forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoauth2_id_token_decoder_unittest.cc
97 lines (78 loc) · 3.18 KB
/
oauth2_id_token_decoder_unittest.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "google_apis/gaia/oauth2_id_token_decoder.h"
#include <string>
#include <vector>
#include "testing/gtest/include/gtest/gtest.h"
namespace {
const char kIdTokenInvalidJwt[] =
"dummy-header."
"..."
".dummy-signature";
const char kIdTokenInvalidJson[] =
"dummy-header."
"YWJj" // payload: abc
".dummy-signature";
const char kIdTokenEmptyServices[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbXSB9" // payload: { "services": [] }
".dummy-signature";
const char kIdTokenEmptyServicesHeaderSignature[] =
"."
"eyAic2VydmljZXMiOiBbXSB9" // payload: { "services": [] }
".";
const char kIdTokenMissingServices[] =
"dummy-header."
"eyAiYWJjIjogIiJ9" // payload: { "abc": ""}
".dummy-signature";
const char kIdTokenNotChildAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbImFiYyJdIH0=" // payload: { "services": ["abc"] }
".dummy-signature";
const char kIdTokenChildAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInVjYSJdIH0=" // payload: { "services": ["uca"] }
".dummy-signature";
const char kIdTokenAdvancedProtectionAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInRpYSJdIH0=" // payload: { "services": ["tia"] }
".dummy-signature";
const char kIdTokenChildAndAdvancedProtectionAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInRpYSIsICJ1Y2EiXSB9"
".dummy-signature"; // payload: { "services": ["tia", "uca"] }
class OAuth2IdTokenDecoderTest : public testing::Test {};
TEST_F(OAuth2IdTokenDecoderTest, Invalid) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenInvalidJwt).is_child_account);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenInvalidJson).is_child_account);
EXPECT_FALSE(
gaia::ParseServiceFlags(kIdTokenMissingServices).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, NotChild) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServices).is_child_account);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServicesHeaderSignature)
.is_child_account);
EXPECT_FALSE(
gaia::ParseServiceFlags(kIdTokenNotChildAccount).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, Child) {
EXPECT_TRUE(gaia::ParseServiceFlags(kIdTokenChildAccount).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, NotAdvancedProtection) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServices)
.is_under_advanced_protection);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServicesHeaderSignature)
.is_under_advanced_protection);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenChildAccount)
.is_under_advanced_protection);
}
TEST_F(OAuth2IdTokenDecoderTest, AdvancedProtection) {
EXPECT_TRUE(gaia::ParseServiceFlags(kIdTokenAdvancedProtectionAccount)
.is_under_advanced_protection);
gaia::TokenServiceFlags service_flags =
gaia::ParseServiceFlags(kIdTokenChildAndAdvancedProtectionAccount);
EXPECT_TRUE(service_flags.is_child_account);
EXPECT_TRUE(service_flags.is_under_advanced_protection);
}
} // namespace