Add test for CanIssue

6f601047 · Hugo van de Pol · Sietse Ringers · 7167a5be · 6f601047
Commit 6f601047 authored Nov 22, 2019 by Hugo van de Pol Committed by Sietse Ringers Feb 05, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 145 additions and 0 deletions

server/requestorserver/conf_test.go server/requestorserver/conf_test.go +145 -0

No files found.
--- a/server/requestorserver/conf_test.go
+++ b/server/requestorserver/conf_test.go
+package requestorserver
+
+import (
+	"encoding/json"
+	"testing"
+	"time"
+
+	irma "github.com/privacybydesign/irmago"
+	"github.com/stretchr/testify/require"
+)
+
+func createCredentialRequest(identifier string, attributes map[string]string) []*irma.CredentialRequest {
+	expiry := irma.Timestamp(irma.FloorToEpochBoundary(time.Now().AddDate(1, 0, 0)))
+
+	return []*irma.CredentialRequest{
+		{
+			Validity:         &expiry,
+			CredentialTypeID: irma.NewCredentialTypeIdentifier(identifier),
+			Attributes:       attributes,
+		},
+	}
+}
+
+func TestCanIssue(t *testing.T) {
+	confJSON := `{
+		"requestors": {
+			"myapp": {
+				"disclose_perms": [ "irma-demo.MijnOverheid.ageLower.over18" ],
+				"sign_perms": [ "irma-demo.MijnOverheid.ageLower.*" ],
+				"issue_perms": [ "irma-demo.MijnOverheid.ageLower" ],
+				"auth_method": "token",
+				"key": "eGE2PSomOT84amVVdTU"
+			}
+		}
+	}`
+
+	t.Run("allowed credential request", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.True(t, result)
+		require.Empty(t, message)
+	})
+
+	t.Run("allowed credential request different attribute value", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over16": "no"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.True(t, result)
+		require.Empty(t, message)
+	})
+
+	t.Run("allowed credential request wrong requestor id", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("yourapp", credentialRequest)
+
+		require.False(t, result)
+		require.Empty(t, message)
+	})
+
+	t.Run("allowed credential request wrong credential identifier", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageUpper", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.False(t, result)
+		require.Equal(t, "irma-demo.MijnOverheid.ageUpper", message)
+	})
+
+	t.Run("allowed credential request attribute wildcard", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		conf.Requestors["myapp"].Issuing[0] = "irma-demo.MijnOverheid.*"
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.True(t, result)
+		require.Empty(t, message)
+	})
+
+	t.Run("allowed credential request issuer wildcard", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		conf.Requestors["myapp"].Issuing[0] = "irma-demo.*"
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.True(t, result)
+		require.Empty(t, message)
+	})
+
+	t.Run("allowed credential request issuer wildcard with attribute name", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		conf.Requestors["myapp"].Issuing[0] = "irma-demo.*.ageLower"
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.False(t, result)
+		require.Equal(t, "irma-demo.MijnOverheid.ageLower", message)
+	})
+
+	t.Run("allowed credential request wrong issuer wildcard", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		conf.Requestors["myapp"].Issuing[0] = "irma-demo.**"
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.False(t, result)
+		require.Equal(t, "irma-demo.MijnOverheid.ageLower", message)
+	})
+
+	t.Run("allowed credential request single wildcard", func(t *testing.T) {
+		var conf Configuration
+		require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
+
+		conf.Requestors["myapp"].Issuing[0] = "*"
+
+		credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
+		result, message := conf.CanIssue("myapp", credentialRequest)
+
+		require.True(t, result)
+		require.Empty(t, message)
+	})
+}