auth

Paddy 2015-03-03 Parent:163ce22fa4c9 Child:8267e1c8bcd1

135:d30a3a12d387 Go to Latest

auth/oauth2_test.go

Attach our Scope type to AuthCodes and Tokens. When obtaining an AuthorizationCode or Token, attach a slice of strings, each one a Scope ID, instead of just attaching the encoded string the user passes in. This will allow us to change our Scope encoding down the line, and is more conceptually faithful. Also, if an authorization request is made with an invalid scope, return the invalid_scope error.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/oauth2_test.go	Fri Feb 20 22:34:43 2015 -0500
     1.2 +++ b/oauth2_test.go	Tue Mar 03 22:18:28 2015 -0500
     1.3 @@ -15,8 +15,7 @@
     1.4  )
     1.5  
     1.6  const (
     1.7 -	scopeSet = 1 << iota
     1.8 -	stateSet
     1.9 +	stateSet = 1 << iota
    1.10  	uriSet
    1.11  )
    1.12  
    1.13 @@ -36,6 +35,7 @@
    1.14  		profiles:  store,
    1.15  		tokens:    store,
    1.16  		sessions:  store,
    1.17 +		scopes:    store,
    1.18  	}
    1.19  	client := Client{
    1.20  		ID:      uuid.NewID(),
    1.21 @@ -78,6 +78,15 @@
    1.22  	if err != nil {
    1.23  		t.Fatal("Can't store session:", err)
    1.24  	}
    1.25 +	scope := Scope{
    1.26 +		ID:          "testscope",
    1.27 +		Name:        "Test Scope",
    1.28 +		Description: "Hug dispensation.",
    1.29 +	}
    1.30 +	err = testContext.CreateScopes([]Scope{scope})
    1.31 +	if err != nil {
    1.32 +		t.Fatal("Can't store scope:", err)
    1.33 +	}
    1.34  	req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
    1.35  	if err != nil {
    1.36  		t.Fatal("Can't build request:", err)
    1.37 @@ -87,18 +96,16 @@
    1.38  		Value: session.ID,
    1.39  	}
    1.40  	req.AddCookie(cookie)
    1.41 -	for i := 0; i < 1<<3; i++ {
    1.42 +	for i := 0; i < 1<<2; i++ {
    1.43  		w := httptest.NewRecorder()
    1.44  		params := url.Values{}
    1.45  		// see OAuth 2.0 spec, section 4.1.1
    1.46  		params.Set("response_type", "code")
    1.47  		params.Set("client_id", client.ID.String())
    1.48 +		params.Set("scope", "testscope")
    1.49  		if i&uriSet != 0 {
    1.50  			params.Set("redirect_uri", endpoint.URI)
    1.51  		}
    1.52 -		if i&scopeSet != 0 {
    1.53 -			params.Set("scope", "testscope")
    1.54 -		}
    1.55  		if i&stateSet != 0 {
    1.56  			params.Set("state", "my super secure state string")
    1.57  		}
    1.58 @@ -450,6 +457,7 @@
    1.59  		profiles:  store,
    1.60  		tokens:    store,
    1.61  		sessions:  store,
    1.62 +		scopes:    store,
    1.63  	}
    1.64  	client := Client{
    1.65  		ID:      uuid.NewID(),
    1.66 @@ -484,6 +492,15 @@
    1.67  	if err != nil {
    1.68  		t.Fatal("Can't store session:", err)
    1.69  	}
    1.70 +	scope := Scope{
    1.71 +		ID:          "testscope",
    1.72 +		Name:        "Test Scope",
    1.73 +		Description: "High five fabrication.",
    1.74 +	}
    1.75 +	err = testContext.CreateScopes([]Scope{scope})
    1.76 +	if err != nil {
    1.77 +		t.Fatal("Can't create scope:", err)
    1.78 +	}
    1.79  	req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
    1.80  	if err != nil {
    1.81  		t.Fatal("Can't build request:", err)
    1.82 @@ -774,7 +791,7 @@
    1.83  		Created:     time.Now(),
    1.84  		ExpiresIn:   600,
    1.85  		ClientID:    client.ID,
    1.86 -		Scope:       "testscope",
    1.87 +		Scopes:      []string{"testscope"},
    1.88  		RedirectURI: "https://client.secondbit.org/",
    1.89  		State:       "teststate",
    1.90  		ProfileID:   uuid.NewID(),