From 07e4ff89a30928acb7f64a7ba68240d9787c7c13 Mon Sep 17 00:00:00 2001 From: Beorn Facchini Date: Sat, 19 Aug 2017 01:22:22 +1000 Subject: [PATCH] Rename config validator variable and add unit test Signed-off-by: Beorn Facchini --- compose/compose_oauth2.go | 8 ++++---- compose/config.go | 9 ++------- handler/oauth2/introspector.go | 12 ++++-------- handler/oauth2/introspector_test.go | 8 ++++++++ 4 files changed, 18 insertions(+), 19 deletions(-) diff --git a/compose/compose_oauth2.go b/compose/compose_oauth2.go index 409ebfb12..a665d8e04 100644 --- a/compose/compose_oauth2.go +++ b/compose/compose_oauth2.go @@ -81,10 +81,10 @@ func OAuth2TokenRevocationFactory(config *Config, storage interface{}, strategy // an access token and refresh token validator. func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{} { return &oauth2.CoreValidator{ - CoreStrategy: strategy.(oauth2.CoreStrategy), - CoreStorage: storage.(oauth2.CoreStorage), - AccessOnly: config.GetAccessOnly(), - ScopeStrategy: config.GetScopeStrategy(), + CoreStrategy: strategy.(oauth2.CoreStrategy), + CoreStorage: storage.(oauth2.CoreStorage), + ScopeStrategy: config.GetScopeStrategy(), + DisableRefreshTokenValidation: config.DisableRefreshTokenValidation, } } diff --git a/compose/config.go b/compose/config.go index a7174c2d0..f0bac50bf 100644 --- a/compose/config.go +++ b/compose/config.go @@ -19,8 +19,8 @@ type Config struct { // HashCost sets the cost of the password hashing cost. Defaults to 12. HashCost int - // AccessOnly sets whether the introspection endpoint only validates access tokens. - AccessOnly bool + // DisableRefreshTokenValidation sets the introspection endpoint to disable refresh token validation. + DisableRefreshTokenValidation bool ScopeStrategy fosite.ScopeStrategy } @@ -64,8 +64,3 @@ func (c *Config) GetHashCost() int { } return c.HashCost } - -// GetAccessOnly returns whether the introspection endpoint only validates access tokens. -func (c *Config) GetAccessOnly() bool { - return c.AccessOnly -} diff --git a/handler/oauth2/introspector.go b/handler/oauth2/introspector.go index fb5a2ebdd..db7b513e4 100644 --- a/handler/oauth2/introspector.go +++ b/handler/oauth2/introspector.go @@ -10,17 +10,13 @@ import ( type CoreValidator struct { CoreStrategy CoreStorage - AccessOnly bool - ScopeStrategy fosite.ScopeStrategy + ScopeStrategy fosite.ScopeStrategy + DisableRefreshTokenValidation bool } func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (err error) { - if c.AccessOnly { - if err = c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil { - return nil - } - - return err + if c.DisableRefreshTokenValidation { + return c.introspectAccessToken(ctx, token, accessRequest, scopes) } switch tokenType { diff --git a/handler/oauth2/introspector_test.go b/handler/oauth2/introspector_test.go index 4f1324aa7..c582c67f9 100644 --- a/handler/oauth2/introspector_test.go +++ b/handler/oauth2/introspector_test.go @@ -61,6 +61,14 @@ func TestIntrospectToken(t *testing.T) { }, expectErr: fosite.ErrTokenExpired, }, + { + description: "should fail because access token invalid", + setup: func() { + v.DisableRefreshTokenValidation = true + chgen.EXPECT().ValidateAccessToken(nil, areq, "1234").Return(errors.WithStack(fosite.ErrInvalidTokenFormat)) + }, + expectErr: fosite.ErrInvalidTokenFormat, + }, { description: "should pass", setup: func() {