Rename config validator variable and add unit test

Signed-off-by: Beorn Facchini <beornf@gmail.com>
ory · Aug 18, 2017 · 07e4ff8 · 07e4ff8
1 parent 870601e
commit 07e4ff8
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 19 deletions.
diff --git a/compose/compose_oauth2.go b/compose/compose_oauth2.go
@@ -81,10 +81,10 @@ func OAuth2TokenRevocationFactory(config *Config, storage interface{}, strategy
 // an access token and refresh token validator.
 func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
 	return &oauth2.CoreValidator{
-		CoreStrategy:  strategy.(oauth2.CoreStrategy),
-		CoreStorage:   storage.(oauth2.CoreStorage),
-		AccessOnly:    config.GetAccessOnly(),
-		ScopeStrategy: config.GetScopeStrategy(),
+		CoreStrategy:                  strategy.(oauth2.CoreStrategy),
+		CoreStorage:                   storage.(oauth2.CoreStorage),
+		ScopeStrategy:                 config.GetScopeStrategy(),
+		DisableRefreshTokenValidation: config.DisableRefreshTokenValidation,
 	}
 }
 

diff --git a/compose/config.go b/compose/config.go
@@ -19,8 +19,8 @@ type Config struct {
 	// HashCost sets the cost of the password hashing cost. Defaults to 12.
 	HashCost int
 
-	// AccessOnly sets whether the introspection endpoint only validates access tokens.
-	AccessOnly bool
+	// DisableRefreshTokenValidation sets the introspection endpoint to disable refresh token validation.
+	DisableRefreshTokenValidation bool
 
 	ScopeStrategy fosite.ScopeStrategy
 }
@@ -64,8 +64,3 @@ func (c *Config) GetHashCost() int {
 	}
 	return c.HashCost
 }
-
-// GetAccessOnly returns whether the introspection endpoint only validates access tokens.
-func (c *Config) GetAccessOnly() bool {
-	return c.AccessOnly
-}
diff --git a/handler/oauth2/introspector.go b/handler/oauth2/introspector.go
@@ -10,17 +10,13 @@ import (
 type CoreValidator struct {
 	CoreStrategy
 	CoreStorage
-	AccessOnly    bool
-	ScopeStrategy fosite.ScopeStrategy
+	ScopeStrategy                 fosite.ScopeStrategy
+	DisableRefreshTokenValidation bool
 }
 
 func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (err error) {
-	if c.AccessOnly {
-		if err = c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil {
-			return nil
-		}
-
-		return err
+	if c.DisableRefreshTokenValidation {
+		return c.introspectAccessToken(ctx, token, accessRequest, scopes)
 	}
 
 	switch tokenType {

diff --git a/handler/oauth2/introspector_test.go b/handler/oauth2/introspector_test.go
@@ -61,6 +61,14 @@ func TestIntrospectToken(t *testing.T) {
 			},
 			expectErr: fosite.ErrTokenExpired,
 		},
+		{
+			description: "should fail because access token invalid",
+			setup: func() {
+				v.DisableRefreshTokenValidation = true
+				chgen.EXPECT().ValidateAccessToken(nil, areq, "1234").Return(errors.WithStack(fosite.ErrInvalidTokenFormat))
+			},
+			expectErr: fosite.ErrInvalidTokenFormat,
+		},
 		{
 			description: "should pass",
 			setup: func() {