fix: enforce device authorization grant type (#400)

2023-05-26 11:52:35 +03:00 · 2023-05-26 11:52:35 +03:00 · a4dbe2a973
commit a4dbe2a973
parent 09bdd1dca2
4 changed files with 46 additions and 5 deletions
--- a/pkg/op/device_test.go
+++ b/pkg/op/device_test.go
@ -51,7 +51,7 @@ func Test_deviceAuthorizationHandler(t *testing.T) {

 			req := &oidc.DeviceAuthorizationRequest{
 				Scopes:   []string{"foo", "bar"},
-				ClientID: "web",
+				ClientID: "device",
 			}
 			values := make(url.Values)
 			testProvider.Encoder().Encode(req, values)
@ -88,11 +88,27 @@ func TestParseDeviceCodeRequest(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "success",
+			name: "missing grant type",
 			req: &oidc.DeviceAuthorizationRequest{
 				Scopes:   oidc.SpaceDelimitedArray{"foo", "bar"},
 				ClientID: "web",
 			},
+			wantErr: true,
+		},
+		{
+			name: "client not found",
+			req: &oidc.DeviceAuthorizationRequest{
+				Scopes:   oidc.SpaceDelimitedArray{"foo", "bar"},
+				ClientID: "foobar",
+			},
+			wantErr: true,
+		},
+		{
+			name: "success",
+			req: &oidc.DeviceAuthorizationRequest{
+				Scopes:   oidc.SpaceDelimitedArray{"foo", "bar"},
+				ClientID: "device",
+			},
 		},
 	}
 	for _, tt := range tests {
@ -110,8 +126,7 @@ func TestParseDeviceCodeRequest(t *testing.T) {
 			got, err := op.ParseDeviceCodeRequest(r, testProvider)
 			if tt.wantErr {
 				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
+				return
 			}
 			assert.Equal(t, tt.req, got)
 		})