package domain_test //nolint:gosec // support old clients import ( "crypto/md5" "crypto/sha1" "crypto/sha256" "crypto/sha512" "encoding/base64" "hash" "testing" "github.com/brianvoe/gofakeit/v6" "source.toby3d.me/toby3d/auth/internal/domain" "source.toby3d.me/toby3d/auth/internal/random" ) func TestParseCodeChallengeMethod(t *testing.T) { t.Parallel() for name, tc := range map[string]struct { input string expect domain.CodeChallengeMethod }{ "PLAIN": {input: "plain", expect: domain.CodeChallengeMethodPLAIN}, "MD5": {input: "md5", expect: domain.CodeChallengeMethodMD5}, "S1": {input: "s1", expect: domain.CodeChallengeMethodS1}, "S256": {input: "s256", expect: domain.CodeChallengeMethodS256}, "S512": {input: "s512", expect: domain.CodeChallengeMethodS512}, } { t.Run(name, func(t *testing.T) { t.Parallel() actual, err := domain.ParseCodeChallengeMethod(tc.input) if err != nil { t.Fatal(err) } if actual != tc.expect { t.Errorf("ParseCodeChallengeMethod(%s) = %v, want %v", tc.input, actual, tc.expect) } }) } } func TestCodeChallengeMethod_UnmarshalForm(t *testing.T) { t.Parallel() input := []byte("s256") actual := domain.CodeChallengeMethodUnd if err := actual.UnmarshalForm(input); err != nil { t.Fatal(err) } if actual != domain.CodeChallengeMethodS256 { t.Errorf("UnmarshalForm(%s) = %v, want %v", input, actual, domain.CodeChallengeMethodS256) } } func TestCodeChallengeMethod_UnmarshalJSON(t *testing.T) { t.Parallel() input := []byte(`"S256"`) actual := domain.CodeChallengeMethodUnd if err := actual.UnmarshalJSON(input); err != nil { t.Fatal(err) } if actual != domain.CodeChallengeMethodS256 { t.Errorf("UnmarshalJSON(%s) = %v, want %v", input, actual, domain.CodeChallengeMethodS256) } } func TestCodeChallengeMethod_String(t *testing.T) { t.Parallel() for name, tc := range map[string]struct { input domain.CodeChallengeMethod expect string }{ "plain": {input: domain.CodeChallengeMethodPLAIN, expect: "PLAIN"}, "md5": {input: domain.CodeChallengeMethodMD5, expect: "MD5"}, "s1": {input: domain.CodeChallengeMethodS1, expect: "S1"}, "s256": {input: domain.CodeChallengeMethodS256, expect: "S256"}, "s512": {input: domain.CodeChallengeMethodS512, expect: "S512"}, } { t.Run(name, func(t *testing.T) { t.Parallel() if actual := tc.input.String(); actual != tc.expect { t.Errorf("String() = %v, want %v", actual, tc.expect) } }) } } //nolint:gosec // support old clients func TestCodeChallengeMethod_Validate(t *testing.T) { t.Parallel() verifier, err := random.String(uint8(gofakeit.Number(43, 128))) if err != nil { t.Fatal(err) } for name, tc := range map[string]struct { hash hash.Hash input domain.CodeChallengeMethod ok bool }{ "invalid": {input: domain.CodeChallengeMethodS256, hash: md5.New(), ok: true}, "MD5": {input: domain.CodeChallengeMethodMD5, hash: md5.New(), ok: false}, "plain": {input: domain.CodeChallengeMethodPLAIN, hash: nil, ok: false}, "S1": {input: domain.CodeChallengeMethodS1, hash: sha1.New(), ok: false}, "S256": {input: domain.CodeChallengeMethodS256, hash: sha256.New(), ok: false}, "S512": {input: domain.CodeChallengeMethodS512, hash: sha512.New(), ok: false}, "Und": {input: domain.CodeChallengeMethodUnd, hash: nil, ok: true}, } { t.Run(name, func(t *testing.T) { t.Parallel() var codeChallenge string switch tc.input { case domain.CodeChallengeMethodUnd, domain.CodeChallengeMethodPLAIN: codeChallenge = verifier default: hash := tc.hash hash.Reset() if _, err := hash.Write([]byte(verifier)); err != nil { t.Error(err) } codeChallenge = base64.RawURLEncoding.EncodeToString(hash.Sum(nil)) } if actual := tc.input.Validate(codeChallenge, verifier); actual != !tc.ok { t.Errorf("Validate(%s, %s) = %t, want %t", codeChallenge, verifier, actual, tc.ok) } }) } } func TestCodeChallengeMethod_Validate_IndieAuth(t *testing.T) { t.Parallel() if ok := domain.CodeChallengeMethodS256.Validate( "ALiMNf5FvF_LIWLhSkd9tjPKh3PEmai2OrdDBzrVZ3M", "6f535c952339f0670311b4bbec5c41c00805e83291fc7eb15ca4963f82a4d57595787dcc6ee90571fb7789cbd521fe0178ed", ); !ok { t.Errorf("Validate(%s, %s) = %t, want %t", "ALiMNf5FvF_LIWLhSkd9tjPKh3PEmai2OrdDBzrVZ3M", "6f535c952339f0670311b4bbec5c41c00805e83291fc7eb15ca4963f82a4d57595787dcc6ee90571fb7789cbd521"+ "fe0178ed", ok, true) } }