auth
auth/client_test.go
Test our GetClientHandler function, add isAuthError helper. Add a helper that identifies whether the error passed to it is an authentication error or is some other type of error. This is useful fo checking whether or not an internal error occurred while authenticating users. Update all instances where we call our authentication helper to make them use the new error helper. All tests continue to pass. Add a new test case for retrieving a client as an unauthenticated user. This clears the client's secret from the response before sending it. Update the GetClientHandler function to return the secret when the owner of the client used Basic Auth in the request. Add a new test case for retrieving a client as an authenticated user, both the owner and a non-owner user. This makes sure the secret is divulged only in the appropriate cases.
1 package auth
3 import (
4 "bytes"
5 "encoding/json"
6 "fmt"
7 "github.com/gorilla/mux"
8 "io/ioutil"
9 "net/http"
10 "net/http/httptest"
11 "net/url"
12 "sort"
13 "strings"
14 "testing"
15 "time"
17 "code.secondbit.org/uuid.hg"
18 )
20 const (
21 clientChangeSecret = 1 << iota
22 clientChangeOwnerID
23 clientChangeName
24 clientChangeLogo
25 clientChangeWebsite
26 )
28 var clientStores = []clientStore{NewMemstore()}
30 func compareClients(client1, client2 Client) (success bool, field string, val1, val2 interface{}) {
31 if !client1.ID.Equal(client2.ID) {
32 return false, "ID", client1.ID, client2.ID
33 }
34 if client1.Secret != client2.Secret {
35 return false, "secret", client1.Secret, client2.Secret
36 }
37 if !client1.OwnerID.Equal(client2.OwnerID) {
38 return false, "owner ID", client1.OwnerID, client2.OwnerID
39 }
40 if client1.Name != client2.Name {
41 return false, "name", client1.Name, client2.Name
42 }
43 if client1.Logo != client2.Logo {
44 return false, "logo", client1.Logo, client2.Logo
45 }
46 if client1.Website != client2.Website {
47 return false, "website", client1.Website, client2.Website
48 }
49 if client1.Type != client2.Type {
50 return false, "type", client1.Type, client2.Type
51 }
52 return true, "", nil, nil
53 }
55 func compareEndpoints(endpoint1, endpoint2 Endpoint) (success bool, field string, val1, val2 interface{}) {
56 if !endpoint1.ID.Equal(endpoint2.ID) {
57 return false, "ID", endpoint1.ID, endpoint2.ID
58 }
59 if !endpoint1.ClientID.Equal(endpoint2.ClientID) {
60 return false, "OwnerID", endpoint1.ClientID, endpoint2.ClientID
61 }
62 if !endpoint1.Added.Equal(endpoint2.Added) {
63 return false, "Added", endpoint1.Added, endpoint2.Added
64 }
65 if endpoint1.URI != endpoint2.URI {
66 return false, "URI", endpoint1.URI, endpoint2.URI
67 }
68 return true, "", nil, nil
69 }
71 func TestClientStoreSuccess(t *testing.T) {
72 t.Parallel()
73 client := Client{
74 ID: uuid.NewID(),
75 Secret: "secret",
76 OwnerID: uuid.NewID(),
77 Name: "name",
78 Logo: "logo",
79 Website: "website",
80 }
81 for _, store := range clientStores {
82 context := Context{clients: store}
83 err := context.SaveClient(client)
84 if err != nil {
85 t.Fatalf("Error saving client to %T: %s", store, err)
86 }
87 err = context.SaveClient(client)
88 if err != ErrClientAlreadyExists {
89 t.Fatalf("Expected ErrClientAlreadyExists, got %v from %T", err, store)
90 }
91 retrieved, err := context.GetClient(client.ID)
92 if err != nil {
93 t.Fatalf("Error retrieving client from %T: %s", store, err)
94 }
95 success, field, expectation, result := compareClients(client, retrieved)
96 if !success {
97 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
98 }
99 clients, err := context.ListClientsByOwner(client.OwnerID, 25, 0)
100 if err != nil {
101 t.Fatalf("Error retrieving clients by owner from %T: %s", store, err)
102 }
103 if len(clients) != 1 {
104 t.Fatalf("Expected 1 client in response from %T, got %+v", store, clients)
105 }
106 success, field, expectation, result = compareClients(client, clients[0])
107 if !success {
108 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
109 }
110 err = context.DeleteClient(client.ID)
111 if err != nil {
112 t.Fatalf("Error deleting client from %T: %s", store, err)
113 }
114 err = context.DeleteClient(client.ID)
115 if err != ErrClientNotFound {
116 t.Fatalf("Expected ErrClientNotFound, got %s from %T", err, store)
117 }
118 retrieved, err = context.GetClient(client.ID)
119 if err != ErrClientNotFound {
120 t.Fatalf("Expected ErrClientNotFound from %T, got %+v and %s", store, retrieved, err)
121 }
122 clients, err = context.ListClientsByOwner(client.OwnerID, 25, 0)
123 if err != nil {
124 t.Fatalf("Error listing clients by owner from %T: %s", store, err)
125 }
126 if len(clients) != 0 {
127 t.Fatalf("Expected 0 clients in response from %T, got %+v", store, clients)
128 }
129 }
130 }
132 func TestEndpointStoreSuccess(t *testing.T) {
133 t.Parallel()
134 client := Client{
135 ID: uuid.NewID(),
136 Secret: "secret",
137 OwnerID: uuid.NewID(),
138 Name: "name",
139 Logo: "logo",
140 Website: "website",
141 }
142 endpoint1 := Endpoint{
143 ID: uuid.NewID(),
144 ClientID: client.ID,
145 Added: time.Now(),
146 URI: "https://www.example.com/",
147 }
148 endpoint2 := Endpoint{
149 ID: uuid.NewID(),
150 ClientID: client.ID,
151 Added: time.Now(),
152 URI: "https://www.example.com/my/full/path",
153 }
154 for _, store := range clientStores {
155 context := Context{clients: store}
156 err := context.SaveClient(client)
157 if err != nil {
158 t.Fatalf("Error saving client to %T: %s", store, err)
159 }
160 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
161 if err != nil {
162 t.Fatalf("Error adding endpoint to client in %T: %s", store, err)
163 }
164 endpoints, err := context.ListEndpoints(client.ID, 10, 0)
165 if err != nil {
166 t.Fatalf("Error retrieving endpoints from %T: %s", store, err)
167 }
168 if len(endpoints) != 1 {
169 t.Fatalf("Expected %d endpoints, got %+v from %T", 1, endpoints, store)
170 }
171 success, field, expectation, result := compareEndpoints(endpoint1, endpoints[0])
172 if !success {
173 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
174 }
175 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
176 if err != nil {
177 t.Fatalf("Error adding endpoint to client in %T: %s", store, err)
178 }
179 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
180 if err != nil {
181 t.Fatalf("Error retrieving endpoints from %T: %s", store, err)
182 }
183 if len(endpoints) != 2 {
184 t.Fatalf("Expected %d endpoints, got %+v from %T", 2, endpoints, store)
185 }
186 sortedEnd := sortedEndpoints(endpoints)
187 sort.Sort(sortedEnd)
188 endpoints = []Endpoint(sortedEnd)
189 success, field, expectation, result = compareEndpoints(endpoint1, endpoints[0])
190 if !success {
191 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
192 }
193 success, field, expectation, result = compareEndpoints(endpoint2, endpoints[1])
194 if !success {
195 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
196 }
197 err = context.RemoveEndpoint(client.ID, endpoint1.ID)
198 if err != nil {
199 t.Fatalf("Error removing endpoint from client in %T: %s", store, err)
200 }
201 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
202 if err != nil {
203 t.Fatalf("Error listing endpoints in %T: %s", store, err)
204 }
205 if len(endpoints) != 1 {
206 t.Fatalf("Expected %d endpoints, got %+v from %T", 1, endpoints, store)
207 }
208 success, field, expectation, result = compareEndpoints(endpoint2, endpoints[0])
209 if !success {
210 t.Fatalf("Expected field %s to be %v, but %T returned %v", field, expectation, store, result)
211 }
212 err = context.RemoveEndpoint(client.ID, endpoint2.ID)
213 if err != nil {
214 t.Fatalf("Error removing endpoint from client in %T: %s", store, err)
215 }
216 endpoints, err = context.ListEndpoints(client.ID, 10, 0)
217 if err != nil {
218 t.Fatalf("Error listing endpoints in %T: %s", store, err)
219 }
220 if len(endpoints) != 0 {
221 t.Fatalf("Expected %d endpoints, got %+v from %T", 0, endpoints, store)
222 }
223 }
224 }
226 func TestClientUpdates(t *testing.T) {
227 t.Parallel()
228 variations := 1 << 5
229 client := Client{
230 ID: uuid.NewID(),
231 Secret: "secret",
232 OwnerID: uuid.NewID(),
233 Name: "name",
234 Logo: "logo",
235 Website: "website",
236 }
237 for i := 0; i < variations; i++ {
238 var secret, name, logo, website string
239 change := ClientChange{}
240 expectation := client
241 result := client
242 if i&clientChangeSecret != 0 {
243 secret = fmt.Sprintf("secret-%d", i)
244 change.Secret = &secret
245 expectation.Secret = secret
246 }
247 if i&clientChangeOwnerID != 0 {
248 change.OwnerID = uuid.NewID()
249 expectation.OwnerID = change.OwnerID
250 }
251 if i&clientChangeName != 0 {
252 name = fmt.Sprintf("name-%d", i)
253 change.Name = &name
254 expectation.Name = name
255 }
256 if i&clientChangeLogo != 0 {
257 logo = fmt.Sprintf("logo-%d", i)
258 change.Logo = &logo
259 expectation.Logo = logo
260 }
261 if i&clientChangeWebsite != 0 {
262 website = fmt.Sprintf("website-%d", i)
263 change.Website = &website
264 expectation.Website = website
265 }
266 result.ApplyChange(change)
267 match, field, expected, got := compareClients(expectation, result)
268 if !match {
269 t.Fatalf("Expected field `%s` to be `%v`, got `%v`", field, expected, got)
270 }
271 for _, store := range clientStores {
272 context := Context{clients: store}
273 err := context.SaveClient(client)
274 if err != nil {
275 t.Fatalf("Error saving client in %T: %s", store, err)
276 }
277 err = context.UpdateClient(client.ID, change)
278 if err != nil {
279 t.Fatalf("Error updating client in %T: %s", store, err)
280 }
281 retrieved, err := context.GetClient(client.ID)
282 if err != nil {
283 t.Fatalf("Error getting client from %T: %s", store, err)
284 }
285 match, field, expected, got = compareClients(expectation, retrieved)
286 if !match {
287 t.Fatalf("Expected field `%s` to be `%v`, got `%v` from %T", field, expected, got, store)
288 }
289 err = context.DeleteClient(client.ID)
290 if err != nil {
291 t.Fatalf("Error deleting client from %T: %s", store, err)
292 }
293 err = context.UpdateClient(client.ID, change)
294 if err != ErrClientNotFound {
295 t.Fatalf("Expected ErrClientNotFound, got %v from %T", err, store)
296 }
297 }
298 }
299 }
301 func TestClientEndpointChecks(t *testing.T) {
302 t.Parallel()
303 client := Client{
304 ID: uuid.NewID(),
305 Secret: "secret",
306 OwnerID: uuid.NewID(),
307 Name: "name",
308 Logo: "logo",
309 Website: "website",
310 }
311 endpoint1 := Endpoint{
312 ID: uuid.NewID(),
313 ClientID: client.ID,
314 Added: time.Now(),
315 URI: "https://www.example.com/first",
316 }
317 endpoint2 := Endpoint{
318 ID: uuid.NewID(),
319 ClientID: client.ID,
320 Added: time.Now(),
321 URI: "https://www.example.com/my/full/path",
322 }
323 candidates := map[string]bool{
324 "https://www.example.com/": false,
325 "https://www.example.com/first": true,
326 "https://www.example.com/first/extra/path": false,
327 "https://www.example.com/my": false,
328 "https://www.example.com/my/full/path": true,
329 }
330 for _, store := range clientStores {
331 context := Context{clients: store}
332 err := context.SaveClient(client)
333 if err != nil {
334 t.Fatalf("Error saving client in %T: %s", store, err)
335 }
336 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
337 if err != nil {
338 t.Fatalf("Error saving endpoint in %T: %s", store, err)
339 }
340 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
341 if err != nil {
342 t.Fatalf("Error saving endpoint in %T: %s", store, err)
343 }
344 for candidate, expectation := range candidates {
345 result, err := context.CheckEndpoint(client.ID, candidate)
346 if err != nil {
347 t.Fatalf("Error checking endpoint %s in %T: %s", candidate, store, err)
348 }
349 if result != expectation {
350 expectStr := "no"
351 resultStr := "a"
352 if expectation {
353 expectStr = "a"
354 resultStr = "no"
355 }
356 t.Errorf("Expected %s match for %s in %T, got %s match", expectStr, candidate, store, resultStr)
357 }
358 }
359 }
360 }
362 func TestClientEndpointChecksStrict(t *testing.T) {
363 t.Parallel()
364 client := Client{
365 ID: uuid.NewID(),
366 Secret: "secret",
367 OwnerID: uuid.NewID(),
368 Name: "name",
369 Logo: "logo",
370 Website: "website",
371 }
372 endpoint1 := Endpoint{
373 ID: uuid.NewID(),
374 ClientID: client.ID,
375 Added: time.Now(),
376 URI: "https://www.example.com/first",
377 }
378 endpoint2 := Endpoint{
379 ID: uuid.NewID(),
380 ClientID: client.ID,
381 Added: time.Now(),
382 URI: "https://www.example.com/my/full/path",
383 }
384 candidates := map[string]bool{
385 "https://www.example.com/": false,
386 "https://www.example.com/first": true,
387 "https://www.example.com/first/extra/path": false,
388 "https://www.example.com/my": false,
389 "https://www.example.com/my/full/path": true,
390 }
391 for _, store := range clientStores {
392 context := Context{clients: store}
393 err := context.SaveClient(client)
394 if err != nil {
395 t.Fatalf("Error saving client in %T: %s", store, err)
396 }
397 err = context.AddEndpoints(client.ID, []Endpoint{endpoint1})
398 if err != nil {
399 t.Fatalf("Error saving endpoint in %T: %s", store, err)
400 }
401 err = context.AddEndpoints(client.ID, []Endpoint{endpoint2})
402 if err != nil {
403 t.Fatalf("Error saving endpoint in %T: %s", store, err)
404 }
405 for candidate, expectation := range candidates {
406 result, err := context.CheckEndpoint(client.ID, candidate)
407 if err != nil {
408 t.Fatalf("Error checking endpoint %s in %T: %s", candidate, store, err)
409 }
410 if result != expectation {
411 expectStr := "no"
412 resultStr := "a"
413 if expectation {
414 expectStr = "a"
415 resultStr = "no"
416 }
417 t.Errorf("Expected %s match for %s in %T, got %s match", expectStr, candidate, store, resultStr)
418 }
419 }
420 }
421 }
423 func TestClientChangeValidation(t *testing.T) {
424 t.Parallel()
425 change := ClientChange{}
426 if err := change.Validate(); err[0] != ErrEmptyChange {
427 t.Errorf("Expected %s to give an error of %s, gave %s", "empty change", ErrEmptyChange, err)
428 }
429 names := map[string][]error{
430 "a": []error{ErrClientNameTooShort},
431 "ab": []error{},
432 "abc": []error{},
433 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopq": []error{ErrClientNameTooLong},
434 }
435 for name, expectation := range names {
436 change = ClientChange{Name: &name}
437 errs := change.Validate()
438 if len(errs) != len(expectation) {
439 t.Errorf("Expected %s to give %d errors, gave %d", name, len(expectation), len(errs))
440 t.Logf("%+v", errs)
441 }
442 for pos, err := range errs {
443 if err != expectation[pos] {
444 t.Errorf("Expected %s to give an error of %s in position %d, gave %s", name, expectation[pos], pos, err)
445 }
446 }
447 }
448 longPath := ""
449 for i := 0; i < 1025; i++ {
450 longPath = fmt.Sprintf("%s%d", longPath, i)
451 }
452 logos := map[string][]error{
453 "https://www.example.com/" + longPath: []error{ErrClientLogoTooLong},
454 "https://www.example.com/ab": []error{},
455 "www.example.com/ab": []error{ErrClientLogoNotURL},
456 "test": []error{ErrClientLogoNotURL},
457 "": []error{},
458 }
459 for logo, expectation := range logos {
460 change = ClientChange{Logo: &logo}
461 errs := change.Validate()
462 if len(errs) != len(expectation) {
463 t.Errorf("Expected %s to give %d errors, gave %d", logo, len(expectation), len(errs))
464 }
465 for pos, err := range errs {
466 if err != expectation[pos] {
467 t.Errorf("Expected %s to give an error of %s in positiong %d, gave %s", logo, expectation[pos], pos, err)
468 }
469 }
470 }
471 websites := map[string][]error{
472 "https://www.example.com/" + longPath: []error{ErrClientWebsiteTooLong},
473 "https://www.example.com/ab": []error{},
474 "www.example.com/ab": []error{ErrClientWebsiteNotURL},
475 "test": []error{ErrClientWebsiteNotURL},
476 "": []error{},
477 }
478 for website, expectation := range websites {
479 change = ClientChange{Website: &website}
480 errs := change.Validate()
481 if len(errs) != len(expectation) {
482 t.Errorf("Expected %s to give %d errors, gave %d", website, len(expectation), len(errs))
483 }
484 for pos, err := range errs {
485 if err != expectation[pos] {
486 t.Errorf("Expected %s to give an error of %s in position %d, gave %s", website, expectation[pos], pos, err)
487 }
488 }
489 }
490 }
492 func TestGetClientAuth(t *testing.T) {
493 t.Parallel()
494 type clientAuthRequest struct {
495 username string
496 pass string
497 clientID string
498 allowPublic bool
499 expectedClientID uuid.ID
500 expectedClientSecret string
501 expectedValid bool
502 expectedCode int
503 expectedBody string
504 expectAuthenticateHeader bool
505 }
506 id := uuid.NewID()
507 tests := []clientAuthRequest{
508 {"", "", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
509 {"", "", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
510 {"", "no clientID set", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
511 {"", "no clientID set", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
512 {"not an actual id", "invalid client ID set", "", false, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
513 {"not an actual id", "invalid client ID set", "", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
514 {"", "", "not an actual id", true, nil, "", false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
515 {id.String(), "secret", "", true, id, "secret", true, http.StatusOK, "", false},
516 {id.String(), "secret", "", false, id, "secret", true, http.StatusOK, "", false},
517 {"", "", id.String(), true, id, "", true, http.StatusOK, "", false},
518 {"", "", id.String(), false, nil, "", false, http.StatusBadRequest, `{"error":"unauthorized_client"}`, false},
519 }
520 for pos, test := range tests {
521 t.Logf("Running test #%d, with request %+v", pos, test)
522 w := httptest.NewRecorder()
523 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil)
524 if err != nil {
525 t.Fatal("Can't build request:", err)
526 }
527 if test.username != "" || test.pass != "" {
528 r.SetBasicAuth(test.username, test.pass)
529 }
530 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
531 params := url.Values{}
532 params.Set("client_id", test.clientID)
533 body := bytes.NewBufferString(params.Encode())
534 r.Body = ioutil.NopCloser(body)
535 respID, respSecret, success := getClientAuth(w, r, test.allowPublic)
536 if (respID == nil && test.expectedClientID != nil) || (respID != nil && test.expectedClientID == nil) || !respID.Equal(test.expectedClientID) {
537 t.Errorf("Expected response ID to be %v, got %v", test.expectedClientID, respID)
538 }
539 if test.expectedClientSecret != respSecret {
540 t.Errorf("Expected response secret to be '%s', got '%s'", test.expectedClientSecret, respSecret)
541 }
542 if test.expectedValid != success {
543 t.Errorf("Expected success result to be %v, got %v", test.expectedValid, success)
544 }
545 if test.expectedCode != w.Code {
546 t.Errorf("Expected response code to be %d, got %d", test.expectedCode, w.Code)
547 }
548 if test.expectedBody != strings.TrimSpace(w.Body.String()) {
549 t.Errorf("Expected body to be '%s', got '%s'", test.expectedBody, strings.TrimSpace(w.Body.String()))
550 }
551 if test.expectAuthenticateHeader && w.Header().Get("WWW-Authenticate") != "Basic" {
552 t.Errorf(`Expected header WWW-Authenticate to be set to "Basic", got "%s"`, w.Header().Get("WWW-Authenticate"))
553 }
554 }
555 }
557 func TestVerifyClient(t *testing.T) {
558 t.Parallel()
559 type verifyClientRequest struct {
560 username string
561 pass string
562 clientID string
563 allowPublic bool
564 expectedClientID uuid.ID
565 expectedValid bool
566 expectedCode int
567 expectedBody string
568 expectAuthenticateHeader bool
569 }
570 memstore := NewMemstore()
571 context := Context{
572 clients: memstore,
573 }
574 client := Client{
575 ID: uuid.NewID(),
576 Secret: "super secret!",
577 OwnerID: uuid.NewID(),
578 Name: "My test client",
579 Logo: "https://secondbit.org/logo.png",
580 Website: "https://secondbit.org/",
581 Type: "confidential",
582 }
583 err := context.SaveClient(client)
584 if err != nil {
585 t.Fatal("Could not save client:", err)
586 }
587 publicClient := Client{
588 ID: uuid.NewID(),
589 Secret: "",
590 OwnerID: uuid.NewID(),
591 Name: "A public client",
592 Logo: "https://secondbit.org/logo.png",
593 Website: "https://secondbit.org/",
594 Type: "public",
595 }
596 err = context.SaveClient(publicClient)
597 if err != nil {
598 t.Fatal("Could not save client:", err)
599 }
600 id := uuid.NewID()
601 tests := []verifyClientRequest{
602 {"", "", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
603 {"", "", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
604 {"", "no clientID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
605 {"", "no clientID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
606 {"not an actual id", "invalid client ID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
607 {"not an actual id", "invalid client ID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
608 {id.String(), "unsaved client ID set", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
609 {id.String(), "unsaved client ID set", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
610 {client.ID.String(), "wrong secret", "", false, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
611 {client.ID.String(), "wrong secret", "", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, true},
612 {"", "", "not an actual id", true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
613 {"", "", id.String(), true, nil, false, http.StatusUnauthorized, `{"error":"invalid_client"}`, false},
614 {client.ID.String(), client.Secret, "", true, client.ID, true, http.StatusOK, "", false},
615 {client.ID.String(), client.Secret, "", false, client.ID, true, http.StatusOK, "", false},
616 {"", "", publicClient.ID.String(), true, publicClient.ID, true, http.StatusOK, "", false},
617 {"", "", publicClient.ID.String(), false, nil, false, http.StatusBadRequest, `{"error":"unauthorized_client"}`, false},
618 }
620 for pos, test := range tests {
621 t.Logf("Running test #%d, with request %+v", pos, test)
622 w := httptest.NewRecorder()
623 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil)
624 if err != nil {
625 t.Fatal("Can't build request:", err)
626 }
627 if test.username != "" || test.pass != "" {
628 r.SetBasicAuth(test.username, test.pass)
629 }
630 r.Header.Set("Content-Type", "application/x-www-form-urlencoded")
631 params := url.Values{}
632 params.Set("client_id", test.clientID)
633 body := bytes.NewBufferString(params.Encode())
634 r.Body = ioutil.NopCloser(body)
635 respID, success := verifyClient(w, r, test.allowPublic, context)
636 if (respID == nil && test.expectedClientID != nil) || (respID != nil && test.expectedClientID == nil) || !respID.Equal(test.expectedClientID) {
637 t.Errorf("Expected response ID to be %v, got %v", test.expectedClientID, respID)
638 }
639 if test.expectedValid != success {
640 t.Errorf("Expected success result to be %v, got %v", test.expectedValid, success)
641 }
642 if test.expectedCode != w.Code {
643 t.Errorf("Expected response code to be %d, got %d", test.expectedCode, w.Code)
644 }
645 if test.expectedBody != strings.TrimSpace(w.Body.String()) {
646 t.Errorf("Expected body to be '%s', got '%s'", test.expectedBody, strings.TrimSpace(w.Body.String()))
647 }
648 if test.expectAuthenticateHeader && w.Header().Get("WWW-Authenticate") != "Basic" {
649 t.Errorf(`Expected header WWW-Authenticate to be set to "Basic", got "%s"`, w.Header().Get("WWW-Authenticate"))
650 }
651 }
652 }
654 func TestCreateClientHandler(t *testing.T) {
655 t.Parallel()
656 memstore := NewMemstore()
657 c := Context{
658 clients: memstore,
659 profiles: memstore,
660 }
661 w := httptest.NewRecorder()
662 r, err := http.NewRequest("POST", "https://test.auth.secondbit.org/clients", nil)
663 if err != nil {
664 t.Fatal("Can't build request:", err)
665 }
666 r.Header.Set("Content-Type", "application/json")
667 CreateClientHandler(w, r, c)
668 if w.Code != http.StatusUnauthorized {
669 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
670 }
671 expected := `{"errors":[{"error":"access_denied"}]}`
672 result := strings.TrimSpace(w.Body.String())
673 if result != expected {
674 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
675 }
676 w = httptest.NewRecorder()
677 r.Header.Set("Authorization", "Not basic at all...")
678 CreateClientHandler(w, r, c)
679 if w.Code != http.StatusUnauthorized {
680 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
681 }
682 expected = `{"errors":[{"error":"access_denied"}]}`
683 result = strings.TrimSpace(w.Body.String())
684 if result != expected {
685 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
686 }
687 w = httptest.NewRecorder()
688 r.Header.Set("Authorization", "Basic TotallyNotBase64Encoded")
689 CreateClientHandler(w, r, c)
690 if w.Code != http.StatusUnauthorized {
691 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
692 }
693 expected = `{"errors":[{"error":"access_denied"}]}`
694 result = strings.TrimSpace(w.Body.String())
695 if result != expected {
696 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
697 }
698 w = httptest.NewRecorder()
699 r.Header.Set("Authorization", "Basic dGhpc2hhc25vY29sb24=")
700 CreateClientHandler(w, r, c)
701 if w.Code != http.StatusUnauthorized {
702 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
703 }
704 expected = `{"errors":[{"error":"access_denied"}]}`
705 result = strings.TrimSpace(w.Body.String())
706 if result != expected {
707 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
708 }
709 profile := Profile{
710 ID: uuid.NewID(),
711 Name: "Test User",
712 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
713 Iterations: 1,
714 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
715 PassphraseScheme: 1,
716 Compromised: false,
717 LockedUntil: time.Time{},
718 PassphraseReset: "",
719 PassphraseResetCreated: time.Time{},
720 Created: time.Now(),
721 LastSeen: time.Time{},
722 }
723 login := Login{
724 Type: "email",
725 Value: "test@example.com",
726 ProfileID: profile.ID,
727 Created: time.Now(),
728 LastUsed: time.Time{},
729 }
730 w = httptest.NewRecorder()
731 r.SetBasicAuth("test@example.com", "mysecurepassphrase")
732 CreateClientHandler(w, r, c)
733 if w.Code != http.StatusUnauthorized {
734 t.Errorf("Expected status of %d, got status %d", http.StatusUnauthorized, w.Code)
735 }
736 expected = `{"errors":[{"error":"access_denied"}]}`
737 result = strings.TrimSpace(w.Body.String())
738 if result != expected {
739 t.Errorf("Expected response to be `%s`, got `%s`", expected, result)
740 }
741 err = c.SaveProfile(profile)
742 if err != nil {
743 t.Error("Error saving profile:", err)
744 }
745 err = c.AddLogin(login)
746 if err != nil {
747 t.Error("Error adding login:", err)
748 }
749 r.SetBasicAuth("test@example.com", "mysecurepassphrase")
750 type testStruct struct {
751 request string
752 code int
753 resp response
754 }
755 tests := []testStruct{
756 {``, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/"}}}},
757 {`{}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/type"}, {Slug: requestErrMissing, Field: "/name"}}}},
758 {`{"type":"notarealtype"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrMissing, Field: "/name"}}}},
759 {`{"type":"notarealtype","name":"myreallylongnameislongerthatthemaximumnamelength"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrOverflow, Field: "/name"}}}},
760 {`{"type":"notarealtype","name":"a"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}, {Slug: requestErrInsufficient, Field: "/name"}}}},
761 {`{"type":"public"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/name"}}}},
762 {`{"type":"public","name":"myreallylongnameislongerthatthemaximumnamelength"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrOverflow, Field: "/name"}}}},
763 {`{"type":"public","name":"a"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInsufficient, Field: "/name"}}}},
764 {`{"name":"My Client"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrMissing, Field: "/type"}}}},
765 {`{"type":"notarealtype","name":"My Client"}`, http.StatusBadRequest, response{Errors: []requestError{{Slug: requestErrInvalidValue, Field: "/type"}}}},
766 {`{"type":"public","name":"My Client"}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}}},
767 {`{"type":"public","name":"My Client", "endpoints": ["https://test.secondbit.org/", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://test.secondbit.org/"}, {URI: "https://paddy.io"}}}},
768 {`{"type":"public","name":"My Client", "endpoints": [":/not a url", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://paddy.io"}}, Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/endpoints/0"}}}},
769 {`{"type":"public","name":"My Client", "endpoints": [":/not a url", "/relative/uri", "https://paddy.io"]}`, http.StatusCreated, response{Clients: []Client{{Name: "My Client", OwnerID: profile.ID, Type: "public"}}, Endpoints: []Endpoint{{URI: "https://paddy.io"}}, Errors: []requestError{{Slug: requestErrInvalidFormat, Field: "/endpoints/0"}, {Slug: requestErrInvalidValue, Field: "/endpoints/1"}}}},
770 {`{"type":"confidential","name":"Secret Client", "endpoints": ["https://secondbit.org"]}`, http.StatusCreated, response{Clients: []Client{{Name: "Secret Client", OwnerID: profile.ID, Type: "confidential"}}, Endpoints: []Endpoint{{URI: "https://secondbit.org"}}}},
771 }
772 for pos, test := range tests {
773 t.Logf("Test #%d: `%s`", pos, test.request)
774 w = httptest.NewRecorder()
775 body := bytes.NewBufferString(test.request)
776 r.Body = ioutil.NopCloser(body)
777 CreateClientHandler(w, r, c)
778 if w.Code != test.code {
779 t.Errorf("Expected response code to be %d, got %d", test.code, w.Code)
780 }
781 t.Logf("Response: %s", w.Body.String())
782 var res response
783 err = json.Unmarshal(w.Body.Bytes(), &res)
784 if err != nil {
785 t.Error("Unexpected error unmarshalling response:", err)
786 }
787 if len(res.Clients) > 0 {
788 if res.Clients[0].Type == "confidential" && res.Clients[0].Secret == "" {
789 t.Log("Client:", res.Clients[0])
790 t.Error("Expected confidential client to have a secret, but does not.")
791 } else if res.Clients[0].Type == "public" && res.Clients[0].Secret != "" {
792 t.Log("Client:", res.Clients[0])
793 t.Error("Expected public client to not have a secret, but it does.")
794 }
795 }
796 fillInServerGenerated(test.resp, res)
797 success, field, expectation, result := compareResponses(test.resp, res)
798 if !success {
799 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
800 }
801 }
802 }
804 func TestGetClientHandler(t *testing.T) {
805 t.Parallel()
806 memstore := NewMemstore()
807 c := Context{
808 clients: memstore,
809 profiles: memstore,
810 }
811 client := Client{
812 ID: uuid.NewID(),
813 Secret: "myawesomesecret",
814 OwnerID: uuid.NewID(),
815 Name: "Test Client",
816 Logo: "https://auth.secondbit.org/logo.png",
817 Website: "https://code.secondbit.org",
818 Type: clientTypeConfidential,
819 }
820 err := c.SaveClient(client)
821 if err != nil {
822 t.Fatal("Can't store client in memstore:", err)
823 }
824 profile := Profile{
825 ID: uuid.NewID(),
826 Name: "Test User",
827 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
828 Iterations: 1,
829 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
830 PassphraseScheme: 1,
831 Compromised: false,
832 LockedUntil: time.Time{},
833 PassphraseReset: "",
834 PassphraseResetCreated: time.Time{},
835 Created: time.Now(),
836 LastSeen: time.Time{},
837 }
838 login := Login{
839 Type: "email",
840 Value: "test@example.com",
841 ProfileID: profile.ID,
842 Created: time.Now(),
843 LastUsed: time.Time{},
844 }
845 err = c.SaveProfile(profile)
846 if err != nil {
847 t.Error("Error saving profile:", err)
848 }
849 err = c.AddLogin(login)
850 if err != nil {
851 t.Error("Error adding login:", err)
852 }
853 router := mux.NewRouter()
854 RegisterClientHandlers(router, c)
855 w := httptest.NewRecorder()
856 u := "https://test.auth.secondbit.org/clients/" + client.ID.String()
857 r, err := http.NewRequest("GET", u, nil)
858 if err != nil {
859 t.Fatal("Can't build request:", err)
860 }
861 r.Header.Set("Content-Type", "application/json")
862 router.ServeHTTP(w, r)
863 if w.Code != http.StatusOK {
864 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
865 }
866 t.Logf("Response: %s", w.Body.String())
867 var res response
868 err = json.Unmarshal(w.Body.Bytes(), &res)
869 if err != nil {
870 t.Error("Unexpected error unmarshalling response:", err)
871 }
872 if len(res.Clients) != 1 {
873 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
874 }
875 if res.Clients[0].Secret != "" {
876 t.Error("Expected secret not to be set, but was set to", res.Clients[0].Secret)
877 }
878 // fill in the secret, which was omitted in the response
879 res.Clients[0].Secret = client.Secret
880 success, field, expectation, result := compareClients(client, res.Clients[0])
881 if !success {
882 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
883 }
885 // test for improperly formatted ID
886 u = "https://test.auth.secondbit.org/clients/notanID"
887 w = httptest.NewRecorder()
888 r, err = http.NewRequest("GET", u, nil)
889 if err != nil {
890 t.Fatal("Can't build request:", err)
891 }
892 r.Header.Set("Content-Type", "application/json")
893 router.ServeHTTP(w, r)
894 if w.Code != http.StatusBadRequest {
895 t.Errorf("Expected response code to be %d, got %d", http.StatusBadRequest, w.Code)
896 }
897 t.Logf("Response: %s", w.Body.String())
898 res = response{}
899 err = json.Unmarshal(w.Body.Bytes(), &res)
900 if err != nil {
901 t.Error("Unexpected error unmarshalling response:", err)
902 }
903 if len(res.Errors) != 1 {
904 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
905 }
906 e := requestError{Slug: requestErrInvalidFormat, Param: "id"}
907 success, field, expectation, result = compareErrors(e, res.Errors[0])
908 if !success {
909 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
910 }
912 // test for a non-existent client
913 u = "https://test.auth.secondbit.org/clients/" + uuid.NewID().String()
914 w = httptest.NewRecorder()
915 r, err = http.NewRequest("GET", u, nil)
916 if err != nil {
917 t.Fatal("Can't build request:", err)
918 }
919 r.Header.Set("Content-Type", "application/json")
920 router.ServeHTTP(w, r)
921 if w.Code != http.StatusNotFound {
922 t.Errorf("Expected response code to be %d, got %d", http.StatusNotFound, w.Code)
923 }
924 t.Logf("Response: %s", w.Body.String())
925 res = response{}
926 err = json.Unmarshal(w.Body.Bytes(), &res)
927 if err != nil {
928 t.Error("Unexpected error unmarshalling response:", err)
929 }
930 if len(res.Errors) != 1 {
931 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
932 }
933 e = requestError{Slug: requestErrNotFound, Param: "id"}
934 success, field, expectation, result = compareErrors(e, res.Errors[0])
935 if !success {
936 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
937 }
938 }
940 func TestAuthenticatedGetClientHandler(t *testing.T) {
941 t.Parallel()
942 memstore := NewMemstore()
943 c := Context{
944 clients: memstore,
945 profiles: memstore,
946 }
947 client := Client{
948 ID: uuid.NewID(),
949 Secret: "myawesomesecret",
950 OwnerID: uuid.NewID(),
951 Name: "Test Client",
952 Logo: "https://auth.secondbit.org/logo.png",
953 Website: "https://code.secondbit.org",
954 Type: clientTypeConfidential,
955 }
956 err := c.SaveClient(client)
957 if err != nil {
958 t.Fatal("Can't store client in memstore:", err)
959 }
960 profile := Profile{
961 ID: client.OwnerID,
962 Name: "Test User",
963 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
964 Iterations: 1,
965 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
966 PassphraseScheme: 1,
967 Compromised: false,
968 LockedUntil: time.Time{},
969 PassphraseReset: "",
970 PassphraseResetCreated: time.Time{},
971 Created: time.Now(),
972 LastSeen: time.Time{},
973 }
974 login := Login{
975 Type: "email",
976 Value: "test@example.com",
977 ProfileID: profile.ID,
978 Created: time.Now(),
979 LastUsed: time.Time{},
980 }
981 err = c.SaveProfile(profile)
982 if err != nil {
983 t.Error("Error saving profile:", err)
984 }
985 err = c.AddLogin(login)
986 if err != nil {
987 t.Error("Error adding login:", err)
988 }
989 profile2 := Profile{
990 ID: uuid.NewID(),
991 Name: "Test User",
992 Passphrase: "f3a4ac4f1d657b2e6e776d24213e39406d50a87a52691a2a78891425af1271d0",
993 Iterations: 1,
994 Salt: "d82d92cfa8bfb5a08270ebbf39a3710d24b352b937fcc8959ebcb40384cc616b",
995 PassphraseScheme: 1,
996 Compromised: false,
997 LockedUntil: time.Time{},
998 PassphraseReset: "",
999 PassphraseResetCreated: time.Time{},
1000 Created: time.Now(),
1001 LastSeen: time.Time{},
1002 }
1003 login2 := Login{
1004 Type: "email",
1005 Value: "test2@example.com",
1006 ProfileID: profile2.ID,
1007 Created: time.Now(),
1008 LastUsed: time.Time{},
1009 }
1010 err = c.SaveProfile(profile2)
1011 if err != nil {
1012 t.Error("Error saving profile:", err)
1013 }
1014 err = c.AddLogin(login2)
1015 if err != nil {
1016 t.Error("Error adding login:", err)
1017 }
1018 router := mux.NewRouter()
1019 RegisterClientHandlers(router, c)
1020 w := httptest.NewRecorder()
1021 u := "https://test.auth.secondbit.org/clients/" + client.ID.String()
1022 r, err := http.NewRequest("GET", u, nil)
1023 if err != nil {
1024 t.Fatal("Can't build request:", err)
1025 }
1026 r.Header.Set("Content-Type", "application/json")
1027 r.SetBasicAuth(login.Value, "mysecurepassphrase")
1028 router.ServeHTTP(w, r)
1029 if w.Code != http.StatusOK {
1030 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
1031 }
1032 t.Logf("Response: %s", w.Body.String())
1033 var res response
1034 err = json.Unmarshal(w.Body.Bytes(), &res)
1035 if err != nil {
1036 t.Error("Unexpected error unmarshalling response:", err)
1037 }
1038 if len(res.Clients) != 1 {
1039 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
1040 }
1041 success, field, expectation, result := compareClients(client, res.Clients[0])
1042 if !success {
1043 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
1044 }
1046 // test for improperly formatted ID
1047 u = "https://test.auth.secondbit.org/clients/notanID"
1048 w = httptest.NewRecorder()
1049 r, err = http.NewRequest("GET", u, nil)
1050 if err != nil {
1051 t.Fatal("Can't build request:", err)
1052 }
1053 r.Header.Set("Content-Type", "application/json")
1054 r.SetBasicAuth(login.Value, "mysecurepassphrase")
1055 router.ServeHTTP(w, r)
1056 if w.Code != http.StatusBadRequest {
1057 t.Errorf("Expected response code to be %d, got %d", http.StatusBadRequest, w.Code)
1058 }
1059 t.Logf("Response: %s", w.Body.String())
1060 res = response{}
1061 err = json.Unmarshal(w.Body.Bytes(), &res)
1062 if err != nil {
1063 t.Error("Unexpected error unmarshalling response:", err)
1064 }
1065 if len(res.Errors) != 1 {
1066 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
1067 }
1068 e := requestError{Slug: requestErrInvalidFormat, Param: "id"}
1069 success, field, expectation, result = compareErrors(e, res.Errors[0])
1070 if !success {
1071 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
1072 }
1074 // test for a non-existent client
1075 u = "https://test.auth.secondbit.org/clients/" + uuid.NewID().String()
1076 w = httptest.NewRecorder()
1077 r, err = http.NewRequest("GET", u, nil)
1078 if err != nil {
1079 t.Fatal("Can't build request:", err)
1080 }
1081 r.Header.Set("Content-Type", "application/json")
1082 r.SetBasicAuth(login.Value, "mysecurepassphrase")
1083 router.ServeHTTP(w, r)
1084 if w.Code != http.StatusNotFound {
1085 t.Errorf("Expected response code to be %d, got %d", http.StatusNotFound, w.Code)
1086 }
1087 t.Logf("Response: %s", w.Body.String())
1088 res = response{}
1089 err = json.Unmarshal(w.Body.Bytes(), &res)
1090 if err != nil {
1091 t.Error("Unexpected error unmarshalling response:", err)
1092 }
1093 if len(res.Errors) != 1 {
1094 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
1095 }
1096 e = requestError{Slug: requestErrNotFound, Param: "id"}
1097 success, field, expectation, result = compareErrors(e, res.Errors[0])
1098 if !success {
1099 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
1100 }
1102 // test for a wrong password
1103 u = "https://test.auth.secondbit.org/clients/" + client.ID.String()
1104 w = httptest.NewRecorder()
1105 r, err = http.NewRequest("GET", u, nil)
1106 if err != nil {
1107 t.Fatal("Can't build request:", err)
1108 }
1109 r.Header.Set("Content-Type", "application/json")
1110 r.SetBasicAuth(login.Value, "notmypassphrase")
1111 router.ServeHTTP(w, r)
1112 if w.Code != http.StatusUnauthorized {
1113 t.Errorf("Expected response code to be %d, got %d", http.StatusUnauthorized, w.Code)
1114 }
1115 t.Logf("Response: %s", w.Body.String())
1116 res = response{}
1117 err = json.Unmarshal(w.Body.Bytes(), &res)
1118 if err != nil {
1119 t.Error("Unexpected error unmarshalling response:", err)
1120 }
1121 if len(res.Errors) != 1 {
1122 t.Errorf("Expected %d results in response, got %d", 1, len(res.Errors))
1123 }
1124 e = requestError{Slug: requestErrAccessDenied}
1125 success, field, expectation, result = compareErrors(e, res.Errors[0])
1126 if !success {
1127 t.Errorf("Unexpected result for %s in error response: expected %v, got %v", field, expectation, result)
1128 }
1130 // test for a wrong account
1131 u = "https://test.auth.secondbit.org/clients/" + client.ID.String()
1132 w = httptest.NewRecorder()
1133 r, err = http.NewRequest("GET", u, nil)
1134 if err != nil {
1135 t.Fatal("Can't build request:", err)
1136 }
1137 r.Header.Set("Content-Type", "application/json")
1138 r.SetBasicAuth(login2.Value, "mysecurepassphrase")
1139 router.ServeHTTP(w, r)
1140 if w.Code != http.StatusOK {
1141 t.Errorf("Expected response code to be %d, got %d", http.StatusOK, w.Code)
1142 }
1143 t.Logf("Response: %s", w.Body.String())
1144 res = response{}
1145 err = json.Unmarshal(w.Body.Bytes(), &res)
1146 if err != nil {
1147 t.Error("Unexpected error unmarshalling response:", err)
1148 }
1149 if len(res.Clients) != 1 {
1150 t.Errorf("Expected %d results in response, got %d", 1, len(res.Clients))
1151 }
1152 if res.Clients[0].Secret != "" {
1153 t.Errorf("Expected client secret to be empty, got %s", res.Clients[0].Secret)
1154 }
1155 // fill the client's secret for comparison
1156 res.Clients[0].Secret = client.Secret
1157 success, field, expectation, result = compareClients(client, res.Clients[0])
1158 if !success {
1159 t.Errorf("Unexpected result for %s in response: expected %v, got %v", field, expectation, result)
1160 }
1161 }
1163 // BUG(paddy): We need to test the clientCredentialsValidate function.
1164 // BUG(paddy): We need to test the ListClientsHandler.