auth
auth/grant_test.go
Create a grant confirmation endpoint and its first test. Lay the framework for how we're going to write endpoints, and how we're going to test them by doing a super simple grant confirmation endpoint (where the user authorizes the grant, which can then be exchanged for a token) and a simple test to ensure that a page gets rendered when valid input is provided. We're still missing a lot of test cases: when different forms of valid input are provided (e.g., no scope, no redirect URI, etc.); when invalid input is provided; etc.
1 package auth
3 import (
4 "html/template"
5 "net/http"
6 "net/http/httptest"
7 "testing"
8 "time"
10 "code.secondbit.org/uuid"
11 )
13 var grantStores = []GrantStore{NewMemstore()}
15 func compareGrants(grant1, grant2 Grant) (success bool, field string, grant1val, grant2val interface{}) {
16 if grant1.Code != grant2.Code {
17 return false, "code", grant1.Code, grant2.Code
18 }
19 if !grant1.Created.Equal(grant2.Created) {
20 return false, "created", grant1.Created, grant2.Created
21 }
22 if grant1.ExpiresIn != grant2.ExpiresIn {
23 return false, "expires in", grant1.ExpiresIn, grant2.ExpiresIn
24 }
25 if !grant1.ClientID.Equal(grant2.ClientID) {
26 return false, "client ID", grant1.ClientID, grant2.ClientID
27 }
28 if grant1.Scope != grant2.Scope {
29 return false, "scope", grant1.Scope, grant2.Scope
30 }
31 if grant1.RedirectURI != grant2.RedirectURI {
32 return false, "redirect URI", grant1.RedirectURI, grant2.RedirectURI
33 }
34 if grant1.State != grant2.State {
35 return false, "state", grant1.State, grant2.State
36 }
37 return true, "", nil, nil
38 }
40 func TestGrantStoreSuccess(t *testing.T) {
41 t.Parallel()
42 grant := Grant{
43 Code: "code",
44 Created: time.Now(),
45 ExpiresIn: 180,
46 ClientID: uuid.NewID(),
47 Scope: "scope",
48 RedirectURI: "redirectURI",
49 State: "state",
50 }
51 for _, store := range grantStores {
52 err := store.SaveGrant(grant)
53 if err != nil {
54 t.Errorf("Error saving grant to %T: %s", store, err)
55 }
56 err = store.SaveGrant(grant)
57 if err != ErrGrantAlreadyExists {
58 t.Errorf("Expected ErrGrantAlreadyExists from %T, got %+v", store, err)
59 }
60 retrieved, err := store.GetGrant(grant.Code)
61 if err != nil {
62 t.Errorf("Error retrieving grant from %T: %s", store, err)
63 }
64 match, field, expectation, result := compareGrants(grant, retrieved)
65 if !match {
66 t.Errorf("Expected `%v` in the `%s` field of grant retrieved from %T, got `%v`", expectation, field, store, result)
67 }
68 err = store.DeleteGrant(grant.Code)
69 if err != nil {
70 t.Errorf("Error removing grant from %T: %s", store, err)
71 }
72 retrieved, err = store.GetGrant(grant.Code)
73 if err != ErrGrantNotFound {
74 t.Errorf("Expected ErrGrantNotFound from %T, got %+v and %+v", store, retrieved, err)
75 }
76 err = store.DeleteGrant(grant.Code)
77 if err != ErrGrantNotFound {
78 t.Errorf("Expected ErrGrantNotFound from %T, got %+v", store, err)
79 }
80 }
81 }
83 func TestGrantCodeRedirect(t *testing.T) {
84 t.Parallel()
85 store := NewMemstore()
86 testContext := Context{
87 template: template.Must(template.New(getGrantTemplateName).Parse("Get auth grant")),
88 clients: store,
89 grants: store,
90 profiles: store,
91 tokens: store,
92 }
93 w := httptest.NewRecorder()
94 req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
95 if err != nil {
96 t.Fatal("Can't build request:", err)
97 }
98 // see OAuth 2.0 spec, section 4.1.1
99 req.URL.Query().Set("response_type", "code")
100 req.URL.Query().Set("client_id", "test_client_id")
101 req.URL.Query().Set("redirect_uri", "https://test.secondbit.org/redirect")
102 req.URL.Query().Set("scope", "testscope")
103 req.URL.Query().Set("state", "my super secure state string")
104 GetGrantHandler(w, req, testContext)
105 if w.Code != http.StatusOK {
106 t.Errorf("Expected status code to be %d, got %d", http.StatusOK, w.Code)
107 }
108 if w.Body.String() != "Get auth grant" {
109 t.Errorf("Expected body to be `%s`, got `%s`", "Get auth grant", w.Body.String())
110 }
111 }