auth
auth/oauth2_test.go
Update TODOs with error messages and test obtaining a token. Update the TODOs about returning errors when obtaining a token with the actual error code that should be returned. Write a unit test that covers obtaining a token from a grant code, but doesn't cover any of the error conditions or states.
1.1 --- a/oauth2_test.go Thu Nov 20 01:32:15 2014 -0500 1.2 +++ b/oauth2_test.go Sat Dec 06 00:35:03 2014 -0500 1.3 @@ -2,6 +2,7 @@ 1.4 1.5 import ( 1.6 "bytes" 1.7 + "encoding/json" 1.8 "html/template" 1.9 "io/ioutil" 1.10 "net/http" 1.11 @@ -771,3 +772,89 @@ 1.12 t.Error("Expected ErrIncorrectAuth, got", err) 1.13 } 1.14 } 1.15 + 1.16 +func TestGetTokenHandler(t *testing.T) { 1.17 + t.Parallel() 1.18 + store := NewMemstore() 1.19 + context := Context{ 1.20 + clients: store, 1.21 + grants: store, 1.22 + tokens: store, 1.23 + } 1.24 + client := Client{ 1.25 + ID: uuid.NewID(), 1.26 + Secret: "sometimes I feel like I don't know what I'm doing", 1.27 + OwnerID: uuid.NewID(), 1.28 + Name: "A Super Awesome Client!", 1.29 + Logo: "https://logos.secondbit.org/client.png", 1.30 + Website: "https://client.secondbit.org/", 1.31 + Type: "confidential", 1.32 + } 1.33 + grant := Grant{ 1.34 + Code: "testcode", 1.35 + Created: time.Now(), 1.36 + ExpiresIn: 600, 1.37 + ClientID: client.ID, 1.38 + Scope: "testscope", 1.39 + RedirectURI: "https://client.secondbit.org/", 1.40 + State: "teststate", 1.41 + ProfileID: uuid.NewID(), 1.42 + } 1.43 + err := context.SaveGrant(grant) 1.44 + if err != nil { 1.45 + t.Error("Error saving grant:", err) 1.46 + } 1.47 + err = context.SaveClient(client) 1.48 + if err != nil { 1.49 + t.Error("Error saving client:", err) 1.50 + } 1.51 + data := url.Values{} 1.52 + data.Set("grant_type", "authorization_code") 1.53 + data.Set("code", grant.Code) 1.54 + data.Set("redirect_uri", grant.RedirectURI) 1.55 + body := bytes.NewBufferString(data.Encode()) 1.56 + req, err := http.NewRequest("POST", "https://auth.secondbit.org/", ioutil.NopCloser(body)) 1.57 + if err != nil { 1.58 + t.Error("Error constructing request:", err) 1.59 + } 1.60 + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 1.61 + req.SetBasicAuth(client.ID.String(), client.Secret) 1.62 + w := httptest.NewRecorder() 1.63 + GetTokenHandler(w, req, context) 1.64 + resp := tokenResponse{} 1.65 + err = json.Unmarshal(w.Body.Bytes(), &resp) 1.66 + if err != nil { 1.67 + t.Error("Error unmarshalling response:", err) 1.68 + } 1.69 + if resp.AccessToken == "" { 1.70 + t.Error("Got blank access token back") 1.71 + } 1.72 + if resp.RefreshToken == "" { 1.73 + t.Error("Got blank refresh token back") 1.74 + } 1.75 + if resp.TokenType == "" { 1.76 + t.Error("Got blank token type back") 1.77 + } 1.78 + if resp.ExpiresIn == 0 { 1.79 + t.Error("Got blank expires in back") 1.80 + } 1.81 + tokens, err := context.GetTokensByProfileID(grant.ProfileID, 1, 0) 1.82 + if err != nil { 1.83 + t.Error("Error retrieving token:", err) 1.84 + } 1.85 + if len(tokens) != 1 { 1.86 + t.Errorf("Expected %d tokens, got %d", 1, len(tokens)) 1.87 + } 1.88 + if tokens[0].AccessToken != resp.AccessToken { 1.89 + t.Errorf(`Expected access token to be "%s", got "%s"`, tokens[0].AccessToken, resp.AccessToken) 1.90 + } 1.91 + if tokens[0].RefreshToken != resp.RefreshToken { 1.92 + t.Errorf(`Expected refresh token to be "%s", got "%s"`, tokens[0].RefreshToken, resp.RefreshToken) 1.93 + } 1.94 + if tokens[0].ExpiresIn != resp.ExpiresIn { 1.95 + t.Errorf(`Expected expires in to be %d, got %d`, tokens[0].ExpiresIn, resp.ExpiresIn) 1.96 + } 1.97 + if tokens[0].TokenType != resp.TokenType { 1.98 + t.Errorf(`Expected token type to be %s, got %s`, tokens[0].TokenType, resp.TokenType) 1.99 + } 1.100 +}