get token and add minimock
This commit is contained in:
parent
2e7e4630af
commit
38929a7201
8 changed files with 122 additions and 10 deletions
50
auth.go
50
auth.go
|
@ -92,11 +92,57 @@ func (a Auth) GetAuthorizationURL(state string) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a Auth) GetTokenFromCode(code string) (Token, error) {
|
func (a Auth) GetTokenFromCode(code string) (Token, error) {
|
||||||
t := Token{}
|
|
||||||
|
|
||||||
form := url.Values{}
|
form := url.Values{}
|
||||||
form.Add("grant_type", "authorization_code")
|
form.Add("grant_type", "authorization_code")
|
||||||
form.Add("code", code)
|
form.Add("code", code)
|
||||||
|
|
||||||
|
req, err := http.NewRequest("POST", a.authConfig.TokenEndpoint, strings.NewReader(form.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return Token{}, fmt.Errorf("%w: %q", ErrCantCreateTokenRequests, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
req.SetBasicAuth(a.clientConfig.ClientID, a.clientConfig.ClientSecret)
|
||||||
|
|
||||||
|
hc := http.Client{}
|
||||||
|
|
||||||
|
resp, err := hc.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err)
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
body, err := io.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err)
|
||||||
|
}
|
||||||
|
fmt.Println(string(body))
|
||||||
|
fmt.Println(resp.StatusCode)
|
||||||
|
|
||||||
|
if resp.StatusCode != 200 {
|
||||||
|
var er struct {
|
||||||
|
Error string `json:"error"`
|
||||||
|
ErrorDescription string `json:"error_description"`
|
||||||
|
}
|
||||||
|
|
||||||
|
err = json.Unmarshal(body, &er)
|
||||||
|
if err != nil {
|
||||||
|
return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body))
|
||||||
|
}
|
||||||
|
if er.ErrorDescription != "" {
|
||||||
|
return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, er.ErrorDescription)
|
||||||
|
}
|
||||||
|
|
||||||
|
return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body))
|
||||||
|
}
|
||||||
|
|
||||||
|
t := Token{}
|
||||||
|
t.CreatedAt = time.Now()
|
||||||
|
|
||||||
|
err = json.Unmarshal(body, &t)
|
||||||
|
if err != nil {
|
||||||
|
return Token{}, fmt.Errorf("%w: %q", ErrCantGetTokenForCode, err)
|
||||||
|
}
|
||||||
|
|
||||||
return t, nil
|
return t, nil
|
||||||
}
|
}
|
||||||
|
|
52
auth_test.go
52
auth_test.go
|
@ -79,16 +79,64 @@ func TestGetAuthorizationUrl(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestUseCodeToGetToken(t *testing.T) {
|
||||||
|
tts := []struct {
|
||||||
|
name string
|
||||||
|
tokenURL string
|
||||||
|
token string
|
||||||
|
ExptError error
|
||||||
|
ExptErrorString string
|
||||||
|
ExptAccessToken string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "token-to-old",
|
||||||
|
tokenURL: "http://localhost:8084//token/wrong-code",
|
||||||
|
ExptError: ErrWrongResponseFromServer,
|
||||||
|
ExptErrorString: "cant get access token from server: The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "valide-token",
|
||||||
|
tokenURL: "http://localhost:8084//token/valide-access-token.json",
|
||||||
|
ExptAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "server-retrun-500-error",
|
||||||
|
tokenURL: "http://localhost:8084//token/invalide-response",
|
||||||
|
ExptError: ErrWrongResponseFromServer,
|
||||||
|
ExptErrorString: "cant get access token from server: somethings was really wrong",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tts {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
ClientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def", RedirectURL: "http://localhost/something"}
|
||||||
|
AuthConfig := AuthConfig{TokenEndpoint: tt.tokenURL}
|
||||||
|
client, err := NewAuthWithConfig(ClientConfig, AuthConfig)
|
||||||
|
assert.Nil(t, err, "should be abel to create client without error")
|
||||||
|
|
||||||
|
token, err := client.GetTokenFromCode("abc")
|
||||||
|
if tt.ExptError != nil {
|
||||||
|
assert.ErrorIs(t, err, tt.ExptError, "should return right error")
|
||||||
|
assert.Equal(t, tt.ExptErrorString, err.Error(), "should return currect error string")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
assert.Nil(t, err, "should be abled to get token without error")
|
||||||
|
|
||||||
|
assert.Equal(t, tt.ExptAccessToken, token.AccessToken, "should return access token")
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestAuthenticLogin(t *testing.T) {
|
func TestAuthenticLogin(t *testing.T) {
|
||||||
t.Skip("dev test")
|
t.Skip("dev test")
|
||||||
clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "def"}
|
clientConfig := ClientConfig{ClientID: "abc", ClientSecret: "abc", RedirectURL: "http://localhost/somethingelse"}
|
||||||
client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration")
|
client, err := NewAuthWithConfigurationURL(clientConfig, "http://localhost:8084/openid-configuration")
|
||||||
assert.Nil(t, err, "should be able to create client without error")
|
assert.Nil(t, err, "should be able to create client without error")
|
||||||
url, err := client.GetAuthorizationURL("")
|
url, err := client.GetAuthorizationURL("")
|
||||||
assert.Nil(t, err, "should be able to create url without error")
|
assert.Nil(t, err, "should be able to create url without error")
|
||||||
fmt.Println(url)
|
fmt.Println(url)
|
||||||
|
|
||||||
token, err := client.GetTokenFromCode("e34bc2c7840e4386b17880dd1142c67b")
|
token, err := client.GetTokenFromCode("9aa96340040342e5a7df969834d9e278")
|
||||||
assert.Nil(t, err, "should be able to get code without error")
|
assert.Nil(t, err, "should be able to get code without error")
|
||||||
fmt.Println(token)
|
fmt.Println(token)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
services:
|
services:
|
||||||
oAuthDummyServer:
|
miniMock:
|
||||||
image: nginx
|
image: kekskurse/minimock
|
||||||
volumes:
|
volumes:
|
||||||
- ./static/openid-configuration:/usr/share/nginx/html/openid-configuration
|
- ./minimock:/data/
|
||||||
ports:
|
ports:
|
||||||
- 8084:80
|
- 8084:3333
|
||||||
|
|
|
@ -5,4 +5,8 @@ import "errors"
|
||||||
var (
|
var (
|
||||||
ErrCantGetConfiguratorData = errors.New("cant get data from configurator url")
|
ErrCantGetConfiguratorData = errors.New("cant get data from configurator url")
|
||||||
ErrCantGetAuthorizationURL = errors.New("cant get url to recirect user to")
|
ErrCantGetAuthorizationURL = errors.New("cant get url to recirect user to")
|
||||||
|
ErrCantCreateTokenRequests = errors.New("cant create requesats to get token with code")
|
||||||
|
ErrCantSendRequestsForToken = errors.New("cant send requests for token with code")
|
||||||
|
ErrCantGetTokenForCode = errors.New("cant get oauth token with code")
|
||||||
|
ErrWrongResponseFromServer = errors.New("cant get access token from server")
|
||||||
)
|
)
|
||||||
|
|
12
minimock/config.yml
Normal file
12
minimock/config.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
routen:
|
||||||
|
- path: /openid-configuration
|
||||||
|
response_file: /data/openid-configuration
|
||||||
|
- path: /token/wrong-code
|
||||||
|
response_file: /data/token/wrong-code.json
|
||||||
|
response_http_status: 400
|
||||||
|
- path: /token/valide-access-token.json
|
||||||
|
response_file: /data/token/valide-access-token.json
|
||||||
|
- path: /token/invalide-response
|
||||||
|
response_body: somethings was really wrong
|
||||||
|
response_http_status: 500
|
1
minimock/token/valide-access-token.json
Normal file
1
minimock/token/valide-access-token.json
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdLCJhenAiOiJoVHFFRnIwQ3lTM1hWV1lDMGZvbG5abFUzNEpkanBSUW1qcHloclFSIiwidWlkIjoibDdCY3dsM3k2S1dBVVdJS2NoRjZVbHFDS3hkM1UxTlpxVHJRdjZHaSJ9.CSma-ZI9Sw3G9MuJlgnNUR7mmr-twYjf0hKpm7Z745oICIxIT-9A1rcOzN7goX9J_PeRABxBD3fCuOX0F1Xw3qZqs115zvllKl4R9Gs8zkk17Rdrubb7FWpbcz0NHpZPnv_d20zeHG9tIDmlg_Z_p-4AzOs5rvhrc0Dw_AMwnON8rWCIzB9XEq9z74ZDveCywdPzoW29Z1sVZQp5rwaFacMOPan1ERZNv5DAg4cR3znPszkgboW80XVCn7IYYnIWTHG70n3CkimVXgTBEO6PzwShejrv1_ggZrD01_K6OwCivTCEVJBZm_ElpnTgzyPwENnfacnuCnOoZK0dXTnOw-K9ZXQ8uEVbVpMK_F4ETnLs20ZHi-VJeU2IgQu84k8k1fx-jvwkvJbHpfrTL75Ajga8VAdcQHbqfNwppFsQwLRIocp_Ay5YpkBRS1Z3lWvA8XcI3V3O9pe836Jx2P4Q7YTnEFdVxTrqBCbwO2DjabO1fElbuokdf-qS46pFE-_wEwtTOfGUxXrH7NeI2vYwEYReKhO0Thf3iUfTtJbGVPphAvmHRNP2LBcpUeShQGBKHi4FtBPdTPvlGULCn8k9SZ3TTZXAzsE2uYfvf7sVjvEvD1jwLpDL8hZW6Ceqs-0KvY_CB3W2n2HbzGWHKgAL-4DPVRPHI_pEfGH0RnaTJ0M", "token_type": "Bearer", "expires_in": 300, "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ5ZGRiNmI0YzAxMmEyNjE2NWVhZDY5NTc5YWU1MWE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGgua2Vrcy5jbG91ZC9hcHBsaWNhdGlvbi9vL3Rlc3QvIiwic3ViIjoiNTE5NGYyZTViNmRlOGEwOTQxODEwM2FkY2ZkYzM0NTMzZjAxYWNjM2Q5YzIwZDM5NzZiNzI1YjE3MmFhMmE0MyIsImF1ZCI6ImhUcUVGcjBDeVMzWFZXWUMwZm9sblpsVTM0SmRqcFJRbWpweWhyUVIiLCJleHAiOjE3MjYyNjMwODEsImlhdCI6MTcyNjI2Mjc4MSwiYXV0aF90aW1lIjoxNzI0NDAzMjczLCJhY3IiOiJnb2F1dGhlbnRpay5pby9wcm92aWRlcnMvb2F1dGgyL2RlZmF1bHQiLCJlbWFpbCI6InNvZXJlbkBzaWVnaXNtdW5kLXBvc2NobWFubi5ldSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiU1x1MDBmNnJlbiIsImdpdmVuX25hbWUiOiJTXHUwMGY2cmVuIiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2Vrc2t1cnNlIiwibmlja25hbWUiOiJrZWtza3Vyc2UiLCJncm91cHMiOlsiYXV0aGVudGlrIEFkbWlucyIsIk5leHRjbG91ZCIsImdpdHVzZXIiLCJnaXRhZG1pbiJdfQ.SHaeGciIEprvKr1d-tboJXvF3pYoTKsQ6LkL1TPakS0847Rzmx6NmhN64na0A8kTRPQfCNdF6YTgjRuZBJQpZO3T6ck2tS_c7SgqGohXSOx2aAm6Ny11zA7PkjTtWnuMgayfH8EASDqe55U-h61E1lratHz79ykBovee4rAn-EccWkH2KQARypF34DI18mIcuLLC08EzyqLj4dux85RWGRg7PX57KGPi_effuw6ndjgBfJskvOY2K7HAobEGxJgBIC3fPJe5iCamZgCg2q-PCr1FfEWpgDtVLhHc-m1wWsj-nUGI64yfulK2LYQp8sHBXsVHoXy60ACq6wICJlttXxTjFh9W6iCMjmybPE83CquK8bUff19pHXQygjKPqzAL58REh8HDu1mgdI3fWkLPnjkWziA6zEmjTCS_Aj4lSYxehZXeBN1nyE3UwHSLWlbCQC_204J_zEXjTfKEFHEdRClmX_BO6MPD9pHYcdKNWRxXatRmuyQ5GiwK1J9W625SKmoMypz8rkvIm-E7SLRxfYaJTS6-bDd9-cPO5jF6LFRejivfsbcIbLRDZKS3oV3dbagEfoX6g4wyiz7d290fVWB4wpzS3nQIkZzcmW_QD4UhKnd7wzkQIz88WRqfMwOJrfML_Lg17F55JpGENjczPAK48YC3BguSsTCX_rAiCTk"}
|
1
minimock/token/wrong-code.json
Normal file
1
minimock/token/wrong-code.json
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{"error": "invalid_grant", "error_description": "The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client"}
|
Loading…
Reference in a new issue