Commit 6f601047 authored by Hugo van de Pol's avatar Hugo van de Pol Committed by Sietse Ringers

Add test for CanIssue

parent 7167a5be
package requestorserver
import (
"encoding/json"
"testing"
"time"
irma "github.com/privacybydesign/irmago"
"github.com/stretchr/testify/require"
)
func createCredentialRequest(identifier string, attributes map[string]string) []*irma.CredentialRequest {
expiry := irma.Timestamp(irma.FloorToEpochBoundary(time.Now().AddDate(1, 0, 0)))
return []*irma.CredentialRequest{
{
Validity: &expiry,
CredentialTypeID: irma.NewCredentialTypeIdentifier(identifier),
Attributes: attributes,
},
}
}
func TestCanIssue(t *testing.T) {
confJSON := `{
"requestors": {
"myapp": {
"disclose_perms": [ "irma-demo.MijnOverheid.ageLower.over18" ],
"sign_perms": [ "irma-demo.MijnOverheid.ageLower.*" ],
"issue_perms": [ "irma-demo.MijnOverheid.ageLower" ],
"auth_method": "token",
"key": "eGE2PSomOT84amVVdTU"
}
}
}`
t.Run("allowed credential request", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.True(t, result)
require.Empty(t, message)
})
t.Run("allowed credential request different attribute value", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over16": "no"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.True(t, result)
require.Empty(t, message)
})
t.Run("allowed credential request wrong requestor id", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("yourapp", credentialRequest)
require.False(t, result)
require.Empty(t, message)
})
t.Run("allowed credential request wrong credential identifier", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageUpper", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.False(t, result)
require.Equal(t, "irma-demo.MijnOverheid.ageUpper", message)
})
t.Run("allowed credential request attribute wildcard", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
conf.Requestors["myapp"].Issuing[0] = "irma-demo.MijnOverheid.*"
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.True(t, result)
require.Empty(t, message)
})
t.Run("allowed credential request issuer wildcard", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
conf.Requestors["myapp"].Issuing[0] = "irma-demo.*"
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.True(t, result)
require.Empty(t, message)
})
t.Run("allowed credential request issuer wildcard with attribute name", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
conf.Requestors["myapp"].Issuing[0] = "irma-demo.*.ageLower"
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.False(t, result)
require.Equal(t, "irma-demo.MijnOverheid.ageLower", message)
})
t.Run("allowed credential request wrong issuer wildcard", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
conf.Requestors["myapp"].Issuing[0] = "irma-demo.**"
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.False(t, result)
require.Equal(t, "irma-demo.MijnOverheid.ageLower", message)
})
t.Run("allowed credential request single wildcard", func(t *testing.T) {
var conf Configuration
require.NoError(t, json.Unmarshal([]byte(confJSON), &conf))
conf.Requestors["myapp"].Issuing[0] = "*"
credentialRequest := createCredentialRequest("irma-demo.MijnOverheid.ageLower", map[string]string{"over12": "yes"})
result, message := conf.CanIssue("myapp", credentialRequest)
require.True(t, result)
require.Empty(t, message)
})
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment