Skip to content

Commit 2f80ce9

Browse files
Test resolve resource server with opaque access token
1 parent f652d5c commit 2f80ce9

File tree

4 files changed

+66
-1
lines changed

4 files changed

+66
-1
lines changed

deps/rabbitmq_auth_backend_oauth2/src/rabbit_auth_backend_oauth2.erl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,7 @@ ensure_same_username(PreferredUsernameClaims, CurrentDecodedToken, NewDecodedTok
204204
_ -> {error, mismatch_username_after_token_refresh}
205205
end.
206206

207+
207208
validate_token_expiry(#{<<"exp">> := Exp}) when is_integer(Exp) ->
208209
Now = os:system_time(seconds),
209210
case Exp =< Now of

deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_resource_server.erl

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
-export([
1313
resolve_resource_server_from_audience/1,
14+
resolve_single_resource_server_with_opaque_access_token_format/0,
1415
new_resource_server/1
1516
]).
1617

@@ -57,6 +58,38 @@ resolve_resource_server_from_audience(Audience) ->
5758
{ok, get_resource_server(ResourceServerId)}
5859
end.
5960

61+
-spec resolve_single_resource_server_with_opaque_access_token_format() ->
62+
{ok, resource_server()} |
63+
{error, too_many_matched_resource_servers_only_one_allowed} |
64+
{error, no_resource_server_found}.
65+
resolve_single_resource_server_with_opaque_access_token_format() ->
66+
case get_root_resource_server_id() of
67+
<<>> ->
68+
find_unique_resource_server_with_opaque_access_token_format();
69+
_ ->
70+
Root = get_root_resource_server(),
71+
case Root#resource_server.access_token_format of
72+
opaque -> {ok, Root};
73+
_ -> find_unique_resource_server_with_opaque_access_token_format()
74+
end
75+
end.
76+
77+
find_unique_resource_server_with_opaque_access_token_format() ->
78+
Map0 = maps:fold(fun(K,V,Acc)->
79+
case V#resource_server.access_token_format of
80+
opaque ->
81+
case maps:is_key(V#resource_server.oauth_provider_id, Acc) of
82+
false -> maps:put(V#resource_server.oauth_provider_id, K, Acc);
83+
true -> Acc
84+
end;
85+
_ -> Acc
86+
end end, #{}, get_env(resource_servers, #{})),
87+
case maps:size(Map0) of
88+
0 -> {error, no_resource_server_found};
89+
1 -> {ok, lists:last(maps:values(Map0))};
90+
_ -> {error, too_many_matched_resource_servers_only_one_allowed}
91+
end.
92+
6093
-spec get_root_resource_server_id() -> resource_server_id().
6194
get_root_resource_server_id() ->
6295
get_env(resource_server_id, <<>>).

deps/rabbitmq_auth_backend_oauth2/src/uaa_jwt.erl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,16 @@ verify_signing_key(Type, Value) ->
165165
Err -> Err
166166
end.
167167

168+
% introspect_token(OpaqueToken) ->
169+
% case rabbit_oauth2_resource_server:resolve_single_resource_server_with_opaque_access_token_format() of
170+
% ResourceServer ->
171+
% case oauth2_client:get_oauth_provider(ResourceServer#resource_server.oauth_provider_id,
172+
% [introspection_endpoint]) of
173+
% Provider ->
174+
% Provider#oauth_provider.
175+
% {error,_} = Error -> Error
176+
% end.
177+
168178
-spec get_scope(map()) -> binary() | list().
169179
get_scope(#{?SCOPE_JWT_FIELD := Scope}) -> Scope;
170180
get_scope(#{}) -> [].

deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_resource_server_SUITE.erl

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,9 @@
1919
-define(OAUTH_PROVIDER_B,<<"B">>).
2020

2121
-import(oauth2_client, [get_oauth_provider/2]).
22-
-import(rabbit_oauth2_resource_server, [resolve_resource_server_from_audience/1]).
22+
-import(rabbit_oauth2_resource_server,
23+
[resolve_resource_server_from_audience/1,
24+
resolve_single_resource_server_with_opaque_access_token_format/0]).
2325

2426

2527
all() -> [
@@ -38,6 +40,10 @@ groups() -> [
3840
resolve_resource_server_for_none_audience_returns_rabbitmq,
3941
resolve_resource_server_for_unknown_audience_returns_rabbitmq
4042
]},
43+
cannot_resolve_resource_server_for_opaque_access_token,
44+
{with_opaque_access_token_format, [], [
45+
resolve_resource_server_for_opaque_access_token
46+
]},
4147
{verify_get_rabbitmq_server_configuration, [],
4248
verify_get_rabbitmq_server_configuration()}
4349
]},
@@ -205,6 +211,10 @@ init_per_group(with_two_resource_servers, Config) ->
205211
[{?RABBITMQ_RESOURCE_ONE, RabbitMQ1}, {?RABBITMQ_RESOURCE_TWO, RabbitMQ2}]
206212
++ Config;
207213

214+
init_per_group(with_opaque_access_token_format, Config) ->
215+
set_env(access_token_format, opaque),
216+
Config;
217+
208218
init_per_group(_any, Config) ->
209219
Config.
210220

@@ -256,6 +266,10 @@ end_per_group(with_scope_aliases, Config) ->
256266
unset_env(scope_aliases),
257267
Config;
258268

269+
end_per_group(with_opaque_access_token_format, Config) ->
270+
unset_env(access_token_format),
271+
Config;
272+
259273
end_per_group(_any, Config) ->
260274
Config.
261275

@@ -304,6 +318,13 @@ resolve_resource_server_id_for_both_resources_returns_error(_) ->
304318
assert_resource_server_id({error, aud_matched_many_resource_servers_only_one_allowed},
305319
[?RABBITMQ_RESOURCE_TWO, ?RABBITMQ_RESOURCE_ONE]).
306320

321+
resolve_resource_server_for_opaque_access_token(_) ->
322+
{ok, Actual} = resolve_single_resource_server_with_opaque_access_token_format(),
323+
?assertEqual(?RABBITMQ, Actual#resource_server.id).
324+
325+
cannot_resolve_resource_server_for_opaque_access_token(_) ->
326+
{error, no_resource_server_found} = resolve_single_resource_server_with_opaque_access_token_format().
327+
307328
rabbitmq_verify_aud_is_true(_) ->
308329
assert_verify_aud(true, ?RABBITMQ).
309330

0 commit comments

Comments
 (0)