From 2ac5569ab8969208e87f6e1a7be6735edc3cc20d Mon Sep 17 00:00:00 2001
From: Derek Weitzel <djw8605@gmail.com>
Date: Tue, 9 Aug 2022 14:58:45 -0500
Subject: [PATCH] Adding enforcer test

---
 test/main.cpp | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/test/main.cpp b/test/main.cpp
index 485a8e0..73b81d6 100644
--- a/test/main.cpp
+++ b/test/main.cpp
@@ -295,6 +295,58 @@ TEST_F(SerializeTest, EnforcerTest) {
     ASSERT_STREQ(err_msg, "token verification failed: 'scope' claim verification failed.");
     ASSERT_TRUE(rv == -1) << err_msg;
 
+}
+
+TEST_F(SerializeTest, EnforcerScopeTest) {
+    char *err_msg = nullptr;
+
+    auto rv = scitoken_set_claim_string(m_token.get(), "aud",
+                "https://demo.scitokens.org/", &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    std::vector<const char *> audiences_array;
+    audiences_array.push_back("https://demo.scitokens.org/");
+    audiences_array.push_back(nullptr);
+
+    auto enforcer = enforcer_create("https://demo.scitokens.org/gtest", &audiences_array[0], &err_msg);
+    ASSERT_TRUE(enforcer != nullptr);
+
+    scitoken_set_serialize_profile(m_token.get(), SciTokenProfile::WLCG_1_0);
+    
+    rv = scitoken_set_claim_string(m_token.get(), "scope",
+                "storage.modify:/ storage.read:/ openid offline_access", &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    char *token_value = nullptr;
+    rv = scitoken_serialize(m_token.get(), &token_value, &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    rv = scitoken_deserialize_v2(token_value, m_read_token.get(), nullptr, &err_msg);
+    ASSERT_TRUE(rv == 0);
+
+    Acl *acls;
+    enforcer_generate_acls(enforcer, m_read_token.get(), &acls, &err_msg);
+    ASSERT_TRUE(acls != nullptr);
+    int idx = 0;
+    bool found_read = false;
+    bool found_write = false;
+    while (acls[idx].resource && acls[idx++].authz) {
+        auto resource = acls[idx-1].resource;
+        auto authz = acls[idx-1].authz;
+        if (strcmp(authz, "read") == 0) {
+            found_read = true;
+            ASSERT_STREQ(resource, "/");
+        } else if (strcmp(authz, "write") == 0) {
+            found_write = true;
+            ASSERT_STREQ(resource, "/");
+        }
+    }
+    ASSERT_TRUE(found_read);
+    ASSERT_TRUE(found_write);
+
+
+
+
 }
 
 }