oauth2/ropc: Set expires at for password credentials flow (ory#210)

Signed-off-by: Beorn Facchini <[email protected]>
budougumi0617 · Aug 21, 2017 · bc383cf · bc383cf
1 parent a33a647
commit bc383cf
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/handler/oauth2/flow_resource_owner.go b/handler/oauth2/flow_resource_owner.go
@@ -2,6 +2,7 @@ package oauth2
 
 import (
 	"fmt"
+	"time"
 
 	"context"
 
@@ -50,6 +51,8 @@ func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointReques
 
 	// Credentials must not be passed around, potentially leaking to the database!
 	delete(request.GetRequestForm(), "password")
+
+	request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
 	return nil
 }
 

diff --git a/handler/oauth2/flow_resource_owner_test.go b/handler/oauth2/flow_resource_owner_test.go
@@ -17,7 +17,7 @@ func TestResourceOwnerFlow_HandleTokenEndpointRequest(t *testing.T) {
 	store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
 	defer ctrl.Finish()
 
-	areq := fosite.NewAccessRequest(nil)
+	areq := fosite.NewAccessRequest(new(fosite.DefaultSession))
 	areq.Form = url.Values{}
 
 	h := ResourceOwnerPasswordCredentialsGrantHandler{
@@ -32,6 +32,7 @@ func TestResourceOwnerFlow_HandleTokenEndpointRequest(t *testing.T) {
 		description string
 		setup       func()
 		expectErr   error
+		check       func(areq *fosite.AccessRequest)
 	}{
 		{
 			description: "should fail because not responsible",
@@ -64,12 +65,18 @@ func TestResourceOwnerFlow_HandleTokenEndpointRequest(t *testing.T) {
 			setup: func() {
 				store.EXPECT().Authenticate(nil, "peter", "pan").Return(nil)
 			},
+			check: func(areq *fosite.AccessRequest) {
+				assert.NotEmpty(t, areq.GetSession().GetExpiresAt(fosite.AccessToken))
+			},
 		},
 	} {
 		c.setup()
 		err := h.HandleTokenEndpointRequest(nil, areq)
 		assert.True(t, errors.Cause(err) == c.expectErr, "(%d) %s\n%s\n%s", k, c.description, err, c.expectErr)
 		t.Logf("Passed test case %d", k)
+		if c.check != nil {
+			c.check(areq)
+		}
 	}
 }