mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 20:38:00 +00:00
dbb824a73f
We are trying to reproduce a few 500 responses we observe on zitadel cloud's token endpoint. As in the past these were caused by wrongly encoded or encrypted refresh tokens, I created a integration test which tries to reproduce 500 errors by sending invalid refresh tokens. The added test does not reproduce 500s, all returned errors are in the 400 range as they should. However, as the test is already written, we might as well include them. Related to #7765 Co-authored-by: Livio Spring <livio.a@gmail.com>
77 lines
1.7 KiB
Go
77 lines
1.7 KiB
Go
//go:build integration
|
|
|
|
package oidc_test
|
|
|
|
import (
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"github.com/zitadel/oidc/v3/pkg/client"
|
|
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
|
"github.com/zitadel/schema"
|
|
)
|
|
|
|
func TestServer_RefreshToken_Status(t *testing.T) {
|
|
clientID, _ := createClient(t)
|
|
provider, err := Tester.CreateRelyingParty(CTX, clientID, redirectURI)
|
|
require.NoError(t, err)
|
|
|
|
tests := []struct {
|
|
name string
|
|
refreshToken string
|
|
}{
|
|
{
|
|
name: "invalid base64",
|
|
refreshToken: "~!~@#$%",
|
|
},
|
|
{
|
|
name: "invalid after decrypt",
|
|
refreshToken: "DEADBEEFDEADBEEF",
|
|
},
|
|
{
|
|
name: "short input",
|
|
refreshToken: "DEAD",
|
|
},
|
|
{
|
|
name: "empty input",
|
|
refreshToken: "",
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
request := rp.RefreshTokenRequest{
|
|
RefreshToken: tt.refreshToken,
|
|
ClientID: clientID,
|
|
GrantType: oidc.GrantTypeRefreshToken,
|
|
}
|
|
client.CallTokenEndpoint(CTX, request, tokenEndpointCaller{RelyingParty: provider})
|
|
|
|
values := make(url.Values)
|
|
err := schema.NewEncoder().Encode(request, values)
|
|
require.NoError(t, err)
|
|
|
|
resp, err := http.Post(provider.OAuthConfig().Endpoint.TokenURL, "application/x-www-form-urlencoded", strings.NewReader(values.Encode()))
|
|
require.NoError(t, err)
|
|
defer resp.Body.Close()
|
|
assert.Less(t, resp.StatusCode, 500)
|
|
body, err := io.ReadAll(resp.Body)
|
|
require.NoError(t, err)
|
|
t.Log(string(body))
|
|
})
|
|
}
|
|
}
|
|
|
|
type tokenEndpointCaller struct {
|
|
rp.RelyingParty
|
|
}
|
|
|
|
func (t tokenEndpointCaller) TokenEndpoint() string {
|
|
return t.OAuthConfig().Endpoint.TokenURL
|
|
}
|