Fix first basic tests

Author: MarcialRosales

deps/oauth2_client/include/types.hrl

@@ -88,3 +88,10 @@
 }).
 
 -type introspect_token_request() :: #introspect_token_request{}.
+
+-record(unsuccessful_introspect_token_response, {
+    error :: integer(),
+    error_description :: binary() | string() | undefined
+}).
+
+-type unsuccessful_introspect_token_response() :: #unsuccessful_introspect_token_response{}.

deps/oauth2_client/src/oauth2_client.erl

@@ -63,9 +63,9 @@ introspect_token(Token) ->
                                 undefined -> [];
                                 SSL ->  [{ssl, SSL}]
                           end ++ get_default_timeout(),
-            Options = [],
+            Options = [],            
             Response = httpc:request(post, {URL, Header, Type, Body}, HTTPOptions, Options),
-            parse_access_token_response(Response);
+            parse_introspect_token_response(Response);
         {error, _} = Error -> Error            
     end.    
 
@@ -89,7 +89,7 @@ build_introspect_authorization_header_if_any(#introspect_token_request{
         client_secret = ClientSecret}) ->
     case Method of 
         basic ->
-            Credentials = binary_to_list(<<ClientId/binary,":",ClientSecret/binary>>),
+            Credentials = erlang:iolist_to_binary([ClientId, <<":">>,ClientSecret ]),
             AuthStr = base64:encode_to_string(Credentials),
             [{"Authorization", "Basic " ++ AuthStr}];
         _ -> []
@@ -105,10 +105,10 @@ build_introspection_request() ->
             end;
         {error, _} = Error -> Error
     end,
-    Providers = case Result of 
+    case Result of 
         {ok, _} -> Result;
         {error, _} -> 
-            maps:filter(fun(K,_V) -> 
+            Providers = maps:filter(fun(K,_V) -> 
                 case get_oauth_provider(K, [introspection_endpoint]) of 
                     {error, _} -> false;
                     {ok, P} -> 
@@ -120,13 +120,13 @@ build_introspection_request() ->
                             {_Id, _Secret, _Endpoint} -> true
                         end
                 end
-            end, get_env(oauth_providers, #{}))
-        end,
-    case maps:size(Providers) of 
-        0 -> {error, not_found_introspection_endpoint};
-        1 -> {ok, build_introspection_request(lists:last(maps:values(Providers))) };
-        _ -> {error, too_many_introspection_endpoints}
-    end.
+            end, get_env(oauth_providers, #{})),
+            case maps:size(Providers) of 
+                0 -> {error, not_found_introspection_endpoint};
+                1 -> {ok, build_introspection_request(lists:last(maps:values(Providers))) };
+                _ -> {error, too_many_introspection_endpoints}
+            end
+    end.    
 
 build_introspection_request(Provider) ->
     #introspect_token_request{
@@ -606,13 +606,17 @@ build_refresh_token_request_body(Request) ->
 grant_type_request_parameter(Type) ->
     {?REQUEST_GRANT_TYPE, Type}.
 
+client_id_request_parameter(ClientId) when is_binary(ClientId) ->
+    {?REQUEST_CLIENT_ID, binary_to_list(ClientId)};
+
 client_id_request_parameter(ClientId) ->
-    {?REQUEST_CLIENT_ID,
-        binary_to_list(ClientId)}.
+    {?REQUEST_CLIENT_ID, ClientId}.
+
+client_secret_request_parameter(ClientSecret)when is_binary(ClientSecret) ->
+    {?REQUEST_CLIENT_SECRET, binary_to_list(ClientSecret)};
 
-client_secret_request_parameter(ClientSecret) ->
-    {?REQUEST_CLIENT_SECRET,
-        binary_to_list(ClientSecret)}.
+client_secret_request_parameter(ClientSecret)  ->
+    {?REQUEST_CLIENT_SECRET, ClientSecret}.
 
 refresh_token_request_parameter(Request) ->
     {?REQUEST_REFRESH_TOKEN, Request#refresh_token_request.refresh_token}.
@@ -725,11 +729,39 @@ map_to_access_token_response(Code, Reason, Headers, Body) ->
                 _ ->   {error, Reason}
             end
     end.
+map_to_introspect_token_response(Code, Reason, Headers, Body) ->
+    case decode_body(proplists:get_value("content-type", Headers, ?CONTENT_JSON), Body) of
+        {error, {error, InternalError}} ->
+            {error, InternalError};
+        {error, _} = Error ->
+            Error;
+        Value ->
+            case Code of
+                200 -> {ok, Value};
+                201 -> {ok, Value};
+                204 -> {ok, []};
+                400 -> {error, map_to_unsuccessful_introspect_token_response(Value)};
+                401 -> {error, map_to_unsuccessful_introspect_token_response(Value)};
+                _ ->   {error, Reason}
+            end
+    end.
+map_to_unsuccessful_introspect_token_response(Map) ->
+    #unsuccessful_introspect_token_response{
+        error = maps:get(?RESPONSE_ERROR, Map),
+        error_description = maps:get(?RESPONSE_ERROR_DESCRIPTION, Map, undefined)
+    }.
 parse_access_token_response({error, Reason}) ->
     {error, Reason};
 parse_access_token_response({ok,{{_,Code,Reason}, Headers, Body}}) ->
     map_to_access_token_response(Code, Reason, Headers, Body).
 
+parse_introspect_token_response({error, Reason}) ->
+    ct:log("parse_introspect_token_response error ~p", [Reason]),
+    {error, Reason};
+parse_introspect_token_response({ok,{{_,Code,Reason}, Headers, Body}}) ->
+    ct:log("parse_introspect_token_response ok "),
+    map_to_introspect_token_response(Code, Reason, Headers, Body).
+
 -spec format_ssl_options([ssl:tls_client_option()]) -> string().
 format_ssl_options(TlsOptions) ->
     CaCertsCount = case proplists:get_value(cacerts, TlsOptions, []) of
@@ -753,14 +785,19 @@ format_oauth_provider(OAuthProvider) ->
     lists:flatten(io_lib:format("{id: ~p, issuer: ~p, discovery_endpoint: ~p, " ++
         " token_endpoint: ~p, " ++
         "authorization_endpoint: ~p, end_session_endpoint: ~p, " ++
-        "introspection_endpoint: ~p, jwks_uri: ~p, ssl_options: ~p }", [
+        "introspection{endpoint: ~p, client_id: ~p, has client_secret: ~p} jwks_uri: ~p, ssl_options: ~p }", [
         format_oauth_provider_id(OAuthProvider#oauth_provider.id),
         OAuthProvider#oauth_provider.issuer,
         OAuthProvider#oauth_provider.discovery_endpoint,
         OAuthProvider#oauth_provider.token_endpoint,
         OAuthProvider#oauth_provider.authorization_endpoint,
         OAuthProvider#oauth_provider.end_session_endpoint,
         OAuthProvider#oauth_provider.introspection_endpoint,
+        OAuthProvider#oauth_provider.introspection_client_id,
+        case OAuthProvider#oauth_provider.introspection_client_secret of 
+            undefined -> false;
+            _ -> true 
+        end,
         OAuthProvider#oauth_provider.jwks_uri,
         format_ssl_options(OAuthProvider#oauth_provider.ssl_options)])).
 

deps/oauth2_client/test/oauth_http_mock.erl

@@ -35,7 +35,7 @@ match_request(Req, #{method := Method} = ExpectedRequest) ->
     end,
     case maps:is_key(headers, ExpectedRequest) of 
         true -> maps:foreach(fun(K,V) -> 
-            ?assertEqual(V, cowbow_req:header(K, Req)) end, 
+            ?assertEqual(V, cowboy_req:header(K, Req)) end, 
                 maps:get(headers, ExpectedRequest));
         false -> ok
     end.

deps/oauth2_client/test/system_SUITE.erl

@@ -17,7 +17,7 @@
 -compile(export_all).
 
 -define(MOCK_OPAQUE_TOKEN, <<"some opaque token">>).
--define(MOCK_INTROSPECTION_ENDPOINT, <<"/introspection">>).
+-define(MOCK_INTROSPECTION_ENDPOINT, <<"/introspect">>).
 -define(MOCK_TOKEN_ENDPOINT, <<"/token">>).
 -define(AUTH_PORT, 8000).
 -define(ISSUER_PATH, "/somepath").
@@ -47,12 +47,15 @@ groups() ->
             cannot_introspect_due_to_missing_configuration,
             {with_introspection_endpoint, [], [
                 cannot_introspect_due_to_missing_configuration,
-                {with_introspection_basic_client_credentials, [], [
-                    can_introspect_token
-                ]},
-                {with_introspection_request_param_client_credentials, [], [
-                    can_introspect_token
+                {https, [], [
+                    {with_introspection_basic_client_credentials, [], [
+                        can_introspect_token
+                    ]},
+                    {with_introspection_request_param_client_credentials, [], [
+                        can_introspect_token
+                    ]}
                 ]}
+                
             ]}
         ]}        
     ]},
@@ -170,31 +173,31 @@ init_per_group(with_default_oauth_provider, Config) ->
 
 init_per_group(with_introspection_endpoint, Config) ->    
     application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint,
-        "https://introspection"),
+        build_token_introspection_endpoint("https")),
     Config;
 
 init_per_group(with_introspection_basic_client_credentials, Config) ->    
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_id,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_id,
         "some-client-id"),
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_secret,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_secret,
         "some-client-secret"),
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_auth_method,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_auth_method,
         basic),
-    [{with_introspection_basic_client_credentials, [
+    [{can_introspect_token, [
             {introspection_endpoint, build_http_mock_behaviour(
                 build_introspection_token_request(?MOCK_OPAQUE_TOKEN, basic, <<"some-client-id">>, 
                     <<"some-client-secret">>),
                 build_http_200_introspection_token_response())}
         ]} | Config];    
 
 init_per_group(with_introspection_request_param_client_credentials, Config) ->    
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_id,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_id,
         "some-client-id"),
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_secret,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_secret,
         "some-client-secret"),
-    application:set_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_auth_method,
+    application:set_env(rabbitmq_auth_backend_oauth2, introspection_client_auth_method,
         request_param),
-    [{with_introspection_request_param_client_credentials, [
+    [{can_introspect_token, [
             {introspection_endpoint, build_http_mock_behaviour(
                 build_introspection_token_request(?MOCK_OPAQUE_TOKEN, request_param, <<"some-client-id">>, 
                     <<"some-client-secret">>),
@@ -365,6 +368,18 @@ end_per_group(with_introspection_endpoint, Config) ->
     application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint),
     Config;
 
+end_per_group(with_introspection_basic_client_credentials, Config) ->    
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_id),
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_secret),
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_auth_method),
+    Config;
+
+end_per_group(with_introspection_request_param_client_credentials, Config) ->    
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_id),
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_secret),
+    application:unset_env(rabbitmq_auth_backend_oauth2, introspection_endpoint_client_auth_method),
+    Config;
+
 end_per_group(_, Config) ->
     Config.
 
@@ -666,10 +681,10 @@ jwks_uri_takes_precedence_over_jwks_url(_Config) ->
 
 
 cannot_introspect_due_to_missing_configuration(_Config)->
-    {error, not_found_introspection_endpoint} = oauth2_client:introspect_token(<<"some token">>).
+    {error, not_found_introspection_endpoint} = oauth2_client:introspect_token(?MOCK_OPAQUE_TOKEN).
 
 can_introspect_token(_Config) ->
-    {ok, _} = oauth2_client:introspect_token(<<"some token">>).
+    {ok, _} = oauth2_client:introspect_token(?MOCK_OPAQUE_TOKEN).
 
 %%% HELPERS
 
@@ -697,6 +712,12 @@ build_jwks_uri(Scheme, Path) ->
                          port => rabbit_data_coercion:to_integer(?AUTH_PORT),
                          path => Path}).
 
+build_token_introspection_endpoint(Scheme) ->
+    uri_string:recompose(#{scheme => Scheme,
+                        host => "localhost",
+                        port => rabbit_data_coercion:to_integer(?AUTH_PORT),
+                        path => "/introspect"}).
+
 build_access_token_request(Request) ->
     #access_token_request {
         client_id = proplists:get_value(?REQUEST_CLIENT_ID, Request),
@@ -748,6 +769,7 @@ start_https_oauth_server(Port, CertsDir, Expectations) when is_list(Expectations
         {'_', [{Path, oauth_http_mock, Expected} || #{request := #{path := Path}}
             = Expected <- Expectations ]}
     ]),
+    ct:log("start_https_oauth_server with Expectations: ~p", [Expectations]),
     {ok, _} = cowboy:start_tls(
         mock_http_auth_listener,
             [{port, Port},
@@ -758,6 +780,7 @@ start_https_oauth_server(Port, CertsDir, Expectations) when is_list(Expectations
 
 start_https_oauth_server(Port, CertsDir, #{request := #{path := Path}} = Expected) ->
     Dispatch = cowboy_router:compile([{'_', [{Path, oauth_http_mock, Expected}]}]),
+    ct:log("start_https_oauth_server"),
     {ok, _} = cowboy:start_tls(
         mock_http_auth_listener,
             [{port, Port},
@@ -767,6 +790,7 @@ start_https_oauth_server(Port, CertsDir, #{request := #{path := Path}} = Expecte
             #{env => #{dispatch => Dispatch}}).
 
 stop_https_auth_server() ->
+    ct:log("stop_https_auth_server"),
     cowboy:stop_listener(mock_http_auth_listener).
 
 -spec ssl_options(ssl:verify_type(), boolean(), file:filename()) -> list().
@@ -879,14 +903,14 @@ denies_access_token_expectation() ->
 build_introspection_token_request(Token, basic, ClientId, ClientSecret) ->
     Map = build_http_request(
         <<"POST">>,
-        ?MOCK_TOKEN_ENDPOINT,
+        ?MOCK_INTROSPECTION_ENDPOINT,
         [
             {?REQUEST_TOKEN, Token}            
         ]),
     Credentials = binary_to_list(<<ClientId/binary,":",ClientSecret/binary>>),
     AuthStr = base64:encode_to_string(Credentials),    
     maps:put(headers, #{
-            <<"authorization">> =>  "Basic " ++ AuthStr
+            <<"authorization">> =>  list_to_binary("Basic " ++ AuthStr)
         }, Map);
 build_introspection_token_request(Token, request_param, ClientId, ClientSecret) ->
     build_http_request(