auth

Paddy 2014-07-18

0:7a6f64db7246 Go to Latest

auth/access_test.go

Start rewriting the repo. This code originally was a carbon copy of https://github.com/RangelReale/osin, but I am methodically stripping out the extensible nature of it for a simpler interface, while simultaneously bringing the style into line with the Ducky style.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/access_test.go	Fri Jul 18 07:13:22 2014 -0400
     1.3 @@ -0,0 +1,195 @@
     1.4 +package oauth2
     1.5 +
     1.6 +import (
     1.7 +	"net/http"
     1.8 +	"net/url"
     1.9 +	"testing"
    1.10 +)
    1.11 +
    1.12 +func TestAccessAuthorizationCode(t *testing.T) {
    1.13 +	sconfig := NewServerConfig()
    1.14 +	sconfig.AllowedAccessTypes = AllowedAccessType{AuthorizationCodeART}
    1.15 +	server := NewServer(sconfig, NewTestingStorage())
    1.16 +	server.AccessTokenGen = &TestingAccessTokenGen{}
    1.17 +	resp := server.NewResponse()
    1.18 +
    1.19 +	req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil)
    1.20 +	if err != nil {
    1.21 +		t.Fatal(err)
    1.22 +	}
    1.23 +	req.SetBasicAuth("1234", "aabbccdd")
    1.24 +
    1.25 +	req.Form = make(url.Values)
    1.26 +	req.Form.Set("grant_type", string(AuthorizationCodeART))
    1.27 +	req.Form.Set("code", "9999")
    1.28 +	req.Form.Set("state", "a")
    1.29 +	req.PostForm = make(url.Values)
    1.30 +
    1.31 +	if ar := server.HandleAccessRequest(resp, req); ar != nil {
    1.32 +		ar.Authorized = true
    1.33 +		server.FinishAccessRequest(resp, req, ar)
    1.34 +	}
    1.35 +
    1.36 +	//fmt.Printf("%+v", resp)
    1.37 +
    1.38 +	if resp.IsError && resp.InternalError != nil {
    1.39 +		t.Fatalf("Error in response: %s", resp.InternalError)
    1.40 +	}
    1.41 +
    1.42 +	if resp.IsError {
    1.43 +		t.Fatalf("Should not be an error")
    1.44 +	}
    1.45 +
    1.46 +	if resp.Type != DATA {
    1.47 +		t.Fatalf("Response should be data")
    1.48 +	}
    1.49 +
    1.50 +	if d := resp.Output["access_token"]; d != "1" {
    1.51 +		t.Fatalf("Unexpected access token: %s", d)
    1.52 +	}
    1.53 +
    1.54 +	if d := resp.Output["refresh_token"]; d != "r1" {
    1.55 +		t.Fatalf("Unexpected refresh token: %s", d)
    1.56 +	}
    1.57 +}
    1.58 +
    1.59 +func TestAccessRefreshToken(t *testing.T) {
    1.60 +	sconfig := NewServerConfig()
    1.61 +	sconfig.AllowedAccessTypes = AllowedAccessType{REFRESH_TOKEN}
    1.62 +	server := NewServer(sconfig, NewTestingStorage())
    1.63 +	server.AccessTokenGen = &TestingAccessTokenGen{}
    1.64 +	resp := server.NewResponse()
    1.65 +
    1.66 +	req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil)
    1.67 +	if err != nil {
    1.68 +		t.Fatal(err)
    1.69 +	}
    1.70 +	req.SetBasicAuth("1234", "aabbccdd")
    1.71 +
    1.72 +	req.Form = make(url.Values)
    1.73 +	req.Form.Set("grant_type", string(REFRESH_TOKEN))
    1.74 +	req.Form.Set("refresh_token", "r9999")
    1.75 +	req.Form.Set("state", "a")
    1.76 +	req.PostForm = make(url.Values)
    1.77 +
    1.78 +	if ar := server.HandleAccessRequest(resp, req); ar != nil {
    1.79 +		ar.Authorized = true
    1.80 +		server.FinishAccessRequest(resp, req, ar)
    1.81 +	}
    1.82 +
    1.83 +	//fmt.Printf("%+v", resp)
    1.84 +
    1.85 +	if resp.IsError && resp.InternalError != nil {
    1.86 +		t.Fatalf("Error in response: %s", resp.InternalError)
    1.87 +	}
    1.88 +
    1.89 +	if resp.IsError {
    1.90 +		t.Fatalf("Should not be an error")
    1.91 +	}
    1.92 +
    1.93 +	if resp.Type != DATA {
    1.94 +		t.Fatalf("Response should be data")
    1.95 +	}
    1.96 +
    1.97 +	if d := resp.Output["access_token"]; d != "1" {
    1.98 +		t.Fatalf("Unexpected access token: %s", d)
    1.99 +	}
   1.100 +
   1.101 +	if d := resp.Output["refresh_token"]; d != "r1" {
   1.102 +		t.Fatalf("Unexpected refresh token: %s", d)
   1.103 +	}
   1.104 +}
   1.105 +
   1.106 +func TestAccessPassword(t *testing.T) {
   1.107 +	sconfig := NewServerConfig()
   1.108 +	sconfig.AllowedAccessTypes = AllowedAccessType{PASSWORD}
   1.109 +	server := NewServer(sconfig, NewTestingStorage())
   1.110 +	server.AccessTokenGen = &TestingAccessTokenGen{}
   1.111 +	resp := server.NewResponse()
   1.112 +
   1.113 +	req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil)
   1.114 +	if err != nil {
   1.115 +		t.Fatal(err)
   1.116 +	}
   1.117 +	req.SetBasicAuth("1234", "aabbccdd")
   1.118 +
   1.119 +	req.Form = make(url.Values)
   1.120 +	req.Form.Set("grant_type", string(PASSWORD))
   1.121 +	req.Form.Set("username", "testing")
   1.122 +	req.Form.Set("password", "testing")
   1.123 +	req.Form.Set("state", "a")
   1.124 +	req.PostForm = make(url.Values)
   1.125 +
   1.126 +	if ar := server.HandleAccessRequest(resp, req); ar != nil {
   1.127 +		ar.Authorized = ar.Username == "testing" && ar.Password == "testing"
   1.128 +		server.FinishAccessRequest(resp, req, ar)
   1.129 +	}
   1.130 +
   1.131 +	//fmt.Printf("%+v", resp)
   1.132 +
   1.133 +	if resp.IsError && resp.InternalError != nil {
   1.134 +		t.Fatalf("Error in response: %s", resp.InternalError)
   1.135 +	}
   1.136 +
   1.137 +	if resp.IsError {
   1.138 +		t.Fatalf("Should not be an error")
   1.139 +	}
   1.140 +
   1.141 +	if resp.Type != DATA {
   1.142 +		t.Fatalf("Response should be data")
   1.143 +	}
   1.144 +
   1.145 +	if d := resp.Output["access_token"]; d != "1" {
   1.146 +		t.Fatalf("Unexpected access token: %s", d)
   1.147 +	}
   1.148 +
   1.149 +	if d := resp.Output["refresh_token"]; d != "r1" {
   1.150 +		t.Fatalf("Unexpected refresh token: %s", d)
   1.151 +	}
   1.152 +}
   1.153 +
   1.154 +func TestAccessClientCredentials(t *testing.T) {
   1.155 +	sconfig := NewServerConfig()
   1.156 +	sconfig.AllowedAccessTypes = AllowedAccessType{CLIENT_CREDENTIALS}
   1.157 +	server := NewServer(sconfig, NewTestingStorage())
   1.158 +	server.AccessTokenGen = &TestingAccessTokenGen{}
   1.159 +	resp := server.NewResponse()
   1.160 +
   1.161 +	req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil)
   1.162 +	if err != nil {
   1.163 +		t.Fatal(err)
   1.164 +	}
   1.165 +	req.SetBasicAuth("1234", "aabbccdd")
   1.166 +
   1.167 +	req.Form = make(url.Values)
   1.168 +	req.Form.Set("grant_type", string(CLIENT_CREDENTIALS))
   1.169 +	req.Form.Set("state", "a")
   1.170 +	req.PostForm = make(url.Values)
   1.171 +
   1.172 +	if ar := server.HandleAccessRequest(resp, req); ar != nil {
   1.173 +		ar.Authorized = true
   1.174 +		server.FinishAccessRequest(resp, req, ar)
   1.175 +	}
   1.176 +
   1.177 +	//fmt.Printf("%+v", resp)
   1.178 +
   1.179 +	if resp.IsError && resp.InternalError != nil {
   1.180 +		t.Fatalf("Error in response: %s", resp.InternalError)
   1.181 +	}
   1.182 +
   1.183 +	if resp.IsError {
   1.184 +		t.Fatalf("Should not be an error")
   1.185 +	}
   1.186 +
   1.187 +	if resp.Type != DATA {
   1.188 +		t.Fatalf("Response should be data")
   1.189 +	}
   1.190 +
   1.191 +	if d := resp.Output["access_token"]; d != "1" {
   1.192 +		t.Fatalf("Unexpected access token: %s", d)
   1.193 +	}
   1.194 +
   1.195 +	if d := resp.Output["refresh_token"]; d != "r1" {
   1.196 +		t.Fatalf("Unexpected refresh token: %s", d)
   1.197 +	}
   1.198 +}