Skip to content
Snippets Groups Projects
server_test.go 29.6 KiB
Newer Older
  • Learn to ignore specific revisions
  • 		}
    
    		// User is at '/callback' so they were just redirected _from_ dex.
    		q := r.URL.Query()
    
    		if errType := q.Get("error"); errType != "" {
    			if desc := q.Get("error_description"); desc != "" {
    				t.Errorf("got error from server %s: %s", errType, desc)
    			} else {
    				t.Errorf("got error from server %s", errType)
    			}
    			w.WriteHeader(http.StatusInternalServerError)
    			return
    		}
    
    		// Grab code, exchange for token.
    		if code := q.Get("code"); code != "" {
    			token, err := oauth2Client.config.Exchange(ctx, code)
    			if err != nil {
    				t.Errorf("failed to exchange code for token: %v", err)
    				return
    			}
    			oauth2Client.token = token
    		}
    
    		// Ensure state matches.
    		if gotState := q.Get("state"); gotState != state {
    			t.Errorf("state did not match, want=%q got=%q", state, gotState)
    		}
    		w.WriteHeader(http.StatusOK)
    		return
    	}))
    	defer oauth2Client.server.Close()
    
    	// Register the client above with dex.
    	redirectURL := oauth2Client.server.URL + "/callback"
    	client := storage.Client{
    		ID:           "testclient",
    		Secret:       "testclientsecret",
    		RedirectURIs: []string{redirectURL},
    	}
    	if err := s.storage.CreateClient(client); err != nil {
    		t.Fatalf("failed to create client: %v", err)
    	}
    
    	oauth2Client.config = &oauth2.Config{
    		ClientID:     client.ID,
    		ClientSecret: client.Secret,
    		Endpoint:     p.Endpoint(),
    		Scopes:       []string{oidc.ScopeOpenID, "email", "offline_access"},
    		RedirectURL:  redirectURL,
    	}
    
    	if _, err = http.Get(oauth2Client.server.URL + "/login"); err != nil {
    		t.Fatalf("get failed: %v", err)
    	}
    
    	tok := &oauth2.Token{
    		RefreshToken: oauth2Client.token.RefreshToken,
    		Expiry:       time.Now().Add(-time.Hour),
    	}
    
    
    	// Login in again to receive a new token.
    
    	if _, err = http.Get(oauth2Client.server.URL + "/login"); err != nil {
    		t.Fatalf("get failed: %v", err)
    	}
    
    	// try to refresh expired token with old refresh token.
    	newToken, err := oauth2Client.config.TokenSource(ctx, tok).Token()
    	if newToken != nil {
    		t.Errorf("Token refreshed with invalid refresh token.")
    	}
    }