Added test

marche271 · marche271 · commit 68d14175f862 · 2023-12-19T10:57:47.000+01:00
diff --git a/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/config/testplan-to-mr/config_testplan.json b/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/config/testplan-to-mr/config_testplan.json
@@ -14,5 +14,6 @@
     "X_url_TA": "http://trust-anchor.org:8000",
     "X_url_trust_mark_status_AA": "http://attribute-authority.org/trust_mark_status",
     "X_url_introspection": "http://cie-provider.org:8002/oidc/op/introspection",
-    "X_wrong_code": "wrong_code_verifier_parameter"
+    "X_wrong_code": "wrong_code_verifier_parameter",
+    "X_wrong_url" : "http://wrong_url.org"
 }
diff --git a/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/sessions/s1-logout b/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/sessions/s1-logout
@@ -0,0 +1,7 @@
+open | http://relying-party.org:8001/oidc/rp/landing |
+click | xpath=/html/body/div[2]/div/div/div/div/div/div/div/div/div/div[2]/div/span[2]/a |
+click | xpath=/html/body/div[2]/div/div/div/div/div/div/div/div/div/div[2]/div/span[2]/div/ul/li[2]/a |
+type | id=id_username | user
+type | id=id_password | oidcuser
+click | xpath=/html/body/div[2]/div/div/div/div/div/div/div/div/div/div[2]/div[2]/div[1]/form/fieldset/div/div/div/div[3]/button/span[2] |
+click | id=agree |
diff --git a/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/manual/OP-Token response-access_token-payload-aud-value.json b/testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/manual/OP-Token response-access_token-payload-aud-value.json
@@ -7,8 +7,8 @@
   "tests": [
     {
       "test": {
-        "name": "Does the issued JWT Refresh Token contain correct \"aud\" parameter in the Payload",
-        "description": "The Refresh Token present in the Token Response is analyzed and the value of the \"aud\" parameter in the Payload set to the identifier of the resource server",
+        "name": "Does the issued JWT Access Token contain a correct 'aud' parameter",
+        "description": "The Access Token present in the Token Response is analyzed and the value of the 'aud' parameter in the Payload is the identifier of the resource server",
         "type": "active",
         "sessions": [
           "s1"
@@ -22,38 +22,22 @@
             "action": "intercept",
             "from session": "s1",
             "then": "forward",
-            "message type": "Authentication request",
+            "message type": "Entity Configuration response OP",
             "decode operations": [
               {
-                "from": "url",
-                "decode param": "request",
+                "from": "body",
+                "decode param": "[\\s\\S]*",
                 "type": "jwt",
                 "edits": [
                   {
                     "jwt from": "payload",
-                    "jwt edit": "$.acr_values",
-                    "value": "https://www.spid.gov.it/SpidL1"
-                  },
-                  {
-                    "jwt sign": "X_key_core_RP"
+                    "jwt save": "iss",
+                    "as": "valid_iss"
                   }
                 ]
               }
             ]
           },
-          {
-            "action": "intercept",
-            "from session": "s1",
-            "then": "forward",
-            "message type": "Token request",
-            "message operations": [
-              {
-                "from": "body",
-                "save": "(?<=client_id=)[^&]+",
-                "as": "auth_client_id"
-              }
-            ]
-          },
           {
             "action": "intercept",
             "from session": "s1",
@@ -62,14 +46,14 @@
             "decode operations": [
               {
                 "from": "body",
-                "decode param": "(?<=\"refresh_token\": \")[^\"]+",
+                "decode param": "(?<=\"access_token\": \")[^\"]+",
                 "type": "jwt",
                 "checks": [
                   {
-                    "use variable": true,
+                    "use variable": "true",
                     "in": "payload",
-                    "check": "$.aud",
-                    "contains": "auth_client_id"
+                    "check": "$.aud[0]",
+                    "is": "valid_iss"
                   }
                 ]
               }
@@ -80,4 +64,4 @@
       }
     }
   ]
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,6 @@`
`14`	`14`	`"X_url_TA": "http://trust-anchor.org:8000",`
`15`	`15`	`"X_url_trust_mark_status_AA": "http://attribute-authority.org/trust_mark_status",`
`16`	`16`	`"X_url_introspection": "http://cie-provider.org:8002/oidc/op/introspection",`
`17`		`- "X_wrong_code": "wrong_code_verifier_parameter"`
	`17`	`+ "X_wrong_code": "wrong_code_verifier_parameter",`
	`18`	`+ "X_wrong_url" : "http://wrong_url.org"`
`18`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,8 +7,8 @@`
`7`	`7`	`"tests": [`
`8`	`8`	`{`
`9`	`9`	`"test": {`
`10`		`- "name": "Does the issued JWT Refresh Token contain correct \"aud\" parameter in the Payload",`
`11`		`- "description": "The Refresh Token present in the Token Response is analyzed and the value of the \"aud\" parameter in the Payload set to the identifier of the resource server",`
	`10`	`+ "name": "Does the issued JWT Access Token contain a correct 'aud' parameter",`
	`11`	`+ "description": "The Access Token present in the Token Response is analyzed and the value of the 'aud' parameter in the Payload is the identifier of the resource server",`
`12`	`12`	`"type": "active",`
`13`	`13`	`"sessions": [`
`14`	`14`	`"s1"`
`@@ -22,38 +22,22 @@`
`22`	`22`	`"action": "intercept",`
`23`	`23`	`"from session": "s1",`
`24`	`24`	`"then": "forward",`
`25`		`- "message type": "Authentication request",`
	`25`	`+ "message type": "Entity Configuration response OP",`
`26`	`26`	`"decode operations": [`
`27`	`27`	`{`
`28`		`- "from": "url",`
`29`		`- "decode param": "request",`
	`28`	`+ "from": "body",`
	`29`	`+ "decode param": "[\\s\\S]*",`
`30`	`30`	`"type": "jwt",`
`31`	`31`	`"edits": [`
`32`	`32`	`{`
`33`	`33`	`"jwt from": "payload",`
`34`		`- "jwt edit": "$.acr_values",`
`35`		`- "value": "https://www.spid.gov.it/SpidL1"`
`36`		`- },`
`37`		`- {`
`38`		`- "jwt sign": "X_key_core_RP"`
	`34`	`+ "jwt save": "iss",`
	`35`	`+ "as": "valid_iss"`
`39`	`36`	`}`
`40`	`37`	`]`
`41`	`38`	`}`
`42`	`39`	`]`
`43`	`40`	`},`
`44`		`- {`
`45`		`- "action": "intercept",`
`46`		`- "from session": "s1",`
`47`		`- "then": "forward",`
`48`		`- "message type": "Token request",`
`49`		`- "message operations": [`
`50`		`- {`
`51`		`- "from": "body",`
`52`		`- "save": "(?<=client_id=)[^&]+",`
`53`		`- "as": "auth_client_id"`
`54`		`- }`
`55`		`- ]`
`56`		`- },`
`57`	`41`	`{`
`58`	`42`	`"action": "intercept",`
`59`	`43`	`"from session": "s1",`
`@@ -62,14 +46,14 @@`
`62`	`46`	`"decode operations": [`
`63`	`47`	`{`
`64`	`48`	`"from": "body",`
`65`		`- "decode param": "(?<=\"refresh_token\": \")[^\"]+",`
	`49`	`+ "decode param": "(?<=\"access_token\": \")[^\"]+",`
`66`	`50`	`"type": "jwt",`
`67`	`51`	`"checks": [`
`68`	`52`	`{`
`69`		`- "use variable": true,`
	`53`	`+ "use variable": "true",`
`70`	`54`	`"in": "payload",`
`71`		`- "check": "$.aud",`
`72`		`- "contains": "auth_client_id"`
	`55`	`+ "check": "$.aud[0]",`
	`56`	`+ "is": "valid_iss"`
`73`	`57`	`}`
`74`	`58`	`]`
`75`	`59`	`}`
`@@ -80,4 +64,4 @@`
`80`	`64`	`}`
`81`	`65`	`}`
`82`	`66`	`]`
`83`		`-}`
	`67`	`+}`