1// Copyright 2020 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package externalaccount
6
7import (
8	"golang.org/x/oauth2"
9	"net/http"
10	"net/url"
11	"reflect"
12	"testing"
13)
14
15var clientID = "rbrgnognrhongo3bi4gb9ghg9g"
16var clientSecret = "notsosecret"
17
18var audience = []string{"32555940559.apps.googleusercontent.com"}
19var grantType = []string{"urn:ietf:params:oauth:grant-type:token-exchange"}
20var requestedTokenType = []string{"urn:ietf:params:oauth:token-type:access_token"}
21var subjectTokenType = []string{"urn:ietf:params:oauth:token-type:jwt"}
22var subjectToken = []string{"eyJhbGciOiJSUzI1NiIsImtpZCI6IjJjNmZhNmY1OTUwYTdjZTQ2NWZjZjI0N2FhMGIwOTQ4MjhhYzk1MmMiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEzMzE4NTQxMDA5MDU3Mzc4MzI4IiwiaGQiOiJnb29nbGUuY29tIiwiZW1haWwiOiJpdGh1cmllbEBnb29nbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiI5OVJVYVFrRHJsVDFZOUV0SzdiYXJnIiwiaWF0IjoxNjAxNTgxMzQ5LCJleHAiOjE2MDE1ODQ5NDl9.SZ-4DyDcogDh_CDUKHqPCiT8AKLg4zLMpPhGQzmcmHQ6cJiV0WRVMf5Lq911qsvuekgxfQpIdKNXlD6yk3FqvC2rjBbuEztMF-OD_2B8CEIYFlMLGuTQimJlUQksLKM-3B2ITRDCxnyEdaZik0OVssiy1CBTsllS5MgTFqic7w8w0Cd6diqNkfPFZRWyRYsrRDRlHHbH5_TUnv2wnLVHBHlNvU4wU2yyjDIoqOvTRp8jtXdq7K31CDhXd47-hXsVFQn2ZgzuUEAkH2Q6NIXACcVyZOrjBcZiOQI9IRWz-g03LzbzPSecO7I8dDrhqUSqMrdNUz_f8Kr8JFhuVMfVug"}
23var scope = []string{"https://www.googleapis.com/auth/devstorage.full_control"}
24
25var ContentType = []string{"application/x-www-form-urlencoded"}
26
27func TestClientAuthentication_InjectHeaderAuthentication(t *testing.T) {
28	valuesH := url.Values{
29		"audience":             audience,
30		"grant_type":           grantType,
31		"requested_token_type": requestedTokenType,
32		"subject_token_type":   subjectTokenType,
33		"subject_token":        subjectToken,
34		"scope":                scope,
35	}
36	headerH := http.Header{
37		"Content-Type": ContentType,
38	}
39
40	headerAuthentication := ClientAuthentication{
41		AuthStyle:    oauth2.AuthStyleInHeader,
42		ClientID:     clientID,
43		ClientSecret: clientSecret,
44	}
45	headerAuthentication.InjectAuthentication(valuesH, headerH)
46
47	if got, want := valuesH["audience"], audience; !reflect.DeepEqual(got, want) {
48		t.Errorf("audience = %q, want %q", got, want)
49	}
50	if got, want := valuesH["grant_type"], grantType; !reflect.DeepEqual(got, want) {
51		t.Errorf("grant_type = %q, want %q", got, want)
52	}
53	if got, want := valuesH["requested_token_type"], requestedTokenType; !reflect.DeepEqual(got, want) {
54		t.Errorf("requested_token_type = %q, want %q", got, want)
55	}
56	if got, want := valuesH["subject_token_type"], subjectTokenType; !reflect.DeepEqual(got, want) {
57		t.Errorf("subject_token_type = %q, want %q", got, want)
58	}
59	if got, want := valuesH["subject_token"], subjectToken; !reflect.DeepEqual(got, want) {
60		t.Errorf("subject_token = %q, want %q", got, want)
61	}
62	if got, want := valuesH["scope"], scope; !reflect.DeepEqual(got, want) {
63		t.Errorf("scope = %q, want %q", got, want)
64	}
65	if got, want := headerH["Authorization"], []string{"Basic cmJyZ25vZ25yaG9uZ28zYmk0Z2I5Z2hnOWc6bm90c29zZWNyZXQ="}; !reflect.DeepEqual(got, want) {
66		t.Errorf("Authorization in header = %q, want %q", got, want)
67	}
68}
69
70func TestClientAuthentication_ParamsAuthentication(t *testing.T) {
71	valuesP := url.Values{
72		"audience":             audience,
73		"grant_type":           grantType,
74		"requested_token_type": requestedTokenType,
75		"subject_token_type":   subjectTokenType,
76		"subject_token":        subjectToken,
77		"scope":                scope,
78	}
79	headerP := http.Header{
80		"Content-Type": ContentType,
81	}
82	paramsAuthentication := ClientAuthentication{
83		AuthStyle:    oauth2.AuthStyleInParams,
84		ClientID:     clientID,
85		ClientSecret: clientSecret,
86	}
87	paramsAuthentication.InjectAuthentication(valuesP, headerP)
88
89	if got, want := valuesP["audience"], audience; !reflect.DeepEqual(got, want) {
90		t.Errorf("audience = %q, want %q", got, want)
91	}
92	if got, want := valuesP["grant_type"], grantType; !reflect.DeepEqual(got, want) {
93		t.Errorf("grant_type = %q, want %q", got, want)
94	}
95	if got, want := valuesP["requested_token_type"], requestedTokenType; !reflect.DeepEqual(got, want) {
96		t.Errorf("requested_token_type = %q, want %q", got, want)
97	}
98	if got, want := valuesP["subject_token_type"], subjectTokenType; !reflect.DeepEqual(got, want) {
99		t.Errorf("subject_token_type = %q, want %q", got, want)
100	}
101	if got, want := valuesP["subject_token"], subjectToken; !reflect.DeepEqual(got, want) {
102		t.Errorf("subject_token = %q, want %q", got, want)
103	}
104	if got, want := valuesP["scope"], scope; !reflect.DeepEqual(got, want) {
105		t.Errorf("scope = %q, want %q", got, want)
106	}
107	if got, want := valuesP["client_id"], []string{clientID}; !reflect.DeepEqual(got, want) {
108		t.Errorf("client_id = %q, want %q", got, want)
109	}
110	if got, want := valuesP["client_secret"], []string{clientSecret}; !reflect.DeepEqual(got, want) {
111		t.Errorf("client_secret = %q, want %q", got, want)
112	}
113}
114