Merge branch 'master' into signingkey

2020-12-16 08:01:37 +01:00 · 2020-12-16 08:01:37 +01:00 · b2f23dc5b7
commit b2f23dc5b7
parent 3acc62e79e 27f3bc0f4a
20 changed files with 240 additions and 134 deletions
--- a/pkg/op/mock/client.go
+++ b/pkg/op/mock/client.go
@ -26,7 +26,7 @@ func NewClientExpectAny(t *testing.T, appType op.ApplicationType) op.Client {
 		func(id string) string {
 			return "login?id=" + id
 		})
-	m.EXPECT().AllowedScopes().AnyTimes().Return(nil)
+	m.EXPECT().IsScopeAllowed(gomock.Any()).AnyTimes().Return(false)
 	return c
 }

--- a/pkg/op/mock/client.mock.go
+++ b/pkg/op/mock/client.mock.go
@ -49,20 +49,6 @@ func (mr *MockClientMockRecorder) AccessTokenType() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AccessTokenType", reflect.TypeOf((*MockClient)(nil).AccessTokenType))
 }

-// AllowedScopes mocks base method
-func (m *MockClient) AllowedScopes() []string {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "AllowedScopes")
-	ret0, _ := ret[0].([]string)
-	return ret0
-}
-
-// AllowedScopes indicates an expected call of AllowedScopes
-func (mr *MockClientMockRecorder) AllowedScopes() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AllowedScopes", reflect.TypeOf((*MockClient)(nil).AllowedScopes))
-}
-
 // ApplicationType mocks base method
 func (m *MockClient) ApplicationType() op.ApplicationType {
 	m.ctrl.T.Helper()
@ -77,34 +63,6 @@ func (mr *MockClientMockRecorder) ApplicationType() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ApplicationType", reflect.TypeOf((*MockClient)(nil).ApplicationType))
 }

-// AssertAdditionalAccessTokenScopes mocks base method
-func (m *MockClient) AssertAdditionalAccessTokenScopes() bool {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "AssertAdditionalAccessTokenScopes")
-	ret0, _ := ret[0].(bool)
-	return ret0
-}
-
-// AssertAdditionalAccessTokenScopes indicates an expected call of AssertAdditionalAccessTokenScopes
-func (mr *MockClientMockRecorder) AssertAdditionalAccessTokenScopes() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssertAdditionalAccessTokenScopes", reflect.TypeOf((*MockClient)(nil).AssertAdditionalAccessTokenScopes))
-}
-
-// AssertAdditionalIdTokenScopes mocks base method
-func (m *MockClient) AssertAdditionalIdTokenScopes() bool {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "AssertAdditionalIdTokenScopes")
-	ret0, _ := ret[0].(bool)
-	return ret0
-}
-
-// AssertAdditionalIdTokenScopes indicates an expected call of AssertAdditionalIdTokenScopes
-func (mr *MockClientMockRecorder) AssertAdditionalIdTokenScopes() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AssertAdditionalIdTokenScopes", reflect.TypeOf((*MockClient)(nil).AssertAdditionalIdTokenScopes))
-}
-
 // AuthMethod mocks base method
 func (m *MockClient) AuthMethod() op.AuthMethod {
 	m.ctrl.T.Helper()
@ -119,6 +77,20 @@ func (mr *MockClientMockRecorder) AuthMethod() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AuthMethod", reflect.TypeOf((*MockClient)(nil).AuthMethod))
 }

+// ClockSkew mocks base method
+func (m *MockClient) ClockSkew() time.Duration {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ClockSkew")
+	ret0, _ := ret[0].(time.Duration)
+	return ret0
+}
+
+// ClockSkew indicates an expected call of ClockSkew
+func (mr *MockClientMockRecorder) ClockSkew() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClockSkew", reflect.TypeOf((*MockClient)(nil).ClockSkew))
+}
+
 // DevMode mocks base method
 func (m *MockClient) DevMode() bool {
 	m.ctrl.T.Helper()
@ -161,6 +133,34 @@ func (mr *MockClientMockRecorder) IDTokenLifetime() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IDTokenLifetime", reflect.TypeOf((*MockClient)(nil).IDTokenLifetime))
 }

+// IDTokenUserinfoClaimsAssertion mocks base method
+func (m *MockClient) IDTokenUserinfoClaimsAssertion() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IDTokenUserinfoClaimsAssertion")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// IDTokenUserinfoClaimsAssertion indicates an expected call of IDTokenUserinfoClaimsAssertion
+func (mr *MockClientMockRecorder) IDTokenUserinfoClaimsAssertion() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IDTokenUserinfoClaimsAssertion", reflect.TypeOf((*MockClient)(nil).IDTokenUserinfoClaimsAssertion))
+}
+
+// IsScopeAllowed mocks base method
+func (m *MockClient) IsScopeAllowed(arg0 string) bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IsScopeAllowed", arg0)
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// IsScopeAllowed indicates an expected call of IsScopeAllowed
+func (mr *MockClientMockRecorder) IsScopeAllowed(arg0 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsScopeAllowed", reflect.TypeOf((*MockClient)(nil).IsScopeAllowed), arg0)
+}
+
 // LoginURL mocks base method
 func (m *MockClient) LoginURL(arg0 string) string {
 	m.ctrl.T.Helper()
@ -216,3 +216,31 @@ func (mr *MockClientMockRecorder) ResponseTypes() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ResponseTypes", reflect.TypeOf((*MockClient)(nil).ResponseTypes))
 }
+
+// RestrictAdditionalAccessTokenScopes mocks base method
+func (m *MockClient) RestrictAdditionalAccessTokenScopes() func([]string) []string {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RestrictAdditionalAccessTokenScopes")
+	ret0, _ := ret[0].(func([]string) []string)
+	return ret0
+}
+
+// RestrictAdditionalAccessTokenScopes indicates an expected call of RestrictAdditionalAccessTokenScopes
+func (mr *MockClientMockRecorder) RestrictAdditionalAccessTokenScopes() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RestrictAdditionalAccessTokenScopes", reflect.TypeOf((*MockClient)(nil).RestrictAdditionalAccessTokenScopes))
+}
+
+// RestrictAdditionalIdTokenScopes mocks base method
+func (m *MockClient) RestrictAdditionalIdTokenScopes() func([]string) []string {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RestrictAdditionalIdTokenScopes")
+	ret0, _ := ret[0].(func([]string) []string)
+	return ret0
+}
+
+// RestrictAdditionalIdTokenScopes indicates an expected call of RestrictAdditionalIdTokenScopes
+func (mr *MockClientMockRecorder) RestrictAdditionalIdTokenScopes() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RestrictAdditionalIdTokenScopes", reflect.TypeOf((*MockClient)(nil).RestrictAdditionalIdTokenScopes))
+}
--- a/pkg/op/mock/configuration.mock.go
+++ b/pkg/op/mock/configuration.mock.go
@ -89,6 +89,34 @@ func (mr *MockConfigurationMockRecorder) EndSessionEndpoint() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "EndSessionEndpoint", reflect.TypeOf((*MockConfiguration)(nil).EndSessionEndpoint))
 }

+// GrantTypeJWTAuthorizationSupported mocks base method
+func (m *MockConfiguration) GrantTypeJWTAuthorizationSupported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GrantTypeJWTAuthorizationSupported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// GrantTypeJWTAuthorizationSupported indicates an expected call of GrantTypeJWTAuthorizationSupported
+func (mr *MockConfigurationMockRecorder) GrantTypeJWTAuthorizationSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GrantTypeJWTAuthorizationSupported", reflect.TypeOf((*MockConfiguration)(nil).GrantTypeJWTAuthorizationSupported))
+}
+
+// GrantTypeTokenExchangeSupported mocks base method
+func (m *MockConfiguration) GrantTypeTokenExchangeSupported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GrantTypeTokenExchangeSupported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// GrantTypeTokenExchangeSupported indicates an expected call of GrantTypeTokenExchangeSupported
+func (mr *MockConfigurationMockRecorder) GrantTypeTokenExchangeSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GrantTypeTokenExchangeSupported", reflect.TypeOf((*MockConfiguration)(nil).GrantTypeTokenExchangeSupported))
+}
+
 // Issuer mocks base method
 func (m *MockConfiguration) Issuer() string {
 	m.ctrl.T.Helper()
--- a/pkg/op/mock/storage.mock.impl.go
+++ b/pkg/op/mock/storage.mock.impl.go
@ -156,9 +156,24 @@ func (c *ConfClient) DevMode() bool {
 func (c *ConfClient) AllowedScopes() []string {
 	return nil
 }
-func (c *ConfClient) AssertAdditionalIdTokenScopes() bool {
+func (c *ConfClient) RestrictAdditionalIdTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+func (c *ConfClient) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+func (c *ConfClient) IsScopeAllowed(scope string) bool {
 	return false
 }
-func (c *ConfClient) AssertAdditionalAccessTokenScopes() bool {
+
+func (c *ConfClient) IDTokenUserinfoClaimsAssertion() bool {
 	return false
 }
+
+func (c *ConfClient) ClockSkew() time.Duration {
+	return 0
+}