chore: synchronize workspaces

ory · Apr 5, 2024 · c9a5b08 · c9a5b08
1 parent e0c3ffb
commit c9a5b08
Show file tree

Hide file tree

Showing 7 changed files with 124 additions and 17 deletions.
diff --git a/consent/sdk_test.go b/consent/sdk_test.go
@@ -6,12 +6,13 @@ package consent_test
 import (
 	"context"
 	"fmt"
-	"github.com/ory/hydra/v2/consent/test"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"
 
+	"github.com/ory/hydra/v2/consent/test"
+
 	hydra "github.com/ory/hydra-client-go/v2"
 	. "github.com/ory/hydra/v2/flow"
 

diff --git a/consent/test/manager_test_helpers.go b/consent/test/manager_test_helpers.go
@@ -7,11 +7,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"testing"
+	"time"
+
 	"github.com/ory/fosite/handler/openid"
 	"github.com/ory/hydra/v2/consent"
 	"github.com/ory/hydra/v2/oauth2"
-	"testing"
-	"time"
 
 	"github.com/ory/hydra/v2/aead"
 	"github.com/ory/hydra/v2/flow"

diff --git a/oauth2/fosite_store_helpers.go b/oauth2/fosite_store_helpers.go
@@ -7,11 +7,12 @@ import (
 	"context"
 	"crypto/sha256"
 	"fmt"
-	"github.com/ory/x/assertx"
 	"net/url"
 	"testing"
 	"time"
 
+	"github.com/ory/x/assertx"
+
 	"github.com/ory/hydra/v2/flow"
 	"github.com/ory/hydra/v2/jwk"
 
@@ -209,6 +210,7 @@ func TestHelperRunner(t *testing.T, store InternalRegistry, k string) {
 
 	}
 	t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAuthorizeCodes/db=%s", k), testHelperCreateGetDeleteAuthorizeCodes(store))
+	t.Run(fmt.Sprintf("case=testHelperExpiryFields/db=%s", k), testHelperExpiryFields(store))
 	t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAccessTokenSession/db=%s", k), testHelperCreateGetDeleteAccessTokenSession(store))
 	t.Run(fmt.Sprintf("case=testHelperNilAccessToken/db=%s", k), testHelperNilAccessToken(store))
 	t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteOpenIDConnectSession/db=%s", k), testHelperCreateGetDeleteOpenIDConnectSession(store))
@@ -377,6 +379,96 @@ func testHelperCreateGetDeleteAuthorizeCodes(x InternalRegistry) func(t *testing
 	}
 }
 
+type testHelperExpiryFieldsResult struct {
+	ExpiresAt time.Time `db:"expires_at"`
+	name      string
+}
+
+func (r testHelperExpiryFieldsResult) TableName() string {
+	return "hydra_oauth2_" + r.name
+}
+
+func testHelperExpiryFields(reg InternalRegistry) func(t *testing.T) {
+	return func(t *testing.T) {
+		m := reg.OAuth2Storage()
+		t.Parallel()
+
+		mockRequestForeignKey(t, "blank", reg, false)
+
+		ctx := context.Background()
+
+		s := NewSession("bar")
+		s.SetExpiresAt(fosite.AccessToken, time.Now().Add(time.Hour).Round(time.Minute))
+		s.SetExpiresAt(fosite.RefreshToken, time.Now().Add(time.Hour*2).Round(time.Minute))
+		s.SetExpiresAt(fosite.AuthorizeCode, time.Now().Add(time.Hour*3).Round(time.Minute))
+		request := fosite.Request{
+			ID:          uuid.New(),
+			RequestedAt: time.Now().UTC().Round(time.Second),
+			Client: &client.Client{
+				ID:       "foobar",
+				Metadata: sqlxx.JSONRawMessage("{}"),
+			},
+			RequestedScope:    fosite.Arguments{"fa", "ba"},
+			GrantedScope:      fosite.Arguments{"fa", "ba"},
+			RequestedAudience: fosite.Arguments{"ad1", "ad2"},
+			GrantedAudience:   fosite.Arguments{"ad1", "ad2"},
+			Form:              url.Values{"foo": []string{"bar", "baz"}},
+			Session:           s,
+		}
+
+		t.Run("case=CreateAccessTokenSession", func(t *testing.T) {
+			id := uuid.New()
+			err := m.CreateAccessTokenSession(ctx, id, &request)
+			require.NoError(t, err)
+
+			r := testHelperExpiryFieldsResult{name: "access"}
+			require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", x.SignatureHash(id)).First(&r))
+
+			assert.EqualValues(t, s.GetExpiresAt(fosite.AccessToken).UTC(), r.ExpiresAt.UTC())
+		})
+
+		t.Run("case=CreateRefreshTokenSession", func(t *testing.T) {
+			id := uuid.New()
+			err := m.CreateRefreshTokenSession(ctx, id, &request)
+			require.NoError(t, err)
+
+			r := testHelperExpiryFieldsResult{name: "refresh"}
+			require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+			assert.EqualValues(t, s.GetExpiresAt(fosite.RefreshToken).UTC(), r.ExpiresAt.UTC())
+		})
+
+		t.Run("case=CreateAuthorizeCodeSession", func(t *testing.T) {
+			id := uuid.New()
+			err := m.CreateAuthorizeCodeSession(ctx, id, &request)
+			require.NoError(t, err)
+
+			r := testHelperExpiryFieldsResult{name: "code"}
+			require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+			assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+		})
+
+		t.Run("case=CreatePKCERequestSession", func(t *testing.T) {
+			id := uuid.New()
+			err := m.CreatePKCERequestSession(ctx, id, &request)
+			require.NoError(t, err)
+
+			r := testHelperExpiryFieldsResult{name: "pkce"}
+			require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+			assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+		})
+
+		t.Run("case=CreateOpenIDConnectSession", func(t *testing.T) {
+			id := uuid.New()
+			err := m.CreateOpenIDConnectSession(ctx, id, &request)
+			require.NoError(t, err)
+
+			r := testHelperExpiryFieldsResult{name: "oidc"}
+			require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+			assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+		})
+	}
+}
+
 func testHelperNilAccessToken(x InternalRegistry) func(t *testing.T) {
 	return func(t *testing.T) {
 		m := x.OAuth2Storage()

diff --git a/persistence/sql/persister_nid_test.go b/persistence/sql/persister_nid_test.go
@@ -7,10 +7,11 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
-	"github.com/ory/fosite/handler/openid"
 	"testing"
 	"time"
 
+	"github.com/ory/fosite/handler/openid"
+
 	"github.com/stretchr/testify/assert"
 
 	"github.com/ory/hydra/v2/persistence"

diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go
@@ -6,16 +6,18 @@ package sql
 import (
 	"context"
 	"crypto/sha256"
-	"crypto/sha512"
 	"database/sql"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"github.com/ory/x/sqlxx"
 	"net/url"
 	"strings"
 	"time"
 
+	"github.com/ory/hydra/v2/x"
+
+	"github.com/ory/x/sqlxx"
+
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/gofrs/uuid"
@@ -337,12 +339,6 @@ func (p *Persister) InvalidateAuthorizeCodeSession(ctx context.Context, signatur
 	)
 }
 
-// SignatureHash hashes the signature to prevent errors where the signature is
-// longer than 128 characters (and thus doesn't fit into the pk).
-func SignatureHash(signature string) string {
-	return fmt.Sprintf("%x", sha512.Sum384([]byte(signature)))
-}
-
 func (p *Persister) CreateAccessTokenSession(ctx context.Context, signature string, requester fosite.Requester) (err error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateAccessTokenSession")
 	defer otelx.End(span, &err)
@@ -351,15 +347,15 @@ func (p *Persister) CreateAccessTokenSession(ctx context.Context, signature stri
 		append(toEventOptions(requester), events.WithGrantType(requester.GetRequestForm().Get("grant_type")))...,
 	)
 
-	return p.createSession(ctx, SignatureHash(signature), requester, sqlTableAccess, requester.GetSession().GetExpiresAt(fosite.AccessToken))
+	return p.createSession(ctx, x.SignatureHash(signature), requester, sqlTableAccess, requester.GetSession().GetExpiresAt(fosite.AccessToken))
 }
 
 func (p *Persister) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) {
 	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetAccessTokenSession")
 	defer otelx.End(span, &err)
 
 	r := OAuth2RequestSQL{Table: sqlTableAccess}
-	err = p.QueryWithNetwork(ctx).Where("signature = ?", SignatureHash(signature)).First(&r)
+	err = p.QueryWithNetwork(ctx).Where("signature = ?", x.SignatureHash(signature)).First(&r)
 	if errors.Is(err, sql.ErrNoRows) {
 		// Backwards compatibility: we previously did not always hash the
 		// signature before inserting. In case there are still very old (but
@@ -389,7 +385,7 @@ func (p *Persister) DeleteAccessTokenSession(ctx context.Context, signature stri
 
 	err = sqlcon.HandleError(
 		p.QueryWithNetwork(ctx).
-			Where("signature = ?", SignatureHash(signature)).
+			Where("signature = ?", x.SignatureHash(signature)).
 			Delete(&OAuth2RequestSQL{Table: sqlTableAccess}))
 	if errors.Is(err, sqlcon.ErrNoRows) {
 		// Backwards compatibility: we previously did not always hash the

diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go
@@ -5,10 +5,11 @@ package sql_test
 
 import (
 	"context"
-	"github.com/ory/hydra/v2/consent/test"
 	"testing"
 	"time"
 
+	"github.com/ory/hydra/v2/consent/test"
+
 	"github.com/go-jose/go-jose/v3"
 
 	"github.com/gobuffalo/pop/v6"

diff --git a/x/sighash.go b/x/sighash.go
@@ -0,0 +1,15 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package x
+
+import (
+	"crypto/sha512"
+	"fmt"
+)
+
+// SignatureHash hashes the signature to prevent errors where the signature is
+// longer than 128 characters (and thus doesn't fit into the pk).
+func SignatureHash(signature string) string {
+	return fmt.Sprintf("%x", sha512.Sum384([]byte(signature)))
+}