(t *testing.T)
| 1023 | } |
| 1024 | |
| 1025 | func TestRevokeToken(t *testing.T) { |
| 1026 | t.Parallel() |
| 1027 | |
| 1028 | t.Run("RevokeTokenRFC_OK", func(t *testing.T) { |
| 1029 | t.Parallel() |
| 1030 | var link database.ExternalAuthLink |
| 1031 | var config *externalauth.Config |
| 1032 | fake, config, link := setupOauth2Test(t, testConfig{ |
| 1033 | FakeIDPOpts: []oidctest.FakeIDPOpt{ |
| 1034 | oidctest.WithRevokeTokenRFC(func() (int, error) { |
| 1035 | return http.StatusOK, nil |
| 1036 | }), |
| 1037 | }, |
| 1038 | }) |
| 1039 | |
| 1040 | ctx := oidc.ClientContext(testutil.Context(t, testutil.WaitLong), fake.HTTPClient(nil)) |
| 1041 | revoked, err := config.RevokeToken(ctx, link) |
| 1042 | require.NoError(t, err) |
| 1043 | require.True(t, revoked) |
| 1044 | }) |
| 1045 | |
| 1046 | t.Run("RevokeTokenRFC_WrongBearer", func(t *testing.T) { |
| 1047 | t.Parallel() |
| 1048 | fake, config, link := setupOauth2Test(t, testConfig{ |
| 1049 | FakeIDPOpts: []oidctest.FakeIDPOpt{ |
| 1050 | oidctest.WithRevokeTokenRFC(func() (int, error) { |
| 1051 | return http.StatusOK, nil |
| 1052 | }), |
| 1053 | }, |
| 1054 | }) |
| 1055 | |
| 1056 | link.OAuthAccessToken += "wrong_token" |
| 1057 | ctx := oidc.ClientContext(testutil.Context(t, testutil.WaitLong), fake.HTTPClient(nil)) |
| 1058 | revoked, err := config.RevokeToken(ctx, link) |
| 1059 | require.Error(t, err) |
| 1060 | require.Contains(t, err.Error(), "token validation failed") |
| 1061 | require.False(t, revoked) |
| 1062 | }) |
| 1063 | |
| 1064 | t.Run("RevokeTokenRFC_WrongURL", func(t *testing.T) { |
| 1065 | t.Parallel() |
| 1066 | fake, config, link := setupOauth2Test(t, testConfig{ |
| 1067 | FakeIDPOpts: []oidctest.FakeIDPOpt{ |
| 1068 | oidctest.WithRevokeTokenRFC(func() (int, error) { |
| 1069 | return http.StatusOK, nil |
| 1070 | }), |
| 1071 | }, |
| 1072 | }) |
| 1073 | |
| 1074 | config.RevokeURL = "%" |
| 1075 | ctx := oidc.ClientContext(testutil.Context(t, testutil.WaitLong), fake.HTTPClient(nil)) |
| 1076 | revoked, err := config.RevokeToken(ctx, link) |
| 1077 | require.Error(t, err) |
| 1078 | require.ErrorContains(t, err, "invalid URL escape") |
| 1079 | require.False(t, revoked) |
| 1080 | }) |
| 1081 | |
| 1082 | t.Run("RevokeTokenRFC_Timeout", func(t *testing.T) { |
nothing calls this directly
no test coverage detected