package oauth2 import ( "net/http" "net/url" "testing" ) func TestAccessAuthorizationCode(t *testing.T) { sconfig := NewServerConfig() sconfig.AllowedAccessTypes = AllowedAccessType{AuthorizationCodeART} server := NewServer(sconfig, NewTestingStorage()) server.AccessTokenGen = &TestingAccessTokenGen{} resp := server.NewResponse() req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil) if err != nil { t.Fatal(err) } req.SetBasicAuth("1234", "aabbccdd") req.Form = make(url.Values) req.Form.Set("grant_type", string(AuthorizationCodeART)) req.Form.Set("code", "9999") req.Form.Set("state", "a") req.PostForm = make(url.Values) if ar := server.HandleAccessRequest(resp, req); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, req, ar) } //fmt.Printf("%+v", resp) if resp.IsError && resp.InternalError != nil { t.Fatalf("Error in response: %s", resp.InternalError) } if resp.IsError { t.Fatalf("Should not be an error") } if resp.Type != DATA { t.Fatalf("Response should be data") } if d := resp.Output["access_token"]; d != "1" { t.Fatalf("Unexpected access token: %s", d) } if d := resp.Output["refresh_token"]; d != "r1" { t.Fatalf("Unexpected refresh token: %s", d) } } func TestAccessRefreshToken(t *testing.T) { sconfig := NewServerConfig() sconfig.AllowedAccessTypes = AllowedAccessType{REFRESH_TOKEN} server := NewServer(sconfig, NewTestingStorage()) server.AccessTokenGen = &TestingAccessTokenGen{} resp := server.NewResponse() req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil) if err != nil { t.Fatal(err) } req.SetBasicAuth("1234", "aabbccdd") req.Form = make(url.Values) req.Form.Set("grant_type", string(REFRESH_TOKEN)) req.Form.Set("refresh_token", "r9999") req.Form.Set("state", "a") req.PostForm = make(url.Values) if ar := server.HandleAccessRequest(resp, req); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, req, ar) } //fmt.Printf("%+v", resp) if resp.IsError && resp.InternalError != nil { t.Fatalf("Error in response: %s", resp.InternalError) } if resp.IsError { t.Fatalf("Should not be an error") } if resp.Type != DATA { t.Fatalf("Response should be data") } if d := resp.Output["access_token"]; d != "1" { t.Fatalf("Unexpected access token: %s", d) } if d := resp.Output["refresh_token"]; d != "r1" { t.Fatalf("Unexpected refresh token: %s", d) } } func TestAccessPassword(t *testing.T) { sconfig := NewServerConfig() sconfig.AllowedAccessTypes = AllowedAccessType{PASSWORD} server := NewServer(sconfig, NewTestingStorage()) server.AccessTokenGen = &TestingAccessTokenGen{} resp := server.NewResponse() req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil) if err != nil { t.Fatal(err) } req.SetBasicAuth("1234", "aabbccdd") req.Form = make(url.Values) req.Form.Set("grant_type", string(PASSWORD)) req.Form.Set("username", "testing") req.Form.Set("password", "testing") req.Form.Set("state", "a") req.PostForm = make(url.Values) if ar := server.HandleAccessRequest(resp, req); ar != nil { ar.Authorized = ar.Username == "testing" && ar.Password == "testing" server.FinishAccessRequest(resp, req, ar) } //fmt.Printf("%+v", resp) if resp.IsError && resp.InternalError != nil { t.Fatalf("Error in response: %s", resp.InternalError) } if resp.IsError { t.Fatalf("Should not be an error") } if resp.Type != DATA { t.Fatalf("Response should be data") } if d := resp.Output["access_token"]; d != "1" { t.Fatalf("Unexpected access token: %s", d) } if d := resp.Output["refresh_token"]; d != "r1" { t.Fatalf("Unexpected refresh token: %s", d) } } func TestAccessClientCredentials(t *testing.T) { sconfig := NewServerConfig() sconfig.AllowedAccessTypes = AllowedAccessType{CLIENT_CREDENTIALS} server := NewServer(sconfig, NewTestingStorage()) server.AccessTokenGen = &TestingAccessTokenGen{} resp := server.NewResponse() req, err := http.NewRequest("POST", "http://localhost:14000/appauth", nil) if err != nil { t.Fatal(err) } req.SetBasicAuth("1234", "aabbccdd") req.Form = make(url.Values) req.Form.Set("grant_type", string(CLIENT_CREDENTIALS)) req.Form.Set("state", "a") req.PostForm = make(url.Values) if ar := server.HandleAccessRequest(resp, req); ar != nil { ar.Authorized = true server.FinishAccessRequest(resp, req, ar) } //fmt.Printf("%+v", resp) if resp.IsError && resp.InternalError != nil { t.Fatalf("Error in response: %s", resp.InternalError) } if resp.IsError { t.Fatalf("Should not be an error") } if resp.Type != DATA { t.Fatalf("Response should be data") } if d := resp.Output["access_token"]; d != "1" { t.Fatalf("Unexpected access token: %s", d) } if d := resp.Output["refresh_token"]; d != "r1" { t.Fatalf("Unexpected refresh token: %s", d) } }