From 38929a7201cd446ae57a6dc0e85f837cb7ba17fe Mon Sep 17 00:00:00 2001 From: kekskurse Date: Fri, 13 Sep 2024 23:41:29 +0200 Subject: [PATCH] get token and add minimock --- auth.go | 50 +++++++++++++++++++++- auth_test.go | 52 ++++++++++++++++++++++- docker-compose.yml | 8 ++-- errors.go | 8 +++- minimock/config.yml | 12 ++++++ {static => minimock}/openid-configuration | 0 minimock/token/valide-access-token.json | 1 + minimock/token/wrong-code.json | 1 + 8 files changed, 122 insertions(+), 10 deletions(-) create mode 100644 minimock/config.yml rename {static => minimock}/openid-configuration (100%) create mode 100644 minimock/token/valide-access-token.json create mode 100644 minimock/token/wrong-code.json diff --git a/auth.go b/auth.go index 5415e85..2937150 100644 --- a/auth.go +++ b/auth.go @@ -92,11 +92,57 @@ func (a Auth) GetAuthorizationURL(state string) (string, error) { } func (a Auth) GetTokenFromCode(code string) (Token, error) { - t := Token{} - form := url.Values{} form.Add("grant_type", "authorization_code") form.Add("code", code) + req, err := http.NewRequest("POST", a.authConfig.TokenEndpoint, strings.NewReader(form.Encode())) + if err != nil { + return Token{}, fmt.Errorf("%w: %q", ErrCantCreateTokenRequests, err) + } + + req.Header.Add("Content-Type", "application/x-www-form-urlencoded") + req.SetBasicAuth(a.clientConfig.ClientID, a.clientConfig.ClientSecret) + + hc := http.Client{} + + resp, err := hc.Do(req) + if err != nil { + return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err) + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err) + } + fmt.Println(string(body)) + fmt.Println(resp.StatusCode) + + if resp.StatusCode != 200 { + var er struct { + Error string `json:"error"` + ErrorDescription string `json:"error_description"` + } + + err = json.Unmarshal(body, &er) + if err != nil { + return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body)) + } + if er.ErrorDescription != "" { + return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, er.ErrorDescription) + } + + return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body)) + } + + t := Token{} + t.CreatedAt = time.Now() + + err = json.Unmarshal(body, &t) + if err != nil { + return Token{}, fmt.Errorf("%w: %q", ErrCantGetTokenForCode, err) + } + return t, nil } diff --git a/auth_test.go b/auth_test.go index 6ea290f..7b36124 100644 --- a/auth_test.go +++ b/auth_test.go @@ -79,16 +79,64 @@ func TestGetAuthorizationUrl(t *testing.T) { } } +func TestUseCodeToGetToken(t *testing.T) { + tts := []struct { + name string + tokenURL string + token string + ExptError error + ExptErrorString string + ExptAccessToken string + }{ + { + name: "token-to-old", + tokenURL: "http://localhost:8084//token/wrong-code", + ExptError: ErrWrongResponseFromServer, + ExptErrorString: "cant get access token from server: The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client", + }, + { + name: "valide-token", + tokenURL: "http://localhost:8084//token/valide-access-token.json", + ExptAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M", + }, + { + name: "server-retrun-500-error", + tokenURL: "http://localhost:8084//token/invalide-response", + ExptError: ErrWrongResponseFromServer, + ExptErrorString: "cant get access token from server: somethings was really wrong", + }, + } + + for _, tt := range tts { + t.Run(tt.name, func(t *testing.T) { + ClientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def", RedirectURL: "http://localhost/something"} + AuthConfig := AuthConfig{TokenEndpoint: tt.tokenURL} + client, err := NewAuthWithConfig(ClientConfig, AuthConfig) + assert.Nil(t, err, "should be abel to create client without error") + + token, err := client.GetTokenFromCode("abc") + if tt.ExptError != nil { + assert.ErrorIs(t, err, tt.ExptError, "should return right error") + assert.Equal(t, tt.ExptErrorString, err.Error(), "should return currect error string") + return + } + assert.Nil(t, err, "should be abled to get token without error") + + assert.Equal(t, tt.ExptAccessToken, token.AccessToken, "should return access token") + }) + } +} + func TestAuthenticLogin(t *testing.T) { t.Skip("dev test") - clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"} + clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "abc", RedirectURL: "http://localhost/somethingelse"} client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration") assert.Nil(t, err, "should be able to create client without error") url, err := client.GetAuthorizationURL("") assert.Nil(t, err, "should be able to create url without error") fmt.Println(url) - token, err := client.GetTokenFromCode("e34bc2c7840e4386b17880dd1142c67b") + token, err := client.GetTokenFromCode("9aa96340040342e5a7df969834d9e278") assert.Nil(t, err, "should be able to get code without error") fmt.Println(token) } diff --git a/docker-compose.yml b/docker-compose.yml index 2360bff..9d85090 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ services: - oAuthDummyServer: - image: nginx + miniMock: + image: kekskurse/minimock volumes: - - ./static/openid-configuration:/usr/share/nginx/html/openid-configuration + - ./minimock:/data/ ports: - - 8084:80 + - 8084:3333 diff --git a/errors.go b/errors.go index d8ebbbc..68ec80b 100644 --- a/errors.go +++ b/errors.go @@ -3,6 +3,10 @@ package kekskurseauth import "errors" var ( - ErrCantGetConfiguratorData = errors.New("cant get data from configurator url") - ErrCantGetAuthorizationURL = errors.New("cant get url to recirect user to") + ErrCantGetConfiguratorData = errors.New("cant get data from configurator url") + ErrCantGetAuthorizationURL = errors.New("cant get url to recirect user to") + ErrCantCreateTokenRequests = errors.New("cant create requesats to get token with code") + ErrCantSendRequestsForToken = errors.New("cant send requests for token with code") + ErrCantGetTokenForCode = errors.New("cant get oauth token with code") + ErrWrongResponseFromServer = errors.New("cant get access token from server") ) diff --git a/minimock/config.yml b/minimock/config.yml new file mode 100644 index 0000000..b8f264d --- /dev/null +++ b/minimock/config.yml @@ -0,0 +1,12 @@ +--- +routen: + - path: /openid-configuration + response_file: /data/openid-configuration + - path: /token/wrong-code + response_file: /data/token/wrong-code.json + response_http_status: 400 + - path: /token/valide-access-token.json + response_file: /data/token/valide-access-token.json + - path: /token/invalide-response + response_body: somethings was really wrong + response_http_status: 500 diff --git a/static/openid-configuration b/minimock/openid-configuration similarity index 100% rename from static/openid-configuration rename to minimock/openid-configuration diff --git a/minimock/token/valide-access-token.json b/minimock/token/valide-access-token.json new file mode 100644 index 0000000..97907ca --- /dev/null +++ b/minimock/token/valide-access-token.json @@ -0,0 +1 @@ +{"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M", "token_type": "Bearer", "expires_in": 300, "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdfQ.SHaeGciIEprvKr1d-tboJXvF3pYoTKsQ6LkL1TPakS0847Rzmx6NmhN64na0A8kTRPQfCNdF6YTgjRuZBJQpZO3T6ck2tS_c7SgqGohXSOx2aAm6Ny11zA7PkjTtWnuMgayfH8EASDqe55U-h61E1lratHz79ykBovee4rAn-EccWkH2KQARypF34DI18mIcuLLC08EzyqLj4dux85RWGRg7PX57KGPi_effuw6ndjgBfJskvOY2K7HAobEGxJgBIC3fPJe5iCamZgCg2q-PCr1FfEWpgDtVLhHc-m1wWsj-nUGI64yfulK2LYQp8sHBXsVHoXy60ACq6wICJlttXxTjFh9W6iCMjmybPE83CquK8bUff19pHXQygjKPqzAL58REh8HDu1mgdI3fWkLPnjkWziA6zEmjTCS_Aj4lSYxehZXeBN1nyE3UwHSLWlbCQC_204J_zEXjTfKEFHEdRClmX_BO6MPD9pHYcdKNWRxXatRmuyQ5GiwK1J9W625SKmoMypz8rkvIm-E7SLRxfYaJTS6-bDd9-cPO5jF6LFRejivfsbcIbLRDZKS3oV3dbagEfoX6g4wyiz7d290fVWB4wpzS3nQIkZzcmW_QD4UhKnd7wzkQIz88WRqfMwOJrfML_Lg17F55JpGENjczPAK48YC3BguSsTCX_rAiCTk"} diff --git a/minimock/token/wrong-code.json b/minimock/token/wrong-code.json new file mode 100644 index 0000000..aaaa8a4 --- /dev/null +++ b/minimock/token/wrong-code.json @@ -0,0 +1 @@ +{"error": "invalid_grant", "error_description": "The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"}