X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1f62a2b3429c2cb9376258b7ae1392ce9a9e660b..49e257200e26a11719cfa154a6c87efba1550a1b:/test/integration/oauth2_test.rb diff --git a/test/integration/oauth2_test.rb b/test/integration/oauth2_test.rb index b7c6f3a34..3c532ca74 100644 --- a/test/integration/oauth2_test.rb +++ b/test/integration/oauth2_test.rb @@ -91,7 +91,7 @@ class OAuth2Test < ActionDispatch::IntegrationTest id_token = token["id_token"] assert_not_nil id_token - data, _headers = JWT.decode id_token, Doorkeeper::OpenidConnect.signing_key.keypair, true, { + data, _headers = JWT.decode id_token, nil, true, { :algorithm => [Doorkeeper::OpenidConnect.signing_algorithm.to_s], :verify_iss => true, :iss => "#{Settings.server_protocol}://#{Settings.server_url}", @@ -99,7 +99,13 @@ class OAuth2Test < ActionDispatch::IntegrationTest :sub => user.id, :verify_aud => true, :aud => client.uid - } + } do |headers, _payload| + kid = headers["kid"] + get oauth_discovery_keys_path + keys = response.parsed_body["keys"] + jwk = keys&.detect { |e| e["kid"] == kid } + jwk && JWT::JWK::RSA.import(jwk).public_key + end assert_equal user.id.to_s, data["sub"] assert_not data.key?("preferred_username") @@ -118,6 +124,28 @@ class OAuth2Test < ActionDispatch::IntegrationTest assert_equal user.display_name, userinfo["preferred_username"] end + def test_openid_discovery + get oauth_discovery_provider_path + assert_response :success + openid_config = response.parsed_body + + assert_equal "#{Settings.server_protocol}://#{Settings.server_url}", openid_config["issuer"] + + assert_equal oauth_authorization_path, URI(openid_config["authorization_endpoint"]).path + assert_equal oauth_token_path, URI(openid_config["token_endpoint"]).path + assert_equal oauth_userinfo_path, URI(openid_config["userinfo_endpoint"]).path + assert_equal oauth_discovery_keys_path, URI(openid_config["jwks_uri"]).path + end + + def test_openid_key + get oauth_discovery_keys_path + assert_response :success + key_info = response.parsed_body + assert key_info.key?("keys") + assert_equal 1, key_info["keys"].size + assert_equal Doorkeeper::OpenidConnect.signing_key.kid, key_info["keys"][0]["kid"] + end + private def authorize_client(user, client, options = {}) @@ -129,7 +157,6 @@ class OAuth2Test < ActionDispatch::IntegrationTest }.merge(options) get oauth_authorization_path(options) - assert_response :redirect assert_redirected_to login_path(:referer => request.fullpath) post login_path(:username => user.email, :password => "test") @@ -195,18 +222,18 @@ class OAuth2Test < ActionDispatch::IntegrationTest end def test_token(token, user, client) - get user_preferences_path + get api_user_preferences_path assert_response :unauthorized auth_header = bearer_authorization_header(token) - get user_preferences_path, :headers => auth_header + get api_user_preferences_path, :headers => auth_header assert_response :success - get user_preferences_path(:access_token => token) + get api_user_preferences_path(:access_token => token) assert_response :unauthorized - get user_preferences_path(:bearer_token => token) + get api_user_preferences_path(:bearer_token => token) assert_response :unauthorized get api_trace_path(:id => 2), :headers => auth_header @@ -214,17 +241,17 @@ class OAuth2Test < ActionDispatch::IntegrationTest user.suspend! - get user_preferences_path, :headers => auth_header + get api_user_preferences_path, :headers => auth_header assert_response :forbidden user.hide! - get user_preferences_path, :headers => auth_header + get api_user_preferences_path, :headers => auth_header assert_response :forbidden user.unhide! - get user_preferences_path, :headers => auth_header + get api_user_preferences_path, :headers => auth_header assert_response :success post oauth_revoke_path(:token => token) @@ -235,7 +262,7 @@ class OAuth2Test < ActionDispatch::IntegrationTest :client_secret => client.plaintext_secret) assert_response :success - get user_preferences_path, :headers => auth_header + get api_user_preferences_path, :headers => auth_header assert_response :unauthorized end end