject",
AllowAnySubject: false,
ExpiresAt: time.Now().Add(time.Hour * 10),
PublicKeyJWK: jose.JSONWebKey{
KeyID: "valid-key-id",
},
}
if err := v.Validate(r); err != nil {
t.Error("A request with an issuer, a subject, an expiration and a public key should be valid")
}
}