auth

Paddy 2014-10-15 Parent:b620d32d9903 Child:aff6863e3cb3

51:116342ffc65f Browse Files

Create a grant confirmation endpoint and its first test. Lay the framework for how we're going to write endpoints, and how we're going to test them by doing a super simple grant confirmation endpoint (where the user authorizes the grant, which can then be exchanged for a token) and a simple test to ensure that a page gets rendered when valid input is provided. We're still missing a lot of test cases: when different forms of valid input are provided (e.g., no scope, no redirect URI, etc.); when invalid input is provided; etc.

grant_test.go http.go 

     1.1 --- a/grant_test.go	Wed Oct 15 23:23:53 2014 -0400
     1.2 +++ b/grant_test.go	Wed Oct 15 23:27:17 2014 -0400
     1.3 @@ -1,6 +1,9 @@
     1.4  package auth
     1.5  
     1.6  import (
     1.7 +	"html/template"
     1.8 +	"net/http"
     1.9 +	"net/http/httptest"
    1.10  	"testing"
    1.11  	"time"
    1.12  
    1.13 @@ -76,3 +79,33 @@
    1.14  		}
    1.15  	}
    1.16  }
    1.17 +
    1.18 +func TestGrantCodeRedirect(t *testing.T) {
    1.19 +	t.Parallel()
    1.20 +	store := NewMemstore()
    1.21 +	testContext := Context{
    1.22 +		template: template.Must(template.New(getGrantTemplateName).Parse("Get auth grant")),
    1.23 +		clients:  store,
    1.24 +		grants:   store,
    1.25 +		profiles: store,
    1.26 +		tokens:   store,
    1.27 +	}
    1.28 +	w := httptest.NewRecorder()
    1.29 +	req, err := http.NewRequest("GET", "https://test.auth.secondbit.org/oauth2/grant", nil)
    1.30 +	if err != nil {
    1.31 +		t.Fatal("Can't build request:", err)
    1.32 +	}
    1.33 +	// see OAuth 2.0 spec, section 4.1.1
    1.34 +	req.URL.Query().Set("response_type", "code")
    1.35 +	req.URL.Query().Set("client_id", "test_client_id")
    1.36 +	req.URL.Query().Set("redirect_uri", "https://test.secondbit.org/redirect")
    1.37 +	req.URL.Query().Set("scope", "testscope")
    1.38 +	req.URL.Query().Set("state", "my super secure state string")
    1.39 +	GetGrantHandler(w, req, testContext)
    1.40 +	if w.Code != http.StatusOK {
    1.41 +		t.Errorf("Expected status code to be %d, got %d", http.StatusOK, w.Code)
    1.42 +	}
    1.43 +	if w.Body.String() != "Get auth grant" {
    1.44 +		t.Errorf("Expected body to be `%s`, got `%s`", "Get auth grant", w.Body.String())
    1.45 +	}
    1.46 +}

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/http.go	Wed Oct 15 23:27:17 2014 -0400
     2.3 @@ -0,0 +1,16 @@
     2.4 +package auth
     2.5 +
     2.6 +import (
     2.7 +	"log"
     2.8 +	"net/http"
     2.9 +)
    2.10 +
    2.11 +const getGrantTemplateName = "get_grant"
    2.12 +
    2.13 +func GetGrantHandler(w http.ResponseWriter, r *http.Request, context Context) {
    2.14 +	w.WriteHeader(http.StatusOK)
    2.15 +	err := context.Render(w, getGrantTemplateName, nil)
    2.16 +	if err != nil {
    2.17 +		log.Println("Error rendering template for GetGrantHandler:", err)
    2.18 +	}
    2.19 +}