fd467cd42b
See - http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication - https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
133 lines
6.7 KiB
Ruby
133 lines
6.7 KiB
Ruby
require "spec_helper"
|
|
|
|
describe Api::OpenidConnect::ClientsController, type: :controller do
|
|
describe "#create" do
|
|
context "when valid parameters are passed" do
|
|
it "should return a client id" do
|
|
stub_request(:get, "http://example.com/uris")
|
|
.with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
|
|
"Host" => "example.com", "User-Agent" => "Ruby"})
|
|
.to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
|
|
post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
|
|
response_types: [], grant_types: [], application_type: "web", contacts: [],
|
|
logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",
|
|
policy_uri: "http://example.com/policy", tos_uri: "http://example.com/tos",
|
|
sector_identifier_uri: "http://example.com/uris", subject_type: "pairwise"
|
|
client_json = JSON.parse(response.body)
|
|
expect(client_json["client_id"].length).to eq(32)
|
|
expect(client_json["ppid"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "when valid parameters with jwks is passed" do
|
|
it "should return a client id" do
|
|
stub_request(:get, "http://example.com/uris")
|
|
.with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
|
|
"Host" => "example.com", "User-Agent" => "Ruby"})
|
|
.to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
|
|
post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
|
|
response_types: [], grant_types: [], application_type: "web", contacts: [],
|
|
logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",
|
|
policy_uri: "http://example.com/policy", tos_uri: "http://example.com/tos",
|
|
sector_identifier_uri: "http://example.com/uris", subject_type: "pairwise",
|
|
token_endpoint_auth_method: "private_key_jwt",
|
|
"jwks": {
|
|
"keys":
|
|
[
|
|
{
|
|
"use": "enc",
|
|
"e": "AQAB",
|
|
"d": "-lTBWkI-----lvCO6tuiDsR4qgJnUwnndQFwEI_4mLmD3iNWXrc8N--5Cjq55eLtuJjtvuQ",
|
|
"n": "--zYRQNDvIVsBDLQQIgrbctuGqj6lrXb31Jj3JIEYqH_4h5X9d0Q",
|
|
"q": "1q-r----pFtyTz_JksYYaotc_Z3Zy-Szw6a39IDbuYGy1qL-15oQuc",
|
|
"p": "-BfRjdgYouy4c6xAnGDgSMTip1YnPRyvbMaoYT9E_tEcBW5wOeoc",
|
|
"kid": "a0",
|
|
"kty": "RSA"
|
|
},
|
|
{"use": "sig",
|
|
"e": "AQAB",
|
|
"d": "--x-gW---LRPowKrdvTuTo2p--HMI0pIEeFs7H_u5OW3jihjvoFClGPynHQhgWmQzlQRvWRXh6FhDVqFeGQ",
|
|
"n": "---TyeadDqQPWgbqX69UzcGq5irhzN8cpZ_JaTk3Y_uV6owanTZLVvCgdjaAnMYeZhb0KFw",
|
|
"q": "5E5XKK5njT--Hx3nF5sne5fleVfU-sZy6Za4B2U75PcE62oZgCPauOTAEm9Xuvrt5aMMovyzR8ecJZhm9bw7naU",
|
|
"p": "-BUGA-",
|
|
"kid": "a1",
|
|
"kty": "RSA"},
|
|
{
|
|
"use": "sig",
|
|
"crv": "P-256",
|
|
"kty": "EC",
|
|
"y": "Yg4IRzHBMIsuQK2Oz0Uukp1aNDnpdoyk6QBMtmfGHQQ",
|
|
"x": "L0WUeVlc9r6YJd6ie9duvOU1RHwxSkJKA37IK9B4Bpc",
|
|
"kid": "a2"
|
|
},
|
|
{
|
|
"use": "enc",
|
|
"crv": "P-256",
|
|
"kty": "EC",
|
|
"y": "E6E6g5_ziIZvfdAoACctnwOhuQYMvQzA259aftPn59M",
|
|
"x": "Yu8_BQE2L0f1MqnK0GumZOaj_77Tx70-LoudyRUnLM4",
|
|
"kid": "a3"
|
|
}
|
|
]
|
|
}
|
|
client_json = JSON.parse(response.body)
|
|
expect(client_json["client_id"].length).to eq(32)
|
|
expect(client_json["ppid"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "when valid parameters with jwks_uri is passed" do
|
|
it "should return a client id" do
|
|
stub_request(:get, "http://example.com/uris")
|
|
.with(headers: {:Accept => "*/*", :"Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
|
|
"Host" => "example.com", :"User-Agent" => "Ruby"})
|
|
.to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
|
|
stub_request(:get, "https://kentshikama.com/api/openid_connect/jwks.json")
|
|
.with(headers: {"Accept": "*/*", "Accept-Encoding": "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
|
|
"Host": "kentshikama.com", "User-Agent": "Ruby"})
|
|
.to_return(status: 200,
|
|
body: "{\"keys\":[{\"kty\":\"RSA\",\"e\":\"AQAB\",\"n\":\"qpW\",\"use\":\"sig\"}]}", headers: {})
|
|
post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
|
|
response_types: [], grant_types: [], application_type: "web", contacts: [],
|
|
logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",
|
|
policy_uri: "http://example.com/policy", tos_uri: "http://example.com/tos",
|
|
sector_identifier_uri: "http://example.com/uris", subject_type: "pairwise",
|
|
token_endpoint_auth_method: "private_key_jwt",
|
|
jwks_uri: "https://kentshikama.com/api/openid_connect/jwks.json"
|
|
client_json = JSON.parse(response.body)
|
|
expect(client_json["client_id"].length).to eq(32)
|
|
expect(client_json["ppid"]).to eq(true)
|
|
end
|
|
end
|
|
|
|
context "when redirect uri is missing" do
|
|
it "should return a invalid_client_metadata error" do
|
|
post :create, response_types: [], grant_types: [], application_type: "web", contacts: [],
|
|
logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",
|
|
policy_uri: "http://example.com/policy", tos_uri: "http://example.com/tos"
|
|
client_json = JSON.parse(response.body)
|
|
expect(client_json["error"]).to have_content("invalid_client_metadata")
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#find" do
|
|
let!(:client) { FactoryGirl.create(:o_auth_application) }
|
|
|
|
context "when an OIDC client already exists" do
|
|
it "should return a client id" do
|
|
get :find, client_name: client.client_name
|
|
client_id_json = JSON.parse(response.body)
|
|
expect(client_id_json["client_id"]).to eq(client.client_id)
|
|
end
|
|
end
|
|
|
|
context "when an OIDC client doesn't already exist" do
|
|
it "should return the appropriate error" do
|
|
get :find, client_name: "random_name"
|
|
client_id_json = JSON.parse(response.body)
|
|
expect(client_id_json["error"]).to eq("Client with name random_name does not exist")
|
|
end
|
|
end
|
|
end
|
|
end
|