auth

Paddy 2014-11-02 Parent:c29c7df35905 Child:55d5107e8805

65:f97ca45d5657 Go to Latest

auth/http_test.go

Fix bug with response_type redirect, add tests. Test that we redirect with an error when an invalid response_type is supplied. Fix a bug that would not add any of our parameters to the redirect URL.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/http_test.go	Sun Nov 02 22:28:49 2014 -0500
     1.2 +++ b/http_test.go	Sun Nov 02 23:01:02 2014 -0500
     1.3 @@ -17,6 +17,12 @@
     1.4  	uriSet
     1.5  )
     1.6  
     1.7 +func stripParam(param string, u *url.URL) {
     1.8 +	q := u.Query()
     1.9 +	q.Del(param)
    1.10 +	u.RawQuery = q.Encode()
    1.11 +}
    1.12 +
    1.13  func TestGetGrantCodeSuccess(t *testing.T) {
    1.14  	t.Parallel()
    1.15  	store := NewMemstore()
    1.16 @@ -235,3 +241,96 @@
    1.17  		t.Errorf(`Expected output to be "%s", got "%s" instead.`, "The redirect_uri specified is not valid.", w.Body.String())
    1.18  	}
    1.19  }
    1.20 +
    1.21 +func TestGetGrantCodeInvalidResponseType(t *testing.T) {
    1.22 +	t.Parallel()
    1.23 +	store := NewMemstore()
    1.24 +	testContext := Context{
    1.25 +		template: template.Must(template.New(getGrantTemplateName).Parse("{{ .error }}")),
    1.26 +		clients:  store,
    1.27 +		grants:   store,
    1.28 +		profiles: store,
    1.29 +		tokens:   store,
    1.30 +	}
    1.31 +	client := Client{
    1.32 +		ID:      uuid.NewID(),
    1.33 +		Secret:  "super secret!",
    1.34 +		OwnerID: uuid.NewID(),
    1.35 +		Name:    "My test client",
    1.36 +		Logo:    "https://secondbit.org/logo.png",
    1.37 +		Website: "https://secondbit.org",
    1.38 +		Type:    "public",
    1.39 +	}
    1.40 +	uri, err := url.Parse("https://test.secondbit.org/redirect")
    1.41 +	if err != nil {
    1.42 +		t.Fatal("Can't parse URL:", err)
    1.43 +	}
    1.44 +	endpoint := Endpoint{
    1.45 +		ID:       uuid.NewID(),
    1.46 +		ClientID: client.ID,
    1.47 +		URI:      *uri,
    1.48 +		Added:    time.Now(),
    1.49 +	}
    1.50 +	err = testContext.SaveClient(client)
    1.51 +	if err != nil {
    1.52 +		t.Fatal("Can't store client:", err)
    1.53 +	}
    1.54 +	err = testContext.AddEndpoint(client.ID, endpoint)
    1.55 +	if err != nil {
    1.56 +		t.Fatal("Can't store endpoint:", err)
    1.57 +	}
    1.58 +	req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
    1.59 +	if err != nil {
    1.60 +		t.Fatal("Can't build request:", err)
    1.61 +	}
    1.62 +	params := url.Values{}
    1.63 +	params.Set("response_type", "totally not code")
    1.64 +	params.Set("client_id", client.ID.String())
    1.65 +	params.Set("redirect_uri", endpoint.URI.String())
    1.66 +	params.Set("scope", "testscope")
    1.67 +	params.Set("state", "my super secure state string")
    1.68 +	req.URL.RawQuery = params.Encode()
    1.69 +	w := httptest.NewRecorder()
    1.70 +	GetGrantHandler(w, req, testContext)
    1.71 +	if w.Code != http.StatusFound {
    1.72 +		t.Errorf("Expected status code to be %d, got %d", http.StatusFound, w.Code)
    1.73 +	}
    1.74 +	redirectedTo := w.Header().Get("Location")
    1.75 +	red, err := url.Parse(redirectedTo)
    1.76 +	if err != nil {
    1.77 +		t.Fatalf("Being redirected to a non-URL (%s) threw error: %s\n", redirectedTo, err)
    1.78 +	}
    1.79 +	if red.Query().Get("error") != "invalid_request" {
    1.80 +		t.Errorf(`Expected error param in redirect URL to be "%s", got "%s"`, "invalid_request", red.Query().Get("error"))
    1.81 +	}
    1.82 +	stripParam("error", red)
    1.83 +	if red.Query().Get("state") != params.Get("state") {
    1.84 +		t.Errorf(`Expected state param in redirect URL to be "%s", got "%s"`, params.Get("state"), red.Query().Get("state"))
    1.85 +	}
    1.86 +	stripParam("state", red)
    1.87 +	if red.String() != endpoint.URI.String() {
    1.88 +		t.Errorf(`Expected redirect URL to be "%s", got "%s"`, endpoint.URI.String(), red.String())
    1.89 +	}
    1.90 +	stripParam("response_type", req.URL)
    1.91 +	w = httptest.NewRecorder()
    1.92 +	GetGrantHandler(w, req, testContext)
    1.93 +	if w.Code != http.StatusFound {
    1.94 +		t.Errorf("Expected status code to be %d, got %d", http.StatusFound, w.Code)
    1.95 +	}
    1.96 +	redirectedTo = w.Header().Get("Location")
    1.97 +	red, err = url.Parse(redirectedTo)
    1.98 +	if err != nil {
    1.99 +		t.Fatalf("Being redirected to a non-URL (%s) threw error: %s\n", redirectedTo, err)
   1.100 +	}
   1.101 +	if red.Query().Get("error") != "invalid_request" {
   1.102 +		t.Errorf(`Expected error param in redirect URL to be "%s", got "%s"`, "invalid_request", red.Query().Get("error"))
   1.103 +	}
   1.104 +	stripParam("error", red)
   1.105 +	if red.Query().Get("state") != params.Get("state") {
   1.106 +		t.Errorf(`Expected state param in redirect URL to be "%s", got "%s"`, params.Get("state"), red.Query().Get("state"))
   1.107 +	}
   1.108 +	stripParam("state", red)
   1.109 +	if red.String() != endpoint.URI.String() {
   1.110 +		t.Errorf(`Expected redirect URL to be "%s", got "%s"`, endpoint.URI.String(), red.String())
   1.111 +	}
   1.112 +}