auth

Paddy 2015-01-05 Parent:d46d22e5b5d6 Child:da2a0954e8d3

111:224f0610d3e7 Browse Files

Fill in gaps in AuthorizationCodeStore tests, add authCodeGrantValidate tests. Fill in some holes in AuthorizationCodeStore tests (mainly the lack of ProfileID and Used being compared, and the omission of useAuthorizationCode in the TestauthorizationCodeStore test). Start testing the authCodeGrantValidate function, that tests a grant claim made using an AuthorizationCode. Right now, we're only testing that omitting a code yields an invalid_request error.

authcode_test.go 

     1.1 --- a/authcode_test.go	Sun Jan 04 02:51:15 2015 -0500
     1.2 +++ b/authcode_test.go	Mon Jan 05 22:26:26 2015 -0500
     1.3 @@ -1,6 +1,12 @@
     1.4  package auth
     1.5  
     1.6  import (
     1.7 +	"bytes"
     1.8 +	"io/ioutil"
     1.9 +	"net/http"
    1.10 +	"net/http/httptest"
    1.11 +	"net/url"
    1.12 +	"strings"
    1.13  	"testing"
    1.14  	"time"
    1.15  
    1.16 @@ -31,10 +37,16 @@
    1.17  	if authCode1.State != authCode2.State {
    1.18  		return false, "state", authCode1.State, authCode2.State
    1.19  	}
    1.20 +	if !authCode1.ProfileID.Equal(authCode2.ProfileID) {
    1.21 +		return false, "profile ID", authCode1.ProfileID, authCode2.ProfileID
    1.22 +	}
    1.23 +	if authCode1.Used != authCode2.Used {
    1.24 +		return false, "used", authCode1.Used, authCode2.Used
    1.25 +	}
    1.26  	return true, "", nil, nil
    1.27  }
    1.28  
    1.29 -func TestAuthorizationCodeStoreSuccess(t *testing.T) {
    1.30 +func TestAuthorizationCodeStore(t *testing.T) {
    1.31  	t.Parallel()
    1.32  	authCode := AuthorizationCode{
    1.33  		Code:        "code",
    1.34 @@ -62,6 +74,19 @@
    1.35  		if !match {
    1.36  			t.Errorf("Expected `%v` in the `%s` field of auth code retrieved from %T, got `%v`", expectation, field, store, result)
    1.37  		}
    1.38 +		err = store.useAuthorizationCode(authCode.Code)
    1.39 +		if err != nil {
    1.40 +			t.Errorf("Error retrieving auth code from %T: %s", store, err)
    1.41 +		}
    1.42 +		retrieved, err = store.getAuthorizationCode(authCode.Code)
    1.43 +		if err != nil {
    1.44 +			t.Errorf("Error retrieving auth code from %T: %s", store, err)
    1.45 +		}
    1.46 +		authCode.Used = true
    1.47 +		match, field, expectation, result = compareAuthorizationCodes(authCode, retrieved)
    1.48 +		if !match {
    1.49 +			t.Errorf("Expected `%v` in the `%s` field of auth code retrieved from %T, got `%v`", expectation, field, store, result)
    1.50 +		}
    1.51  		err = store.deleteAuthorizationCode(authCode.Code)
    1.52  		if err != nil {
    1.53  			t.Errorf("Error removing auth code from %T: %s", store, err)
    1.54 @@ -74,5 +99,80 @@
    1.55  		if err != ErrAuthorizationCodeNotFound {
    1.56  			t.Errorf("Expected ErrAuthorizationCodeNotFound from %T, got %+v", store, err)
    1.57  		}
    1.58 +		err = store.useAuthorizationCode(authCode.Code)
    1.59 +		if err != ErrAuthorizationCodeNotFound {
    1.60 +			t.Errorf("Expected ErrAuthorizationCodeNotFound from %T, got %+v", store, err)
    1.61 +		}
    1.62  	}
    1.63  }
    1.64 +
    1.65 +func TestAuthCodeGrantValidate(t *testing.T) {
    1.66 +	t.Parallel()
    1.67 +	store := NewMemstore()
    1.68 +	testContext := Context{
    1.69 +		clients:   store,
    1.70 +		authCodes: store,
    1.71 +		profiles:  store,
    1.72 +		tokens:    store,
    1.73 +		sessions:  store,
    1.74 +	}
    1.75 +	client := Client{
    1.76 +		ID:      uuid.NewID(),
    1.77 +		Secret:  "super secret!",
    1.78 +		OwnerID: uuid.NewID(),
    1.79 +		Name:    "My test client",
    1.80 +		Logo:    "https://secondbit.org/logo.png",
    1.81 +		Website: "https://secondbit.org/",
    1.82 +		Type:    "public",
    1.83 +	}
    1.84 +	uri, err := url.Parse("https://test.secondbit.org/redirect")
    1.85 +	if err != nil {
    1.86 +		t.Fatal("Can't parse URL:", err)
    1.87 +	}
    1.88 +	endpoint := Endpoint{
    1.89 +		ID:       uuid.NewID(),
    1.90 +		ClientID: client.ID,
    1.91 +		URI:      *uri,
    1.92 +		Added:    time.Now(),
    1.93 +	}
    1.94 +	err = testContext.SaveClient(client)
    1.95 +	if err != nil {
    1.96 +		t.Fatal("Can't store client:", err)
    1.97 +	}
    1.98 +	err = testContext.AddEndpoint(client.ID, endpoint)
    1.99 +	if err != nil {
   1.100 +		t.Fatal("Can't store endpoint:", err)
   1.101 +	}
   1.102 +	code := AuthorizationCode{
   1.103 +		Code:        "myauthcode",
   1.104 +		Created:     time.Now(),
   1.105 +		ExpiresIn:   180,
   1.106 +		ClientID:    uuid.NewID(),
   1.107 +		Scope:       "scope",
   1.108 +		RedirectURI: "redirectURI",
   1.109 +		State:       "state",
   1.110 +	}
   1.111 +	err = testContext.SaveAuthorizationCode(code)
   1.112 +	if err != nil {
   1.113 +		t.Fatal("Can't add auth code:", err)
   1.114 +	}
   1.115 +	req, err := http.NewRequest("POST", "https://test.auth.secondbit.org/oauth2/grant", nil)
   1.116 +	if err != nil {
   1.117 +		t.Fatal("Can't build request:", err)
   1.118 +	}
   1.119 +	w := httptest.NewRecorder()
   1.120 +	params := url.Values{}
   1.121 +	body := bytes.NewBufferString(params.Encode())
   1.122 +	req.Body = ioutil.NopCloser(body)
   1.123 +	scope, profileID, valid := authCodeGrantValidate(w, req, testContext)
   1.124 +	if valid {
   1.125 +		t.Fatal("Expected invalid auth code, got scope `%s` and profileID `%s`.", scope, profileID)
   1.126 +	}
   1.127 +	if w.Code != http.StatusBadRequest {
   1.128 +		t.Errorf("Expected status %d, got %d", http.StatusBadRequest, w.Code)
   1.129 +	}
   1.130 +	expectation := `{"error":"invalid_request"}`
   1.131 +	if strings.TrimSpace(w.Body.String()) != expectation {
   1.132 +		t.Errorf("Expected body of `%s`, got `%s`", expectation, strings.TrimSpace(w.Body.String()))
   1.133 +	}
   1.134 +}