blob: 07dc945e4d05afef218adce1db082be9ff38dc3a [file] [log] [blame]
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "google_apis/gaia/oauth2_id_token_decoder.h"
#include <string>
#include <vector>
#include "testing/gtest/include/gtest/gtest.h"
namespace {
const char kIdTokenInvalidJwt[] =
"dummy-header."
"..."
".dummy-signature";
const char kIdTokenInvalidJson[] =
"dummy-header."
"YWJj" // payload: abc
".dummy-signature";
const char kIdTokenEmptyServices[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbXSB9" // payload: { "services": [] }
".dummy-signature";
const char kIdTokenEmptyServicesHeaderSignature[] =
"."
"eyAic2VydmljZXMiOiBbXSB9" // payload: { "services": [] }
".";
const char kIdTokenMissingServices[] =
"dummy-header."
"eyAiYWJjIjogIiJ9" // payload: { "abc": ""}
".dummy-signature";
const char kIdTokenNotChildAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbImFiYyJdIH0=" // payload: { "services": ["abc"] }
".dummy-signature";
const char kIdTokenChildAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInVjYSJdIH0=" // payload: { "services": ["uca"] }
".dummy-signature";
const char kIdTokenAdvancedProtectionAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInRpYSJdIH0=" // payload: { "services": ["tia"] }
".dummy-signature";
const char kIdTokenChildAndAdvancedProtectionAccount[] =
"dummy-header."
"eyAic2VydmljZXMiOiBbInRpYSIsICJ1Y2EiXSB9"
".dummy-signature"; // payload: { "services": ["tia", "uca"] }
class OAuth2IdTokenDecoderTest : public testing::Test {};
TEST_F(OAuth2IdTokenDecoderTest, Invalid) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenInvalidJwt).is_child_account);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenInvalidJson).is_child_account);
EXPECT_FALSE(
gaia::ParseServiceFlags(kIdTokenMissingServices).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, NotChild) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServices).is_child_account);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServicesHeaderSignature)
.is_child_account);
EXPECT_FALSE(
gaia::ParseServiceFlags(kIdTokenNotChildAccount).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, Child) {
EXPECT_TRUE(gaia::ParseServiceFlags(kIdTokenChildAccount).is_child_account);
}
TEST_F(OAuth2IdTokenDecoderTest, NotAdvancedProtection) {
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServices)
.is_under_advanced_protection);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenEmptyServicesHeaderSignature)
.is_under_advanced_protection);
EXPECT_FALSE(gaia::ParseServiceFlags(kIdTokenChildAccount)
.is_under_advanced_protection);
}
TEST_F(OAuth2IdTokenDecoderTest, AdvancedProtection) {
EXPECT_TRUE(gaia::ParseServiceFlags(kIdTokenAdvancedProtectionAccount)
.is_under_advanced_protection);
gaia::TokenServiceFlags service_flags =
gaia::ParseServiceFlags(kIdTokenChildAndAdvancedProtectionAccount);
EXPECT_TRUE(service_flags.is_child_account);
EXPECT_TRUE(service_flags.is_under_advanced_protection);
}
} // namespace