auth
auth/http_test.go
Require full URLs for Endpoints. The spec says that we SHOULD require full URLs for redirection, but we _can_ offer the ability to set a URL as a "partial URL" if we really must. I see no particular reason to do this, so I've simplified the code by pulling that option out. This means that URLs (as long as they're normalized, which I've filed a bug in the codebase to do) can be checked using simple string comparison, which makes the likelihood of bugs across clientStorage implementations a lot lower.
1.1 --- a/http_test.go Sun Oct 26 00:53:36 2014 -0400 1.2 +++ b/http_test.go Sun Oct 26 03:22:41 2014 -0400 1.3 @@ -15,7 +15,6 @@ 1.4 scopeSet = 1 << iota 1.5 stateSet 1.6 uriSet 1.7 - uriExact 1.8 ) 1.9 1.10 func TestGetGrantCodeSuccess(t *testing.T) { 1.11 @@ -59,18 +58,14 @@ 1.12 if err != nil { 1.13 t.Fatal("Can't build request:", err) 1.14 } 1.15 - for i := 0; i < 1<<4; i++ { 1.16 + for i := 0; i < 1<<3; i++ { 1.17 w := httptest.NewRecorder() 1.18 params := url.Values{} 1.19 // see OAuth 2.0 spec, section 4.1.1 1.20 params.Set("response_type", "code") 1.21 params.Set("client_id", client.ID.String()) 1.22 if i&uriSet != 0 { 1.23 - if i&uriExact != 0 { 1.24 - params.Set("redirect_uri", endpoint.URI.String()) 1.25 - } else { 1.26 - params.Set("redirect_uri", endpoint.URI.String()+"/inexact") 1.27 - } 1.28 + params.Set("redirect_uri", endpoint.URI.String()) 1.29 } 1.30 if i&scopeSet != 0 { 1.31 params.Set("scope", "testscope")