test(hydra): add snapshots for login & consent requests

GitOrigin-RevId: 47d041cf207af6c3e9e21bf3016e5ea0cf044344

Author: zepatrik

cmd/cmd_helper_test.go

@@ -52,7 +52,7 @@ func setup(t *testing.T, cmd *cobra.Command) *driver.RegistrySQL {
 	return reg
 }
 
-var snapshotExcludedClientFields = []snapshotx.ExceptOpt{
+var snapshotExcludedClientFields = []snapshotx.Opt{
 	snapshotx.ExceptNestedKeys("client_id"),
 	snapshotx.ExceptNestedKeys("registration_access_token"),
 	snapshotx.ExceptNestedKeys("registration_client_uri"),

flow/flow_encoding_test.go

@@ -21,7 +21,6 @@ import (
 	"github.com/ory/hydra/v2/x"
 	"github.com/ory/x/configx"
 	"github.com/ory/x/snapshotx"
-	"github.com/ory/x/sqlxx"
 )
 
 func createTestFlow(nid uuid.UUID, state int16) *flow.Flow {
@@ -36,7 +35,7 @@ func createTestFlow(nid uuid.UUID, state int16) *flow.Flow {
 			NID: nid,
 		},
 		RequestURL:  "https://example.org/oauth2/auth?client_id=test",
-		SessionID:   sqlxx.NullString("session-123"),
+		SessionID:   "session-123",
 		RequestedAt: time.Now(),
 		State:       state,
 	}

oauth2/.snapshots/TestAuthCodeFlowE2E-auth_code_flow-strategy=jwt-access_and_id_tokens_with_extra_claims_consent_request.json

@@ -0,0 +1,54 @@
+{
+  "acr": "acr-value",
+  "amr": [
+    "amr1",
+    "amr2"
+  ],
+  "client": {
+    "access_token_strategy": "jwt",
+    "allowed_cors_origins": [],
+    "audience": [
+      "audience-1",
+      "audience-2"
+    ],
+    "client_id": "64f78bf1-f388-4eeb-9fee-e7207226c6be-jwt",
+    "client_name": "",
+    "client_secret_expires_at": 0,
+    "client_uri": "",
+    "contacts": [],
+    "grant_types": [
+      "implicit",
+      "refresh_token",
+      "authorization_code",
+      "password",
+      "client_credentials"
+    ],
+    "jwks": {},
+    "logo_uri": "",
+    "metadata": {},
+    "owner": "",
+    "policy_uri": "",
+    "redirect_uris": [
+      "https://client.ory/callback"
+    ],
+    "response_types": [
+      "id_token",
+      "code",
+      "token"
+    ],
+    "scope": "hydra offline openid",
+    "skip_consent": false,
+    "subject_type": "",
+    "tos_uri": ""
+  },
+  "device_challenge_id": "",
+  "oidc_context": {},
+  "requested_access_token_audience": [],
+  "requested_scope": [
+    "hydra",
+    "offline",
+    "openid"
+  ],
+  "skip": false,
+  "subject": "c6a8ee1c-e0c4-404c-bba7-6a5b8702a2e9"
+}

oauth2/.snapshots/TestAuthCodeFlowE2E-auth_code_flow-strategy=jwt-access_and_id_tokens_with_extra_claims_login_request.json

@@ -0,0 +1,48 @@
+{
+  "client": {
+    "access_token_strategy": "jwt",
+    "allowed_cors_origins": [],
+    "audience": [
+      "audience-1",
+      "audience-2"
+    ],
+    "client_id": "64f78bf1-f388-4eeb-9fee-e7207226c6be-jwt",
+    "client_name": "",
+    "client_secret_expires_at": 0,
+    "client_uri": "",
+    "contacts": [],
+    "grant_types": [
+      "implicit",
+      "refresh_token",
+      "authorization_code",
+      "password",
+      "client_credentials"
+    ],
+    "jwks": {},
+    "logo_uri": "",
+    "metadata": {},
+    "owner": "",
+    "policy_uri": "",
+    "redirect_uris": [
+      "https://client.ory/callback"
+    ],
+    "response_types": [
+      "id_token",
+      "code",
+      "token"
+    ],
+    "scope": "hydra offline openid",
+    "skip_consent": false,
+    "subject_type": "",
+    "tos_uri": ""
+  },
+  "oidc_context": {},
+  "requested_access_token_audience": [],
+  "requested_scope": [
+    "hydra",
+    "offline",
+    "openid"
+  ],
+  "skip": false,
+  "subject": ""
+}

oauth2/.snapshots/TestAuthCodeFlowE2E-auth_code_flow-strategy=opaque-access_and_id_tokens_with_extra_claims_consent_request.json

@@ -0,0 +1,54 @@
+{
+  "acr": "acr-value",
+  "amr": [
+    "amr1",
+    "amr2"
+  ],
+  "client": {
+    "access_token_strategy": "opaque",
+    "allowed_cors_origins": [],
+    "audience": [
+      "audience-1",
+      "audience-2"
+    ],
+    "client_id": "64f78bf1-f388-4eeb-9fee-e7207226c6be-opaque",
+    "client_name": "",
+    "client_secret_expires_at": 0,
+    "client_uri": "",
+    "contacts": [],
+    "grant_types": [
+      "implicit",
+      "refresh_token",
+      "authorization_code",
+      "password",
+      "client_credentials"
+    ],
+    "jwks": {},
+    "logo_uri": "",
+    "metadata": {},
+    "owner": "",
+    "policy_uri": "",
+    "redirect_uris": [
+      "https://client.ory/callback"
+    ],
+    "response_types": [
+      "id_token",
+      "code",
+      "token"
+    ],
+    "scope": "hydra offline openid",
+    "skip_consent": false,
+    "subject_type": "",
+    "tos_uri": ""
+  },
+  "device_challenge_id": "",
+  "oidc_context": {},
+  "requested_access_token_audience": [],
+  "requested_scope": [
+    "hydra",
+    "offline",
+    "openid"
+  ],
+  "skip": false,
+  "subject": "c6a8ee1c-e0c4-404c-bba7-6a5b8702a2e9"
+}

oauth2/.snapshots/TestAuthCodeFlowE2E-auth_code_flow-strategy=opaque-access_and_id_tokens_with_extra_claims_login_request.json

@@ -0,0 +1,48 @@
+{
+  "client": {
+    "access_token_strategy": "opaque",
+    "allowed_cors_origins": [],
+    "audience": [
+      "audience-1",
+      "audience-2"
+    ],
+    "client_id": "64f78bf1-f388-4eeb-9fee-e7207226c6be-opaque",
+    "client_name": "",
+    "client_secret_expires_at": 0,
+    "client_uri": "",
+    "contacts": [],
+    "grant_types": [
+      "implicit",
+      "refresh_token",
+      "authorization_code",
+      "password",
+      "client_credentials"
+    ],
+    "jwks": {},
+    "logo_uri": "",
+    "metadata": {},
+    "owner": "",
+    "policy_uri": "",
+    "redirect_uris": [
+      "https://client.ory/callback"
+    ],
+    "response_types": [
+      "id_token",
+      "code",
+      "token"
+    ],
+    "scope": "hydra offline openid",
+    "skip_consent": false,
+    "subject_type": "",
+    "tos_uri": ""
+  },
+  "oidc_context": {},
+  "requested_access_token_audience": [],
+  "requested_scope": [
+    "hydra",
+    "offline",
+    "openid"
+  ],
+  "skip": false,
+  "subject": ""
+}

oauth2/e2e_test.go

@@ -11,9 +11,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/ory/hydra/v2/driver"
-	"github.com/ory/x/pointerx"
-
 	"github.com/go-jose/go-jose/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -22,13 +19,15 @@ import (
 
 	hydra "github.com/ory/hydra-client-go/v2"
 	"github.com/ory/hydra/v2/client"
-	"github.com/ory/x/uuidx"
-
+	"github.com/ory/hydra/v2/driver"
 	"github.com/ory/hydra/v2/driver/config"
 	"github.com/ory/hydra/v2/internal/testhelpers"
 	"github.com/ory/hydra/v2/jwk"
 	"github.com/ory/hydra/v2/x"
 	"github.com/ory/x/configx"
+	"github.com/ory/x/pointerx"
+	"github.com/ory/x/snapshotx"
+	"github.com/ory/x/uuidx"
 )
 
 func TestAuthCodeFlowE2E(t *testing.T) {
@@ -70,19 +69,26 @@ func TestAuthCodeFlowE2E(t *testing.T) {
 				cl, conf := newOAuth2Client(t, reg, testhelpers.ClientCallbackURL, func(c *client.Client) {
 					c.AccessTokenStrategy = accessTokenStrategy
 					c.Audience = []string{"audience-1", "audience-2"}
+					c.ID = "64f78bf1-f388-4eeb-9fee-e7207226c6be-" + accessTokenStrategy
 				})
-				sub := uuidx.NewV4().String()
+				sub := "c6a8ee1c-e0c4-404c-bba7-6a5b8702a2e9"
 
 				t.Run("access and id tokens with extra claims", func(t *testing.T) {
 					token := testhelpers.PerformAuthCodeFlow(t, conf, adminClient,
-						func(*testing.T, *hydra.OAuth2LoginRequest) hydra.AcceptOAuth2LoginRequest {
+						func(t *testing.T, req *hydra.OAuth2LoginRequest) hydra.AcceptOAuth2LoginRequest {
+							snapshotx.SnapshotT(t, req,
+								snapshotx.ExceptPaths("challenge", "client.created_at", "client.updated_at", "session_id", "request_url"),
+								snapshotx.WithName("login_request"))
 							return hydra.AcceptOAuth2LoginRequest{
 								Amr:     []string{"amr1", "amr2"},
 								Acr:     pointerx.Ptr("acr-value"),
 								Subject: sub,
 							}
 						},
-						func(*testing.T, *hydra.OAuth2ConsentRequest) hydra.AcceptOAuth2ConsentRequest {
+						func(t *testing.T, req *hydra.OAuth2ConsentRequest) hydra.AcceptOAuth2ConsentRequest {
+							snapshotx.SnapshotT(t, req,
+								snapshotx.ExceptPaths("challenge", "client.created_at", "client.updated_at", "consent_request_id", "login_challenge", "login_session_id", "request_url"),
+								snapshotx.WithName("consent_request"))
 							return hydra.AcceptOAuth2ConsentRequest{
 								GrantScope: []string{"openid"},
 								Session: &hydra.AcceptOAuth2ConsentRequestSession{

oauth2/handler_test.go

@@ -369,7 +369,7 @@ func TestHandlerWellKnown(t *testing.T) {
 		err = json.NewDecoder(res.Body).Decode(&wellKnownResp)
 		require.NoError(t, err, "problem decoding wellknown json response: %+v", err)
 
-		snapshotOpts := []snapshotx.ExceptOpt{}
+		snapshotOpts := []snapshotx.Opt{}
 		if reg.Config().HSMEnabled() {
 			// The signing algorithm is not stable in the HSM tests, because the key is kept
 			// in the HSM and persists across test runs.
@@ -415,7 +415,7 @@ func TestHandlerOauthAuthorizationServer(t *testing.T) {
 		var wellKnownResp hydra.OidcConfiguration
 		err = json.NewDecoder(res.Body).Decode(&wellKnownResp)
 		require.NoError(t, err, "problem decoding wellknown json response: %+v", err)
-		snapshotOpts := []snapshotx.ExceptOpt{}
+		snapshotOpts := []snapshotx.Opt{}
 		if reg.Config().HSMEnabled() {
 			// The signing algorithm is not stable in the HSM tests, because the key is kept
 			// in the HSM and persists across test runs.

oryx/go.mod

@@ -69,7 +69,6 @@ require (
 	github.com/ssoready/hyrumtoken v1.0.0
 	github.com/stretchr/testify v1.10.0
 	github.com/tidwall/gjson v1.18.0
-	github.com/tidwall/pretty v1.2.1
 	github.com/tidwall/sjson v1.2.5
 	github.com/urfave/negroni v1.0.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0
@@ -199,6 +198,7 @@ require (
 	github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect