auth

Paddy 2015-01-19 Parent:b714af0578dc Child:4f5d13d2f7c7

128:23c1a07c8a61 Browse Files

Add our BUG notices. Rather than keeping the list of things to implement or test on sticky notes attached to my monitor, let's give them BUG designations within the code. Now `godoc . bugs` will list them out for us. Isn't that nice?

client.go client_test.go oauth2.go oauth2_test.go profile.go profile_test.go session.go session_test.go token.go token_test.go 

     1.1 --- a/client.go	Mon Jan 19 06:01:51 2015 -0500
     1.2 +++ b/client.go	Mon Jan 19 06:42:42 2015 -0500
     1.3 @@ -384,6 +384,13 @@
     1.4  
     1.5  func RegisterClientHandlers(r *mux.Router, context Context) {
     1.6  	r.Handle("/clients", wrap(context, CreateClientHandler)).Methods("POST")
     1.7 +	// BUG(paddy): We need to implement a handler to retrieve info on a client.
     1.8 +	// BUG(paddy): We need to implement a handler to list clients.
     1.9 +	// BUG(paddy): We need to implement a handler to update a client.
    1.10 +	// BUG(paddy): We need to implement a handler to delete a client. Also, what should that do with the grants and tokens belonging to that client?
    1.11 +	// BUG(paddy): We need to implement a handler to add an endpoint to a client.
    1.12 +	// BUG(paddy): We need to implement a handler to remove an endpoint from a client.
    1.13 +	// BUG(paddy): We need to implement a handler to list endpoints.
    1.14  }
    1.15  
    1.16  func CreateClientHandler(w http.ResponseWriter, r *http.Request, c Context) {

     2.1 --- a/client_test.go	Mon Jan 19 06:01:51 2015 -0500
     2.2 +++ b/client_test.go	Mon Jan 19 06:42:42 2015 -0500
     2.3 @@ -1013,3 +1013,5 @@
     2.4  		}
     2.5  	}
     2.6  }
     2.7 +
     2.8 +// BUG(paddy): We need to test the clientCredentialsValidate function.

     3.1 --- a/oauth2.go	Mon Jan 19 06:01:51 2015 -0500
     3.2 +++ b/oauth2.go	Mon Jan 19 06:42:42 2015 -0500
     3.3 @@ -198,7 +198,8 @@
     3.4  		}
     3.5  		return
     3.6  	}
     3.7 -	// BUG(paddy): checking if the redirect URI is valid should be a helper function
     3.8 +	// BUG(paddy): Checking if the redirect URI is valid should be a helper function.
     3.9 +
    3.10  	// whether a redirect URI is valid or not depends on the number of endpoints
    3.11  	// the client has registered
    3.12  	numEndpoints, err := context.CountEndpoints(clientID)

     4.1 --- a/oauth2_test.go	Mon Jan 19 06:01:51 2015 -0500
     4.2 +++ b/oauth2_test.go	Mon Jan 19 06:42:42 2015 -0500
     4.3 @@ -324,6 +324,7 @@
     4.4  	if w.Body.String() != "The redirect_uri specified is not valid." {
     4.5  		t.Errorf(`Expected output to be "%s", got "%s" instead.`, "The redirect_uri specified is not valid.", w.Body.String())
     4.6  	}
     4.7 +	// BUG(paddy): Need to test that setting redirect_uri to a non-URL redirect_uri returns the correct error.
     4.8  }
     4.9  
    4.10  func TestGetAuthorizationCodeCodeInvalidResponseType(t *testing.T) {
    4.11 @@ -548,6 +549,8 @@
    4.12  	}
    4.13  }
    4.14  
    4.15 +// BUG(paddy): Need to test for implicit grant flow
    4.16 +
    4.17  func TestCheckCookie(t *testing.T) {
    4.18  	t.Parallel()
    4.19  	req, err := http.NewRequest("GET", "https://auth.secondbit.org", nil)
    4.20 @@ -768,6 +771,7 @@
    4.21  	if err != nil {
    4.22  		t.Error("Error saving client:", err)
    4.23  	}
    4.24 +	// BUG(paddy): We're only testing that GetTokenHandler returns the right values when we have the right input. But what about when we have the wrong input? We should test for invalid client errors and invalid grant errors to make sure they're triggered.
    4.25  	data := url.Values{}
    4.26  	data.Set("grant_type", "authorization_code")
    4.27  	data.Set("code", authCode.Code)
    4.28 @@ -818,4 +822,7 @@
    4.29  	if tokens[0].TokenType != resp.TokenType {
    4.30  		t.Errorf(`Expected token type to be %s, got %s`, tokens[0].TokenType, resp.TokenType)
    4.31  	}
    4.32 +	// BUG(paddy): We need to test for the refresh_token grant type, too.
    4.33 +	// BUG(paddy): We need to test for the password grant type, too.
    4.34 +	// BUG(paddy): We need to test for the client_credentials grant type, too.
    4.35  }

     5.1 --- a/profile.go	Mon Jan 19 06:01:51 2015 -0500
     5.2 +++ b/profile.go	Mon Jan 19 06:42:42 2015 -0500
     5.3 @@ -425,6 +425,12 @@
     5.4  // RegisterProfileHandlers adds handlers to the passed router to handle the profile endpoints, like registration and user retrieval.
     5.5  func RegisterProfileHandlers(r *mux.Router, context Context) {
     5.6  	r.Handle("/profiles", wrap(context, CreateProfileHandler)).Methods("POST")
     5.7 +	// BUG(paddy): We need to implement a handler that will return information about a profile or set of profiles.
     5.8 +	// BUG(paddy): We need to implement a handler that will update a profile.
     5.9 +	// BUG(paddy): We need to implement a handler that will delete a profile. What happens to clients/tokens/grants/sessions when a profile is deleted?
    5.10 +	// BUG(paddy): We need to implement a handler that will add a login to a profile.
    5.11 +	// BUG(paddy): We need to implement a handler that will remove a login from a profile. What happens to sessions created with that login?
    5.12 +	// BUG(paddy): We need to implement a handler that will list the logins attached to a profile.
    5.13  }
    5.14  
    5.15  // CreateProfileHandler is an HTTP handler for registering new profiles.

     6.1 --- a/profile_test.go	Mon Jan 19 06:01:51 2015 -0500
     6.2 +++ b/profile_test.go	Mon Jan 19 06:42:42 2015 -0500
     6.3 @@ -465,3 +465,6 @@
     6.4  		}
     6.5  	}
     6.6  }
     6.7 +
     6.8 +// BUG(paddy): We need to test the validateNewProfileRequest helper.
     6.9 +// BUG(paddy): We need to test the CreateProfileHandler.

     7.1 --- a/session.go	Mon Jan 19 06:01:51 2015 -0500
     7.2 +++ b/session.go	Mon Jan 19 06:42:42 2015 -0500
     7.3 @@ -141,6 +141,8 @@
     7.4  // RegisterSessionHandlers adds handlers to the passed router to handle the session endpoints, like login and logout.
     7.5  func RegisterSessionHandlers(r *mux.Router, context Context) {
     7.6  	r.Handle("/login", wrap(context, CreateSessionHandler))
     7.7 +	// BUG(paddy): We need to implement a handler for listing sessions active on a profile.
     7.8 +	// BUG(paddy): We need to implement a handler for terminating sessions.
     7.9  }
    7.10  
    7.11  func checkCookie(r *http.Request, context Context) (Session, error) {
    7.12 @@ -255,7 +257,7 @@
    7.13  				w.Write([]byte(err.Error()))
    7.14  				return
    7.15  			}
    7.16 -			// BUG(paddy): really need to do a security audit on our cookie
    7.17 +			// BUG(paddy): We really need to do a security audit on our cookie.
    7.18  			cookie := http.Cookie{
    7.19  				Name:     authCookieName,
    7.20  				Value:    session.ID,

     8.1 --- a/session_test.go	Mon Jan 19 06:01:51 2015 -0500
     8.2 +++ b/session_test.go	Mon Jan 19 06:42:42 2015 -0500
     8.3 @@ -95,3 +95,6 @@
     8.4  		}
     8.5  	}
     8.6  }
     8.7 +
     8.8 +// BUG(paddy): We need to test the CreateSessionHandler.
     8.9 +// BUG(paddy): We need to test the credentialsValidate function.

     9.1 --- a/token.go	Mon Jan 19 06:01:51 2015 -0500
     9.2 +++ b/token.go	Mon Jan 19 06:42:42 2015 -0500
     9.3 @@ -187,3 +187,6 @@
     9.4  func refreshTokenAuditString(r *http.Request) string {
     9.5  	return "refresh_token:" + r.PostFormValue("refresh_token")
     9.6  }
     9.7 +
     9.8 +// BUG(paddy): We need to implement a handler for revoking a token.
     9.9 +// BUG(paddy): We need to implement a handler for listing active tokens.

    10.1 --- a/token_test.go	Mon Jan 19 06:01:51 2015 -0500
    10.2 +++ b/token_test.go	Mon Jan 19 06:42:42 2015 -0500
    10.3 @@ -136,3 +136,6 @@
    10.4  		}
    10.5  	}
    10.6  }
    10.7 +
    10.8 +// BUG(paddy): We need to test the refreshTokenValidate function.
    10.9 +// BUG(paddy): We need to test the refreshTokenInvalidate function.