auth
auth/http_test.go
Actually validate grant requests. Write the logic to validate grant requests and stub out the rendering/error handling/redirecting locations. Finally, we get to the good stuff: implementing the specification. Write some tests to verify that granting requests works the way we think it does.
1 package auth
3 import (
4 "html/template"
5 "net/http"
6 "net/http/httptest"
7 "net/url"
8 "testing"
9 "time"
11 "code.secondbit.org/uuid"
12 )
14 const (
15 scopeSet = 1 << iota
16 stateSet
17 uriSet
18 uriExact
19 )
21 func TestGetGrantCodeSuccess(t *testing.T) {
22 t.Parallel()
23 store := NewMemstore()
24 testContext := Context{
25 template: template.Must(template.New(getGrantTemplateName).Parse("Get auth grant")),
26 clients: store,
27 grants: store,
28 profiles: store,
29 tokens: store,
30 }
31 client := Client{
32 ID: uuid.NewID(),
33 Secret: "super secret!",
34 OwnerID: uuid.NewID(),
35 Name: "My test client",
36 Logo: "https://secondbit.org/logo.png",
37 Website: "https://secondbit.org",
38 Type: "public",
39 }
40 uri, err := url.Parse("https://test.secondbit.org/redirect")
41 if err != nil {
42 t.Fatal("Can't parse URL:", err)
43 }
44 endpoint := Endpoint{
45 ID: uuid.NewID(),
46 ClientID: client.ID,
47 URI: *uri,
48 Added: time.Now(),
49 }
50 err = testContext.SaveClient(client)
51 if err != nil {
52 t.Fatal("Can't store client:", err)
53 }
54 err = testContext.AddEndpoint(client.ID, endpoint)
55 if err != nil {
56 t.Fatal("Can't store endpoint:", err)
57 }
58 req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
59 if err != nil {
60 t.Fatal("Can't build request:", err)
61 }
62 for i := 0; i < 1<<4; i++ {
63 w := httptest.NewRecorder()
64 params := url.Values{}
65 // see OAuth 2.0 spec, section 4.1.1
66 params.Set("response_type", "code")
67 params.Set("client_id", client.ID.String())
68 if i&uriSet != 0 {
69 if i&uriExact != 0 {
70 params.Set("redirect_uri", endpoint.URI.String())
71 } else {
72 params.Set("redirect_uri", endpoint.URI.String()+"/inexact")
73 }
74 }
75 if i&scopeSet != 0 {
76 params.Set("scope", "testscope")
77 }
78 if i&stateSet != 0 {
79 params.Set("state", "my super secure state string")
80 }
81 req.URL.RawQuery = params.Encode()
82 GetGrantHandler(w, req, testContext)
83 if w.Code != http.StatusOK {
84 t.Errorf("Expected status code to be %d, got %d for %s", http.StatusOK, w.Code, req.URL.String())
85 }
86 if w.Body.String() != "Get auth grant" {
87 t.Errorf("Expected body to be `%s`, got `%s` for %s", "Get auth grant", w.Body.String(), req.URL.String())
88 }
89 }
90 }
92 func TestGetGrantCodeInvalidURI(t *testing.T) {
93 t.Parallel()
94 store := NewMemstore()
95 testContext := Context{
96 template: template.Must(template.New(getGrantTemplateName).Parse("{{ .error }}")),
97 clients: store,
98 grants: store,
99 profiles: store,
100 tokens: store,
101 }
102 client := Client{
103 ID: uuid.NewID(),
104 Secret: "super secret!",
105 OwnerID: uuid.NewID(),
106 Name: "My test client",
107 Type: "public",
108 }
109 uri, err := url.Parse("https://test.secondbit.org/redirect")
110 if err != nil {
111 t.Fatal("Can't parse URL:", err)
112 }
113 endpoint := Endpoint{
114 ID: uuid.NewID(),
115 ClientID: client.ID,
116 URI: *uri,
117 Added: time.Now(),
118 }
119 err = testContext.SaveClient(client)
120 if err != nil {
121 t.Fatal("Can't store client:", err)
122 }
123 err = testContext.AddEndpoint(client.ID, endpoint)
124 if err != nil {
125 t.Fatal("Can't store endpoint:", err)
126 }
127 req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
128 if err != nil {
129 t.Fatal("Can't build request:", err)
130 }
131 w := httptest.NewRecorder()
132 params := url.Values{}
133 params.Set("response_type", "code")
134 params.Set("client_id", client.ID.String())
135 params.Set("redirect_uri", "https://test.secondbit.org/wrong")
136 req.URL.RawQuery = params.Encode()
137 GetGrantHandler(w, req, testContext)
138 if w.Code != http.StatusBadRequest {
139 t.Errorf("Expected status code to be %d, got %d", http.StatusBadRequest, w.Code)
140 }
141 if w.Body.String() != "The redirect_uri specified is not valid." {
142 t.Errorf(`Expected output to be "%s", got "%s" instead.`, "The redirect_uri specified is not valid.", w.Body.String())
143 }
144 }