Skip to content

Commit

Permalink
feat: add size test
Browse files Browse the repository at this point in the history
  • Loading branch information
alnr committed Oct 10, 2024
1 parent 7ee7b82 commit bdee94c
Show file tree
Hide file tree
Showing 2 changed files with 143 additions and 5 deletions.
14 changes: 9 additions & 5 deletions flow/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ type Flow struct {
// Client is the OAuth 2.0 Client that initiated the request.
//
// required: true
Client *client.Client `db:"-" json:"-"`
Client *client.Client `db:"-" json:"client,omitempty"`
ClientID string `db:"client_id" json:"ci,omitempty"`

// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
Expand Down Expand Up @@ -510,33 +510,37 @@ type CipherProvider interface {
}

// ToLoginChallenge converts the flow into a login challenge.
func (f *Flow) ToLoginChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
func (f Flow) ToLoginChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
if f.Client != nil {
f.ClientID = f.Client.GetID()
}
f.Client = nil
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsLoginChallenge)
}

// ToLoginVerifier converts the flow into a login verifier.
func (f *Flow) ToLoginVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
func (f Flow) ToLoginVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
if f.Client != nil {
f.ClientID = f.Client.GetID()
}
f.Client = nil
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsLoginVerifier)
}

// ToConsentChallenge converts the flow into a consent challenge.
func (f *Flow) ToConsentChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
func (f Flow) ToConsentChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
if f.Client != nil {
f.ClientID = f.Client.GetID()
}
f.Client = nil
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsConsentChallenge)
}

// ToConsentVerifier converts the flow into a consent verifier.
func (f *Flow) ToConsentVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
func (f Flow) ToConsentVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
if f.Client != nil {
f.ClientID = f.Client.GetID()
}
f.Client = nil
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsConsentVerifier)
}
134 changes: 134 additions & 0 deletions oauth2/flowctx/encoding_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package flowctx_test

import (
"context"
"encoding/json"
"testing"
"time"

"github.com/gofrs/uuid"
"github.com/stretchr/testify/require"

"github.com/ory/hydra/v2/aead"
"github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/oauth2/flowctx"
"github.com/ory/x/pointerx"
"github.com/ory/x/sqlxx"
)

func TestEncoding(t *testing.T) {
f := flow.Flow{
ID: uuid.Must(uuid.NewV4()).String(),
NID: uuid.Must(uuid.NewV4()),
RequestedScope: []string{"scope1", "scope2"},
RequestedAudience: []string{"https://api.example.org/v1", "https://api.example.org/v2"},
LoginSkip: false,
Subject: "[email protected]",
OpenIDConnectContext: &flow.OAuth2ConsentRequestOpenIDConnectContext{
ACRValues: []string{"acr1", "acr2"},
UILocales: []string{"en-US", "en-GB"},
Display: "page",
IDTokenHintClaims: map[string]interface{}{"claim1": "value1", "claim2": "value2"},
LoginHint: "some-login-hint",
},
Client: &client.Client{
ID: uuid.Must(uuid.NewV4()).String(),
NID: uuid.Must(uuid.NewV4()),
Name: "some-client-name",
Secret: "some-supersafe-secret",
RedirectURIs: []string{
"https://redirect1.example.org/callback",
"https://redirect2.example.org/callback",
},
GrantTypes: []string{"authorization_code", "refresh_token"},
ResponseTypes: []string{"code"},
Scope: "scope1 scope2",
Audience: sqlxx.StringSliceJSONFormat{"https://api.example.org/v1 https://api.example.org/v2"},
Owner: "some-owner",
TermsOfServiceURI: "https://tos.example.org",
PolicyURI: "https://policy.example.org",
ClientURI: "https://client.example.org",
LogoURI: "https://logo.example.org",
Contacts: []string{"contact1", "contact2"},
SubjectType: "public",
JSONWebKeysURI: "https://jwks.example.org",
JSONWebKeys: nil, // TODO?
TokenEndpointAuthMethod: "client_secret_basic",
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
AllowedCORSOrigins: []string{"https://cors1.example.org", "https://cors2.example.org"},
Metadata: sqlxx.JSONRawMessage(`{"client-metadata-key1": "val1"}`),
AccessTokenStrategy: "jwt",
SkipConsent: true,
},
RequestURL: "https://auth.hydra.local/oauth2/auth?client_id=some-client-id&response_type=code&scope=scope1+scope2&redirect_uri=https%3A%2F%2Fredirect1.example.org%2Fcallback&state=some-state&nonce=some-nonce",
SessionID: sqlxx.NullString("some-session-id"),
LoginCSRF: uuid.Must(uuid.NewV4()).String(),
LoginInitializedAt: sqlxx.NullTime(time.Now()),
RequestedAt: time.Now(),
State: 1,
LoginRemember: true,
LoginRememberFor: 3600,
Context: sqlxx.JSONRawMessage(`{"context-key1": "val1"}`),
GrantedScope: []string{"scope1", "scope2"},
GrantedAudience: []string{"https://api.example.org/v1", "https://api.example.org/v2"},
ConsentRemember: true,
ConsentRememberFor: pointerx.Int(3600),
ConsentHandledAt: sqlxx.NullTime(time.Now()),
SessionIDToken: sqlxx.MapStringInterface{
"session-id-token-key1": "val1",
"session-id-token-key2": "val2",
uuid.Must(uuid.NewV4()).String(): "val3",
uuid.Must(uuid.NewV4()).String(): "val4",
uuid.Must(uuid.NewV4()).String(): "val5",
},
SessionAccessToken: sqlxx.MapStringInterface{
"session-access-token-key1": "val1",
"session-access-token-key2": "val2",
uuid.Must(uuid.NewV4()).String(): "val3",
uuid.Must(uuid.NewV4()).String(): "val4",
uuid.Must(uuid.NewV4()).String(): "val5",
},
}

ctx := context.Background()

t.Run("with client", func(t *testing.T) {
j, err := json.Marshal(f)
require.NoError(t, err)
t.Logf("Length (JSON): %d", len(j))
cp := new(cipherProvider)
consentVerifier, err := flowctx.Encode(ctx, cp.FlowCipher(), f, flowctx.AsConsentVerifier)
require.NoError(t, err)
t.Logf("Length (JSON+GZIP+AEAD): %d", len(consentVerifier))
})
t.Run("without client", func(t *testing.T) {
f := f
f.Client = nil
j, err := json.Marshal(f)
require.NoError(t, err)
t.Logf("Length (JSON): %d", len(j))
cp := new(cipherProvider)
consentVerifier, err := f.ToConsentVerifier(ctx, cp)
require.NoError(t, err)
t.Logf("Length (JSON+GZIP+AEAD): %d", len(consentVerifier))
})
}

type cipherProvider struct{}

func (c *cipherProvider) FlowCipher() *aead.XChaCha20Poly1305 {
return aead.NewXChaCha20Poly1305(c)
}

func (c *cipherProvider) GetGlobalSecret(context.Context) ([]byte, error) {
return []byte("supersecret123456789123456789012"), nil
}

func (c *cipherProvider) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error) {
return nil, nil
}

0 comments on commit bdee94c

Please sign in to comment.