feat: improve persistence logic (#3756)

ory · Apr 5, 2024 · 50301e0 · 50301e0
1 parent 17ec137
commit 50301e0
Show file tree

Hide file tree

Showing 11 changed files with 626 additions and 95 deletions.
diff --git a/consent/sdk_test.go b/consent/sdk_test.go
@@ -11,6 +11,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/hydra/v2/consent/test"
+
 	hydra "github.com/ory/hydra-client-go/v2"
 	. "github.com/ory/hydra/v2/flow"
 
@@ -58,8 +60,8 @@ func TestSDK(t *testing.T) {
 		Subject: "subject1",
 	}))
 
-	ar1, _, _ := MockAuthRequest("1", false, network)
-	ar2, _, _ := MockAuthRequest("2", false, network)
+	ar1, _, _ := test.MockAuthRequest("1", false, network)
+	ar2, _, _ := test.MockAuthRequest("2", false, network)
 	require.NoError(t, m.CreateLoginSession(context.Background(), &LoginSession{
 		ID:      ar1.SessionID.String(),
 		Subject: ar1.Subject,
@@ -73,10 +75,10 @@ func TestSDK(t *testing.T) {
 	_, err = m.CreateLoginRequest(context.Background(), ar2)
 	require.NoError(t, err)
 
-	cr1, hcr1, _ := MockConsentRequest("1", false, 0, false, false, false, "fk-login-challenge", network)
-	cr2, hcr2, _ := MockConsentRequest("2", false, 0, false, false, false, "fk-login-challenge", network)
-	cr3, hcr3, _ := MockConsentRequest("3", true, 3600, false, false, false, "fk-login-challenge", network)
-	cr4, hcr4, _ := MockConsentRequest("4", true, 3600, false, false, false, "fk-login-challenge", network)
+	cr1, hcr1, _ := test.MockConsentRequest("1", false, 0, false, false, false, "fk-login-challenge", network)
+	cr2, hcr2, _ := test.MockConsentRequest("2", false, 0, false, false, false, "fk-login-challenge", network)
+	cr3, hcr3, _ := test.MockConsentRequest("3", true, 3600, false, false, false, "fk-login-challenge", network)
+	cr4, hcr4, _ := test.MockConsentRequest("4", true, 3600, false, false, false, "fk-login-challenge", network)
 	require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr1.Client))
 	require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr2.Client))
 	require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr3.Client))
@@ -144,11 +146,11 @@ func TestSDK(t *testing.T) {
 	_, err = m.VerifyAndInvalidateConsentRequest(context.Background(), consentVerifier(cr4Flow))
 	require.NoError(t, err)
 
-	lur1 := MockLogoutRequest("testsdk-1", true, network)
+	lur1 := test.MockLogoutRequest("testsdk-1", true, network)
 	require.NoError(t, reg.ClientManager().CreateClient(context.Background(), lur1.Client))
 	require.NoError(t, m.CreateLogoutRequest(context.Background(), lur1))
 
-	lur2 := MockLogoutRequest("testsdk-2", false, network)
+	lur2 := test.MockLogoutRequest("testsdk-2", false, network)
 	require.NoError(t, m.CreateLogoutRequest(context.Background(), lur2))
 
 	cr1.ID = consentChallenge(cr1Flow)

diff --git a/consent/manager_test_helpers.go → consent/test/manager_test_helpers.go b/consent/manager_test_helpers.go → consent/test/manager_test_helpers.go
@@ -1,7 +1,7 @@
 // Copyright © 2022 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
-package consent
+package test
 
 import (
 	"context"
@@ -10,6 +10,10 @@ import (
 	"testing"
 	"time"
 
+	"github.com/ory/fosite/handler/openid"
+	"github.com/ory/hydra/v2/consent"
+	"github.com/ory/hydra/v2/oauth2"
+
 	"github.com/ory/hydra/v2/aead"
 	"github.com/ory/hydra/v2/flow"
 	"github.com/ory/x/assertx"
@@ -178,7 +182,7 @@ func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequ
 	return c, h, f
 }
 
-func SaneMockHandleConsentRequest(t *testing.T, m Manager, f *flow.Flow, c *flow.OAuth2ConsentRequest, authAt time.Time, rememberFor int, remember bool, hasError bool) *flow.AcceptOAuth2ConsentRequest {
+func SaneMockHandleConsentRequest(t *testing.T, m consent.Manager, f *flow.Flow, c *flow.OAuth2ConsentRequest, authAt time.Time, rememberFor int, remember bool, hasError bool) *flow.AcceptOAuth2ConsentRequest {
 	var rde *flow.RequestDeniedError
 	if hasError {
 		rde = &flow.RequestDeniedError{
@@ -212,7 +216,7 @@ func SaneMockHandleConsentRequest(t *testing.T, m Manager, f *flow.Flow, c *flow
 }
 
 // SaneMockConsentRequest does the same thing as MockConsentRequest but uses less insanity and implicit dependencies.
-func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest) {
+func SaneMockConsentRequest(t *testing.T, m consent.Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest) {
 	c = &flow.OAuth2ConsentRequest{
 		RequestedScope:    []string{"scopea", "scopeb"},
 		RequestedAudience: []string{"auda", "audb"},
@@ -244,7 +248,7 @@ func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c
 }
 
 // SaneMockAuthRequest does the same thing as MockAuthRequest but uses less insanity and implicit dependencies.
-func SaneMockAuthRequest(t *testing.T, m Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest) {
+func SaneMockAuthRequest(t *testing.T, m consent.Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest) {
 	c = &flow.LoginRequest{
 		OpenIDConnectContext: &flow.OAuth2ConsentRequestOpenIDConnectContext{
 			ACRValues: []string{"1", "2"},
@@ -275,7 +279,7 @@ func makeID(base string, network string, key string) string {
 func TestHelperNID(r interface {
 	client.ManagerProvider
 	FlowCipher() *aead.XChaCha20Poly1305
-}, t1ValidNID Manager, t2InvalidNID Manager) func(t *testing.T) {
+}, t1ValidNID consent.Manager, t2InvalidNID consent.Manager) func(t *testing.T) {
 	testClient := client.Client{ID: "2022-03-11-client-nid-test-1"}
 	testLS := flow.LoginSession{
 		ID:      "2022-03-11-ls-nid-test-1",
@@ -338,7 +342,7 @@ type Deps interface {
 	contextx.Provider
 }
 
-func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeManager x.FositeStorer, network string, parallel bool) func(t *testing.T) {
+func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fositeManager x.FositeStorer, network string, parallel bool) func(t *testing.T) {
 	lr := make(map[string]*flow.LoginRequest)
 
 	return func(t *testing.T) {
@@ -590,7 +594,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 					rs, err := m.FindGrantedAndRememberedConsentRequests(ctx, "fk-client-"+tc.keyC, "subject"+tc.keyS)
 					if tc.expectedLength == 0 {
 						assert.Nil(t, rs)
-						assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+						assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
 					} else {
 						require.NoError(t, err)
 						assert.Len(t, rs, tc.expectedLength)
@@ -674,22 +678,22 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 			require.NoError(t, fositeManager.CreateAccessTokenSession(
 				ctx,
 				makeID("", network, "trva1"),
-				&fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now()},
+				&fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
 			))
 			require.NoError(t, fositeManager.CreateRefreshTokenSession(
 				ctx,
 				makeID("", network, "rrva1"),
-				&fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now()},
+				&fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
 			))
 			require.NoError(t, fositeManager.CreateAccessTokenSession(
 				ctx,
 				makeID("", network, "trva2"),
-				&fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now()},
+				&fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
 			))
 			require.NoError(t, fositeManager.CreateRefreshTokenSession(
 				ctx,
 				makeID("", network, "rrva2"),
-				&fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now()},
+				&fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
 			))
 
 			for i, tc := range []struct {
@@ -800,7 +804,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 					assert.Equal(t, len(tc.challenges), len(consents))
 
 					if len(tc.challenges) == 0 {
-						assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+						assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
 					} else {
 						require.NoError(t, err)
 						for _, consent := range consents {
@@ -842,7 +846,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 					assert.Equal(t, len(tc.challenges), len(consents))
 
 					if len(tc.challenges) == 0 {
-						assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+						assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
 					} else {
 						require.NoError(t, err)
 						for _, consent := range consents {
@@ -862,7 +866,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 				_, err := m.GetForcedObfuscatedLoginSession(ctx, "fk-client-1", "obfuscated-1")
 				require.True(t, errors.Is(err, x.ErrNotFound))
 
-				expect := &ForcedObfuscatedLoginSession{
+				expect := &consent.ForcedObfuscatedLoginSession{
 					ClientID:          "fk-client-1",
 					Subject:           "subject-1",
 					SubjectObfuscated: "obfuscated-1",
@@ -875,7 +879,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
 				got.NID = gofrsuuid.Nil
 				assert.EqualValues(t, expect, got)
 
-				expect = &ForcedObfuscatedLoginSession{
+				expect = &consent.ForcedObfuscatedLoginSession{
 					ClientID:          "fk-client-1",
 					Subject:           "subject-1",
 					SubjectObfuscated: "obfuscated-2",