(t *testing.T)
| 35 | ) |
| 36 | |
| 37 | func TestRefreshToken(t *testing.T) { |
| 38 | t.Parallel() |
| 39 | expired := time.Now().Add(time.Hour * -1) |
| 40 | |
| 41 | t.Run("NoRefreshExpired", func(t *testing.T) { |
| 42 | t.Parallel() |
| 43 | fake, config, link := setupOauth2Test(t, testConfig{ |
| 44 | FakeIDPOpts: []oidctest.FakeIDPOpt{ |
| 45 | oidctest.WithRefresh(func(_ string) error { |
| 46 | t.Error("refresh on the IDP was called, but NoRefresh was set") |
| 47 | return xerrors.New("should not be called") |
| 48 | }), |
| 49 | // The IDP should not be contacted since the token is expired. An expired |
| 50 | // token with 'NoRefresh' should early abort. |
| 51 | oidctest.WithDynamicUserInfo(func(_ string) (jwt.MapClaims, error) { |
| 52 | t.Error("token was validated, but it was expired and this should never have happened.") |
| 53 | return nil, xerrors.New("should not be called") |
| 54 | }), |
| 55 | }, |
| 56 | ExternalAuthOpt: func(cfg *externalauth.Config) { |
| 57 | cfg.NoRefresh = true |
| 58 | }, |
| 59 | }) |
| 60 | |
| 61 | ctx := oidc.ClientContext(context.Background(), fake.HTTPClient(nil)) |
| 62 | // Expire the link |
| 63 | link.OAuthExpiry = expired |
| 64 | |
| 65 | _, err := config.RefreshToken(ctx, nil, link) |
| 66 | require.Error(t, err) |
| 67 | require.True(t, externalauth.IsInvalidTokenError(err)) |
| 68 | require.Contains(t, err.Error(), "refreshing is either disabled or refreshing failed") |
| 69 | }) |
| 70 | |
| 71 | // NoRefreshNoExpiry tests that an oauth token without an expiry is always valid. |
| 72 | // The "validate url" should be hit, but the refresh endpoint should not. |
| 73 | t.Run("NoRefreshNoExpiry", func(t *testing.T) { |
| 74 | t.Parallel() |
| 75 | |
| 76 | validated := false |
| 77 | fake, config, link := setupOauth2Test(t, testConfig{ |
| 78 | FakeIDPOpts: []oidctest.FakeIDPOpt{ |
| 79 | oidctest.WithRefresh(func(_ string) error { |
| 80 | t.Error("refresh on the IDP was called, but NoRefresh was set") |
| 81 | return xerrors.New("should not be called") |
| 82 | }), |
| 83 | oidctest.WithDynamicUserInfo(func(_ string) (jwt.MapClaims, error) { |
| 84 | validated = true |
| 85 | return jwt.MapClaims{}, nil |
| 86 | }), |
| 87 | }, |
| 88 | ExternalAuthOpt: func(cfg *externalauth.Config) { |
| 89 | cfg.NoRefresh = true |
| 90 | }, |
| 91 | }) |
| 92 | |
| 93 | ctx := oidc.ClientContext(context.Background(), fake.HTTPClient(nil)) |
| 94 |
nothing calls this directly
no test coverage detected