Skip to content

Commit

Permalink
test: enumrate todo failure cases
Browse files Browse the repository at this point in the history 
Co-authored-by: Tommy Trøen <[email protected]>
Co-authored-by: Kim Tore Jensen <[email protected]>
  • Loading branch information
@tronghn @tommytroen @kimtore
3 people committed Nov 7, 2024
1 parent eef1a32 commit 69238f8
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 11 deletions.
28 changes: 19 additions & 9 deletions src/app.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,20 +137,30 @@ mod tests {
invalid_content_type_in_token_request(address.to_string()).await;

// TODO: implement these tests:
// * Upstream:
// * upstream is down
// * upstream returns status code >= 400
// * /token
// * upstream network error / reqwest error
// * upstream responded with code >= 400
// * json deserialize error
// * oauth error
// * upstream responded with non-error code but non-json response
//
// * /token/exchange
// * user token is invalid during exchange (plus variations)
//
// * /token
// * invalid ID provider for our endpoints
// * missing or empty user token
// * upstream network error / reqwest error
// * upstream responded with code >= 400
// * json deserialize error
// * oauth error
// * upstream responded with non-error code but non-json response
//
// * /introspect
// * token is not a jwt
// * token does not contain iss claim
// * token is issued by unrecognized issuer
// * token has invalid header
// * token does not have kid (key id) in header
// * token is signed with a key that is not in the jwks
// * invalid or expired timestamps in nbf, iat, exp
// * invalid aud
// * plus all errors in /token/exchange
// * invalid or missing aud (for certain providers)

join_handler.abort();
}
Expand Down
2 changes: 1 addition & 1 deletion src/identity_provider.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,6 @@ where

fn create_assertion(&self, target: String) -> String {
let assertion = A::new(self.token_endpoint.clone(), self.client_id.clone(), target);
serialize(assertion, &self.client_assertion_header, &self.private_jwk).unwrap()
serialize(assertion, &self.client_assertion_header, &self.private_jwk).unwrap() // FIXME: don't unwrap
}
}
4 changes: 3 additions & 1 deletion src/jwks.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ pub enum Error {
JsonDecode(reqwest::Error),
#[error("json web key set has key with blank key id")]
MissingKeyID,
#[error("missing key id from token header")]
MissingKeyIDInTokenHeader,
#[error("signing key with {0} not in json web key set")]
KeyNotInJWKS(String),
#[error("invalid token header: {0}")]
Expand Down Expand Up @@ -94,7 +96,7 @@ impl Jwks {
let key_id = jwt::decode_header(token)
.map_err(Error::InvalidTokenHeader)?
.kid
.ok_or(Error::MissingKeyID)?;
.ok_or(Error::MissingKeyIDInTokenHeader)?;

// Refresh key store if needed before validating.
let signing_key = match self.keys.get(&key_id) {
Expand Down

0 comments on commit 69238f8

Please sign in to comment.