mcp-auth-proxy/pkg/repository/sql_test.go at eecbd18f113fac9abcbb8cefe31a744701655413 · sigbit/mcp-auth-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package repository

import (
	"context"
	"net/url"
	"testing"
	"time"

	"github.com/ory/fosite"
)

func TestSQLRepositoryAccessTokenSession(t *testing.T) {
	repo, err := NewSQLRepository("sqlite", "file::memory:?cache=shared")
	if err != nil {
		t.Fatalf("failed to create sql repository: %v", err)
	}
	defer repo.Close()

	ctx := context.Background()
	client := &fosite.DefaultClient{
		ID:           "client-1",
		Secret:       []byte("secret"),
		RedirectURIs: []string{"https://example.com/callback"},
	}

	req := &fosite.Request{
		ID:             "req-1",
		RequestedAt:    time.Now().UTC().Round(time.Second),
		Client:         client,
		RequestedScope: []string{"scope.read"},
		Form:           url.Values{"code": {"value"}},
	}

	if err := repo.CreateAccessTokenSession(ctx, "sig-1", req); err != nil {
		t.Fatalf("CreateAccessTokenSession failed: %v", err)
	}

	result, err := repo.GetAccessTokenSession(ctx, "sig-1", &fosite.DefaultSession{})
	if err != nil {
		t.Fatalf("GetAccessTokenSession failed: %v", err)
	}

	retrievedReq := result.(*fosite.Request)
	if retrievedReq.ID != req.ID {
		t.Fatalf("expected request ID %s, got %s", req.ID, retrievedReq.ID)
	}
	if retrievedReq.Client.GetID() != client.GetID() {
		t.Fatalf("expected client ID %s, got %s", client.GetID(), retrievedReq.Client.GetID())
	}
	if len(retrievedReq.RequestedScope) != 1 || retrievedReq.RequestedScope[0] != "scope.read" {
		t.Fatalf("unexpected requested scope: %#v", retrievedReq.RequestedScope)
	}
}

func TestSQLRepositorySessionPersistence(t *testing.T) {
	repo, err := NewSQLRepository("sqlite", "file::memory:?cache=shared&_busy_timeout=5000")
	if err != nil {
		t.Fatalf("failed to create sql repository: %v", err)
	}
	defer repo.Close()

	sess := &fosite.DefaultSession{
		Username: "test-user",
		Subject:  "test-user",
	}

	ctx := context.Background()
	client := &fosite.DefaultClient{
		ID:           "client-sess",
		Secret:       []byte("secret"),
		RedirectURIs: []string{"https://example.com/callback"},
	}

	req := &fosite.Request{
		ID:             "req-sess",
		RequestedAt:    time.Now().UTC().Round(time.Second),
		Client:         client,
		RequestedScope: []string{"openid"},
		Form:           url.Values{"code": {"value"}},
		Session:        sess,
	}

	if err := repo.CreateAuthorizeCodeSession(ctx, "code-sess", req); err != nil {
		t.Fatalf("CreateAuthorizeCodeSession failed: %v", err)
	}

	result, err := repo.GetAuthorizeCodeSession(ctx, "code-sess", &fosite.DefaultSession{})
	if err != nil {
		t.Fatalf("GetAuthorizeCodeSession failed: %v", err)
	}

	restored := result.GetSession().(*fosite.DefaultSession)
	if restored.GetSubject() != "test-user" {
		t.Fatalf("expected subject 'test-user', got '%s'", restored.GetSubject())
	}
	if restored.GetUsername() != "test-user" {
		t.Fatalf("expected username 'test-user', got '%s'", restored.GetUsername())
	}
}

func TestSQLRepositorySessionPersistence_NilSessionStored(t *testing.T) {
	repo, err := NewSQLRepository("sqlite", "file::memory:?cache=shared&_busy_timeout=5000")
	if err != nil {
		t.Fatalf("failed to create sql repository: %v", err)
	}
	defer repo.Close()

	ctx := context.Background()
	client := &fosite.DefaultClient{
		ID:           "client-old",
		Secret:       []byte("secret"),
		RedirectURIs: []string{"https://example.com/callback"},
	}

	req := &fosite.Request{
		ID:             "req-old",
		RequestedAt:    time.Now().UTC().Round(time.Second),
		Client:         client,
		RequestedScope: []string{"openid"},
		Form:           url.Values{"code": {"value"}},
	}

	if err := repo.CreateAuthorizeCodeSession(ctx, "code-old", req); err != nil {
		t.Fatalf("CreateAuthorizeCodeSession failed: %v", err)
	}

	result, err := repo.GetAuthorizeCodeSession(ctx, "code-old", &fosite.DefaultSession{})
	if err != nil {
		t.Fatalf("GetAuthorizeCodeSession failed: %v", err)
	}

	if result.GetSession() != nil {
		t.Fatalf("expected nil session when no session was stored, got %v", result.GetSession())
	}
}

func TestSQLRepositoryUnsupportedDriver(t *testing.T) {
	if _, err := NewSQLRepository("unsupported", "dsn"); err == nil {
		t.Fatalf("expected error for unsupported driver but got nil")
	}
}